|...part of the openlysecure.org network|
|Site Navigation / Table of Contents|
The introduction section of the site is a good place to start if you want to learn more about the book. It also contains the following useful information:
Information security is a business issue that needs to be managed effectively. Good security management can provide consistent protection from compromised data and downtime. Although complete security is impossible to achieve, too little security can cost a company dearly. The appropriate amount of security is unique to every organization. The following chapters explore some of the methods and tools used to manage security.
Some businesses find it easier and more cost effective to outsource security needs. In the physical security realm, this means hiring a security agency. In the world of network security,companies provide the digital equivalent. This part looks at the types of security needs that can be outsourced, and the issues involved.
How do you secure something that you’ve already given to someone else? How do you prevent digital information from being duplicated? How do you know when something has been duplicated illegally? Maintaining control of digital rights has become one of the most controversial and complicated aspects of security. A rapidly growing industry is addressing many of these core issues. This part will explore the various problems facing digital rights control.
It’s not enough to have a secure connection between two machines. You also need to be sure that the person or computer you’re connected to is who it claims to be. This part discusses the pros and cons of the many available identification systems as well as ideal technology combinations.
The dark side of authorization and identification is that it relies on information; the more the better. This information can be used to violate the privacy of those you’re trying to protect. Furthermore, hackers can more easily compromise your network via social engineering if they have access to personal or private information. Because of this, keeping personal information private is a major need for many organizations.
The tools used to build and connect networks are not always secure. Some are notoriously insecure (wireless). This chapter discusses issues and solutions for securing the basic components used to build and connect networks.
It’s not always possible to secure everything. Often many segments of a network connection will be out of your control, especially if you connect to the Internet in any manner (and who doesn’t nowadays?). Nonetheless, a number of technologies are available to secure the portions of a network that you do control. This part of the book discusses technologies available to harden your network against attacks.
Once information worth protecting is created or obtained, it needs to be stored somewhere. Different types of storage systems come with different security risks. The following chapters cover the various technologies available for securely storing information.
A handful of techniques for keeping critical information away from wandering eyes are available, such as cryptography and steganography. Not only can these methods aid in privacy (if used correctly), but they also continue to protect information even if the data has been intercepted or stolen.
We can hide and store information, but how do we actually use it? This chapter talks about tools for remotely connecting to and/or managing information sources and services in a secure manner. Secure storage is great, but what happens when you need to access that data, or move it from one machine to another? How do you do this securely?
For many organizations, a loss of service is just as devastating as a loss of information. The odds of service interruption or information loss decrease significantly if no single points of failure exist. Some interesting and powerful technologies exist that can keep mission-critical services available even in the face of a catastrophic disaster.
No matter how good your defenses, eventually a hacker will break through. How will you know when this happens? How will you catch the villain red-handed? Intrusion detection technologies can help spot hackers during and after the fact. Some of the tools can even identify places a hacker might attack before anything bad happens.
|The content and maintenance of this site is provided by SageSecure LLC. We help professional service firms find lost revenues that result from security breaches and everyday failures in technology.||The characters and illustrations found on this site are copyright ©2002-2003 XPLANE Corp. XPLANE creates XPLANATiONS¨, which are simple visual maps and stories that make complex business issues easier to understand. For more information visit XPLANE at www.xplane.com or call 1/800/750-6467.|