The Business Case for Network Security

The Business Case for Network Security : Advocacy, Governance, and ROI

3 (1 rating by Goodreads)
By (author)  , By (author) 

List price: US$49.99

Currently unavailable

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks

Description

Understand the total cost of ownership and return on investment for network security solutionsUnderstand what motivates hackers and how to classify threats Learn how to recognize common vulnerabilities and common types of attacks Examine modern day security systems, devices, and mitigation techniques Integrate policies and personnel with security equipment to effectively lessen security risks Analyze the greater implications of security breaches facing corporations and executives today Understand the governance aspects of network security to help implement a climate of change throughout your organization Learn how to qualify your organizationa??s aversion to risk Quantify the hard costs of attacks versus the cost of security technology investment to determine ROI Learn the essential elements of security policy development and how to continually assess security needs and vulnerabilitiesThe Business Case for Network Security: Advocacy, Governance, and ROI addresses the needs of networking professionals and business executives who seek to assess their organizationa??s risks and objectively quantify both costs and cost savings related to network security technology investments. This book covers the latest topics in network attacks and security. It includes a detailed security-minded examination of return on investment (ROI) and associated financial methodologies that yield both objective and subjective data. The book also introduces and explores the concept of return on prevention (ROP) and discusses the greater implications currently facing corporations, including governance and the fundamental importance of security, for senior executives and the board. Making technical issues accessible, this book presents an overview of security technologies that uses a holistic and objective model to quantify issues such as ROI, total cost of ownership (TCO), and risk tolerance. This book explores capital expenditures and fixed and variable costs, such as maintenance and upgrades, to determine a realistic TCO figure, which in turn is used as the foundation in calculating ROI. The importance of security policies addressing such issues as Internet usage, remote-access usage, and incident reporting is also discussed, acknowledging that the most comprehensive security equipment will not protect an organization if it is poorly configured, implemented, or used. Quick reference sheets and worksheets, included in the appendixes, provide technology reviews and allow financial modeling exercises to be performed easily. An essential IT security-investing tool written from a business management perspective, The Business Case for Network Security: Advocacy, Governance, and ROI helps you determine the effective ROP for your business. This volume is in the Network Business Series offered by Cisco Pressi??. Books in this series provide IT executives, decision makers, and networking professionals with pertinent information about todaya??s most important technologies and business strategies.show more

Product details

  • Paperback | 408 pages
  • 176 x 224 x 26mm | 639.58g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587201216
  • 9781587201219

About Warren Saxe

Catherine Paquet is a freelancer in the field of internetworking and return on security investment. Catherine has in-depth knowledge of security systems, remote access, and routing technology. She is a Cisco Certified Security Professional (CCSP(TM)) and a Cisco Certified Network Professional (CCNP(R)). Her internetworking career started as a LAN manager; she then moved to MAN manager and eventually became the nationwide WAN manager. Catherine was also a certified Cisco Systems instructor with the largest Cisco(R) training partner, serving as the course director/ master instructor for security and remote access courses. Most recently she held the position of director of technical resources for Canada, where she was responsible for instructor corps and equipment offerings, including Cisco courses. In 2002 and 2003, Catherine volunteered with the UN mission in Kabul, Afghanistan, to train Afghan public servants in the area of networking. Catherine has an MBA with a major in management information systems (MIS). Catherine coauthored the Cisco Press books Building Scalable Cisco Networks, CCNP Self-Study: Building Scalable Cisco Internetworks (BSCI), and CCNP Self-Study: Building Scalable Cisco Internetworks (BSCI), Second Edition, and she edited Building Cisco Remote Access Networks. Warren Saxe has an extensive background in profit and loss (P&L) management as general manager for a Fortune 1000 semiconductor distributor. As a top- and bottom-line-focused senior manager, he brings a unique perspective to this business decision maker-oriented book. He applies an overriding business strategy to drive IT decisions by utilizing a value-driven approach. He has extensive background in sales management, marketing management, and demand creation fundamentals. He directed a large multidisciplinary team composed of managers, engineers, sales, and marketing professionals. He was responsible for strategic and tactical planning, and he negotiated directly with CxO-level executives, both internally and with customers across many industries. He is currently focusing in the areas of security governance, risk management, and return on security investment planning. He earned his degree at McGill University.show more

Back cover copy

Understand the total cost of ownership and return on investment for network security solutions Understand what motivates hackers and how to classify threats Learn how to recognize common vulnerabilities and common types of attacks Examine modern day security systems, devices, and mitigation techniques Integrate policies and personnel with security equipment to effectively lessen security risks Analyze the greater implications of security breaches facing corporations and executives today Understand the governance aspects of network security to help implement a climate of change throughout your organization Learn how to qualify your organization's aversion to risk Quantify the hard costs of attacks versus the cost of security technology investment to determine ROI Learn the essential elements of security policy development and how to continually assess security needs and vulnerabilities "The Business Case for Network Security: Advocacy, Governance, and ROI" addresses the needs of networking professionals and business executives who seek to assess their organization's risks and objectively quantify both costs and cost savings related to network security technology investments. This book covers the latest topics in network attacks and security. It includes a detailed security-minded examination of return on investment (ROI) and associated financial methodologies that yield both objective and subjective data. The book also introduces and explores the concept of return on prevention (ROP) and discusses the greater implications currently facing corporations, including governance and the fundamental importance of security, for senior executives and the board. Making technical issues accessible, this book presents an overview of security technologies that uses a holistic and objective model to quantify issues such as ROI, total cost of ownership (TCO), and risk tolerance. This book explores capital expenditures and fixed and variable costs, such as maintenance and upgrades, to determine a realistic TCO figure, which in turn is used as the foundation in calculating ROI. The importance of security policies addressing such issues as Internet usage, remote-access usage, and incident reporting is also discussed, acknowledging that the most comprehensive security equipment will not protect an organization if it is poorly configured, implemented, or used. Quick reference sheets and worksheets, included in the appendixes, provide technology reviews and allow financial modeling exercises to be performed easily. An essential IT security-investing tool written from a business management perspective, "The Business Case for Network Security: Advocacy, Governance, and ROI "helps you determine the effective ROP for your business. This volume is in the Network Business Series offered by Cisco Press(R). Books in this series provide IT executives, decision makers, and networking professionals with pertinent information about today's most important technologies and business strategies.show more

Table of contents

Introduction.I. VULNERABILITIES AND TECHNOLOGIES.1. Hackers and Threats.    Contending with Vulnerability      Realizing Value in Security Audits    Analyzing Hacking      Assessing Vulnerability and Response      Hackers: Motivation and Characteristics      The Enemy Within: Maliciousness and Sloppiness    Threats Classification    The Future of Hacking and Security    Summary    End Notes2. Crucial Need for Security: Vulnerabilities and Attacks.    Recognizing Vulnerabilities      Design Vulnerabilities Issues      Human Vulnerability Issues      Implementation Vulnerability Issues    Categories of Attacks      The Human Component in Attacks      Reconnaissance Attacks      Access Attacks      Denial of Service Attacks    Additional Common Attacks      Footprinting      Scanning and System Detailing      Eavesdropping      Password Attacks      Impersonating      Trust Exploitation      Software and Protocol Exploitation      Worms      Viruses      Trojan Horses      Attack Trends    Wireless Intrusions      Wireless Eavesdropping      Man-in-the-Middle Wireless Attacks      Walk-By Hacking      Drive-By Spamming      Wireless Denial of Service      Frequency Jamming      The Hapless Road Warrior    Social Engineering      Examples of Social Engineering Tactics    Summary of Attacks    Cisco SAFE Axioms      Routers Are Targets      Switches Are Targets      Hosts Are Targets      Networks Are Targets      Applications Are Targets    Summary3. Security Technology and Related Equipment.    Virus Protection    Traffic Filtering      Basic Filtering      Advanced Filtering      Filtering Summary    Encryption      Encrypted VPN      SSL Encryption      File Encryption    Authentication, Authorization, and Accounting: AAA      Authentication      Authorization      Accounting    Public Key Infrastructure    From Detection to Prevention: Intrusion-Detection Systems and Intrusion-Prevention Systems      IDS Overview      Network- and Host-Based IDS      IPS Overview      Target-Based IDS    Content Filtering      URL Filtering      E-Mail Content Filtering    Assessment and Audit      Assessment Tools      Audit Tools    Additional Mitigation Methods      Self-Defending Networks      Stopping a Worm with Network-Based Application Recognition      Automated Patch Management      Notebook Privacy Filter    Summary    End Notes4. Putting It All Together: Threats and Security Equipment.    Threats, Targets, and Trends    Lowering Risk Exposure    Security Topologies      SAFE Blueprints      SAFE Architecture      Using SAFE    SummaryII. HUMAN AND FINANCIAL ISSUES.5. Policy, Personnel, and Equipment as Security Enablers.    Securing the Organization: Equipment and Access      Job Categories      Departing Employees      Password Sanctity      Access    Managing the Availability and Integrity of Operations    Implementing New Software and Privacy Concerns      Custom and Vendor-Supplied Software      Sending Data: Privacy and Encryption Considerations    Regulating Interactivity Through Information and Equipment Control      Determining Levels of Confidentiality      Inventory Control: Logging and Tagging    Mobilizing the Human Element: Creating a Secure Culture      Employee Involvement      Management Involvement: Steering Committee    Creating Guidelines Through the Establishment of Procedural Requirements      Policy Fundamentals      Determining Ownership    Determining Rules and Defining Compliance      Corporate Compliance      User Compliance    Securing the Future: Business Continuity Planning    Ensuring a Successful Security Policy Approach      Security Is a Learned Behavior      Inviting the Unknown      Avoiding a Fall into the Safety Trap      Accounting for the Unaccountable      Workflow Considerations      Striving to Make Security Policies More Efficient    Surveying IT Management      The Need for Determining a Consensus on Risk      Infosec Management Survey      Infosec Management Quotient    Summary6. A Matter of Governance: Taking Security to the Board.    Security-A Governance Issue    Directing Security Initiatives      Steering Committee      Leading the Way    Establishing a Secure Culture      Securing the Physical Business      Securing Business Relationships      Securing the Homeland    Involving the Board      Examining the Need for Executive Involvement      Elements Requiring Executive Participation    Summary    End Notes7. Creating Demand for the Security Proposal: IT Management's Role.    Delivering the Security Message to Executive Management    Recognizing the Goals of the Corporation      Knowing How the Organization Can Use ROP      Understanding the Organization's Mandate and Directives      Acknowledging the Organization's Imperatives and Required Deliverables      Establishing an Appropriate Security Posture    Outlining Methods IT Managers Can Use to Engage the Organization      Lobbying Support    Assessing Senior Business Management Security Requirements      Every Question Counts: Delivering the Survey to Respondents      Infosec Operational Survey      Infosec Operational Quotient    Summary8. Risk Aversion and Security Topologies.    Risk Aversion      The Notion of Risk Aversion      Determining Risk Tolerance      What Assets to Protect      Short-Term and Long-Term Risks    Risk-Aversion Quotient      Calculating the Risk-Aversion Quotient      Risk-Aversion Quotient and Risk Tolerance      Using the Charts    Security Modeling      Topology Standards      One Size Rarely Fits All      Security Throughout the Network    Diminishing Returns    Summary9. Return on Prevention: Investing in Capital Assets.    Examining Cost of Attacks      Determining a Baseline      Providing Alternatives    Budgeting for Security Equipment      Total Cost of Ownership      Present Value    Analyzing Returns on Security Capital Investments      Net Present Value      Internal Rate of Return      Return on Investment      Payback Period      The Bottom Line    Acknowledging Nonmathematical Security Fundamentals    Summary    End NotesIII. POLICIES AND FUTURE.10. Essential Elements of Security Policy Development.    Determining Required Policies    Constructing Reliable and Sound Policies      Reliability      Access      Constancy      Answerability    Using Policy Tools and Policy Implementation Considerations      Useful Policy Tools      Policy Implementation    Performing Comprehensive Monitoring    Knowing Policy Types      Physical Security Policies      Access-Control Policies      Dialup and Analog Policies      Remote-Access Policies      Remote Configuration Policies      VPN and Encryption Policies      Network Policies      Data Sensitivity, Retention, and Ethics Policies      Software Policies      Summary of Policy Types    Handling Incidents    Summary11. Security Is a Living Process.    Security Wheel      Secure      Monitor      Test      Improve    Scalability    Jurisprudence      Hacking      Internal Issues      Negligence      Privacy      Integrity      Good Netizen Conduct    SWOT: Strengths, Weaknesses, Opportunities, and Threats      Strengths      Weaknesses      Opportunities      Threats    Summary    End NoteIV. APPENDIXES.Appendix A. References.Appendix B. OSI Model, Internet Protocol, and Packets.Appendix C. Quick Guides to Security Technologies.Appendix D. Return on Prevention Calculations Reference Sheets.Glossary.Index.show more

Rating details

1 ratings
3 out of 5 stars
5 0% (0)
4 0% (0)
3 100% (1)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X