Techno Security's Guide to Managing Risks for IT Managers, Auditors, and Investigators
Syngress Media,U.S. (Verlag)
978-1-59749-138-9 (ISBN)
- Titel ist leider vergriffen;
keine Neuauflage - Artikel merken
“This book contains some of the most up-to-date information available anywhere on a wide variety of topics related to Techno Security. As you read the book, you will notice that the authors took the approach of identifying some of the risks, threats, and vulnerabilities and then discussing the countermeasures to address them. Some of the topics and thoughts discussed here are as new as tomorrow’s headlines, whereas others have been around for decades without being properly addressed. I hope you enjoy this book as much as we have enjoyed working with the various authors and friends during its development. —Donald Withers, CEO and Cofounder of TheTrainingCo.
•Jack Wiles, on Social Engineering offers up a potpourri of tips, tricks, vulnerabilities, and lessons learned from 30-plus years of experience in the worlds of both physical and technical security.
•Russ Rogers on the Basics of Penetration Testing illustrates the standard methodology for penetration testing: information gathering, network enumeration, vulnerability identification, vulnerability exploitation, privilege escalation, expansion of reach, future access, and information compromise.
•Johnny Long on No Tech Hacking shows how to hack without touching a computer using tailgating, lock bumping, shoulder surfing, and dumpster diving.
•Phil Drake on Personal, Workforce, and Family Preparedness covers the basics of creating a plan for you and your family, identifying and obtaining the supplies you will need in an emergency.
•Kevin O’Shea on Seizure of Digital Information discusses collecting hardware and information from the scene.
•Amber Schroader on Cell Phone Forensics writes on new methods and guidelines for digital forensics.
•Dennis O’Brien on RFID: An Introduction, Security Issues, and Concerns discusses how this well-intended technology has been eroded and used for fringe implementations.
•Ron Green on Open Source Intelligence details how a good Open Source Intelligence program can help you create leverage in negotiations, enable smart decisions regarding the selection of goods and services, and help avoid pitfalls and hazards.
•Raymond Blackwood on Wireless Awareness: Increasing the Sophistication of Wireless Users maintains it is the technologist’s responsibility to educate, communicate, and support users despite their lack of interest in understanding how it works.
•Greg Kipper on What is Steganography? provides a solid understanding of the basics of steganography, what it can and can’t do, and arms you with the information you need to set your career path.
•Eric Cole on Insider Threat discusses why the insider threat is worse than the external threat and the effects of insider threats on a company.
Johnny Long is a Christian by grace, a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author. He can be found lurking at his website (http://johnny.ihackstuff.com). He is the founder of Hackers For Charity(http://ihackcharities.org), an organization that provides hackers with job experience while leveraging their skills for charities that need those skills. Jack Wiles is a security professional with over 40 years' experience in security-related fields. This includes computer security, disaster recovery, and physical security. He is a professional speaker, and has trained federal agents, corporate attorneys, and internal auditors on a number of computer crime-related topics. He is a pioneer in presenting on a number of subjects, which are now being labeled "Homeland Security" topics. Well over 10,000 people have attended one or more of his presentations since 1988. Jack is also a co-founder and President of TheTrainingCo., and is in frequent contact with members of many state and local law enforcement agencies as well as Special Agents with the U.S. Secret Service, FBI, IRS-CID, U.S. Customs, Department of Justice, The Department of Defense, and numerous members of High-Tech Crime units. He was also appointed as the first President of the North Carolina InfraGard chapter, which is now one of the largest chapters in the country. He is also a founding member of the U.S. Secret Service South Carolina Electronic Crimes Task Force. Jack is also a Vietnam veteran who served with the 101st Airborne Division in Vietnam in 1967-68, where he was awarded two Bronze stars for his actions in combat. He recently retired from the U.S. Army Reserves as a lieutenant colonel and was assigned directly to the Pentagon for the final seven years of his career. Russ Rogers (CISSP, CISM, IAM, IEM, Hon. Sc.D.), author of the popular "Hacking a Terror Network: The Silent Threat of Covert Channels" (Syngress, ISBN: 978-1-928994-98-5), co-author of multiple books, including the best-selling "Stealing the Network: How to Own a Continent" (Syngress, ISBN: 978-1-931836-05-0) and "Network Security Evaluation Using the NSA IEM" (Syngress, ISBN: 978-1-59749-035-1), and former editor-in-chief of The Security Journal, is currently a penetration tester for a federal agency and the co-founder and chief executive officer of Peak Security, Inc., a veteran-owned small business based in Colorado Springs, CO. Russ has been involved in information technology since 1980 and has spent the past 20 years working as both an IT and InfoSec consultant. Russ has worked with the U.S. Air Force (USAF), National Security Agency (NSA), Defense Information Systems Agency (DISA), and other federal agencies. He is a globally renowned security expert, speaker, and author who has presented at conferences around the world in Amsterdam, Tokyo, Singapore, São Paulo, Abu Dhabi, and cities all over the United States. Russ has an honorary doctorate of science in information technology from the University of Advancing Technology, a master's degree in computer systems management from the University of Maryland, a bachelor of science degree in computer information systems from the University of Maryland, and an associate's degree in applied communications technology from the Community College of the Air Force. He is a member of ISSA and (ISC)2® (CISSP). Russ also teaches at and fills the role of professor of network security for the University of Advancing Technology (www.uat.edu). Phil Drake is Communications Manager for the Charlotte Observer in Charlotte, N. C. The Observer is a daily newspaper that serves readers throughout North and South Carolina. In addition to the newspaper, the Charlotte Observer produces specialty magazines, voice information, and Internet services.Phil is responsible for all aspects of communications at Observer operations in both Carolinas, including telephone and data communications, wireless systems, conventional and trunked two-way radio, and satellite systems. He is also responsible for business continuity and disaster response planning and related budgeting. He is responsible for providing emergency communications facilities for reporters and photographers covering breaking news stories.His background includes photojournalism, mainframe computer support, network management, telecommunications planning and management, and business continuity planning. Phil is a former chairman of the Contingency Planning Association of the Carolinas and currently serves as a Board Advisor of the organization. He is a Certified Business Continuity Professional with the Disaster Recovery Institute International. Phil speaks to public and private sector groups and has been interviewed by and written for a number of national publications on a wide range of emergency communication issues and business/homeland defense planning. He leads business continuity training seminars for both the public and private sectors. He also has provided project management in business continuity and has advised major national clients in emergency planning, workforce protection, threat assessment, and incident response. He enjoys backpacking, spending time in the outdoors, and has taught outdoor living skills to youth group leaders. He was appointed by the North Carolina Secretary of the Department of Environment and Natural Resources as a voting member of the NC Geological Survey Advisory Committee. Ron Green (CISSP, ISSMP), a Senior Vice President within the Information Security Business Continuity division of Bank of America, currently serves as an Information Security Business Continuity Officer supporting the Bank’s Network Computing Group. He formerly managed a bank team dedicated to handling cyber investigations, computer forensics, and electronic discovery. Prior to joining Bank of America, Ron was a Secret Service Agent and part of the agency’s Electronic Crimes Agent Program (ECSAP). In addition to the investigative and protection work all agents perform, ECSAP agents perform cyber investigations and computer forensics for the agency. Ron started with the Secret Service in its Phoenix Field Office, and then transferred to the agency’s headquarters to become part of the Electronic Crimes Branch (ECB). While part of ECB he provided support to the ECSAP agents in the field. He also worked on national and international cyber crimes cases, initiatives, and laws. He was the project manager for Forward Edge and the Best Practice Guides for Seizing Electronic Evidence, version 2.0. Ron graduated from the United States Military Academy at West Point earning a bachelor’s degree in Mechanical Engineering, and he earned a Graduate Certificate from George Washington University on Computer Security and Information Assurance. Ron currently serves as the Treasurer/Secretary for the Financial Services Information Sharing and Analysis Center (FS/ISAC) and as a Board Member for the Institute for Computer Forensic Professionals. Ron currently lives in North Carolina with his wife, Cheryl, and their four children. Gregory Kipper is a futurist and strategic forecaster in emerging technologies. He specialized in IT security and information assurance for 17 years, working for the last 11 years in the fields of digital forensics and the impacts emerging technologies have on crime and crime fighting. Mr. Kipper has been the keynote speaker at select industry events, a digital forensics instructor, and a trusted advisor to both the government and commercial sectors. He has published books in the fields of digital forensics and emerging technologies, including: "Investigator's Guide to Steganography," "Wireless Crime and Forensic Investigation," and "Virtualization and Forensics." Raymond Todd Blackwood is an IT Manager for a private university in Tempe, AZ, with over 12 years of experience in managing technology projects, teams, and systems. He currently oversees the development of technology projects at the university and provides lectures and training on leadership principles for technology geeks. Raymond teaches several courses that focus on thinking and brain performance, as well as managing technology, systems, and change.Raymond started his career in digital film making, which took him from his southern roots to the Southwest, where he did his undergraduate studies and received his BA in Multimedia and Digital Animation and Production. Producing independent digital films led him into technology management as he began to design and implement technology for animation and multimedia applications. A series of events catalyzed by a passion for learning and working in all kinds of technology projects led Raymond to become a Manager of Information Technology in 2000 for the university. Soon thereafter Raymond began his graduate work and received his Masters of Business Administration and Technology Management in 2006. Raymond is the comoderator of the Phoenix Future Salon through the Accelerated Studies Foundation. He also serves on the board of directors for the Greater Arizona eLearning Association and the Arizona Telecommunications and Information Council, and he is the faculty sponsor for DC480, the university’s hacking club.Raymond wrote Chapter 7, “Wireless Awareness: Increasing the Sophistication of Wireless Users. Amber Schroader has been involved in the field of computer forensics for the past sixteen years. During this time, she has developed and taught numerous courses for the computer forensic arena, specializing in the field of wireless forensics as well as mobile technologies. Ms Schroader is the CEO of Paraben Corporation and continues to act as the driving force behind some of the most innovative forensic technologies. As a pioneer in the field, Ms Schroader has been key in developing new technology to help investigators with the extraction of digital evidence from hard drives, e-mail and, hand held and mobile devices. Ms Schroader has extensive experience in dealing with a wide array of forensic investigators ranging from federal, state, local, and corporate. With an aggressive development schedule, Ms Schroader continues to bring new and exciting technology to the computer forensic community world wide and is dedicated to supporting the investigator through new technologies and training services that are being provided through Paraben Corporation. Ms Schroader is involved in many different computer investigation organizations including The Institute of Computer Forensic Professionals (ICFP), HTCIA, CFTT, and FLETC. Dr. Eric Cole is an industry recognized security expert, technology visionary and scientist, with over 15 year’s hands-on experience. Dr. Cole currently performs leading edge security consulting and works in research and development to advance the state of the art in information systems security. Dr. Cole has over a decade of experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Dr. Cole has a Masters in Computer Science from NYIT, and Ph.D. from Pace University with a concentration in Information Security. Dr. Cole is the author of several books to include Hackers Beware, Hiding in Plain Site, Network Security Bible and Insider Threat. He is also the inventor of over 20 patents and is a researcher, writer, and speaker for SANS Institute and faculty for The SANS Technology Institute, a degree granting institution. Dennis F. O'Brien is a private consultant having held senior IT security positions within Bell Laboratories, AT&T, Citigroup and other Fortune 100 financial sector enterprises. Dennis is a well-known technical expert having more than 30 years’ experience in the exploitation of controls, comes to us as a canary to discuss the kinds of “evil things that can be done using well-intended, generally available, tools and services such as RFID. Examining the big picture and then presenting realistic scenarios, such as destabilizing public faith in the financial services industry or corrupting an asset database through input data tampering, are examples of his work.He is known for his annual predictions of possible mal-events may occur in the near future and what the results might be. Kevin O’Shea is a Homeland Security and Intelligence Specialist for the Technical Analysis Group in the Justiceworks program at the University of New Hampshire. Kevin assisted in the development of the NH Strategic Plan to Combat Cyber Crime and currently supports the implementation of the Strategic Plan. Kevin has authored and coauthored a number of high-tech training programs for the law enforcement community and has assisted in the development of a new digital forensics paradigm in use in N.H.Prior to working at the University of New Hampshire, he was a Research Associate for Project Management within the Technical Analysis Group in the Institute for Security Technology Studies at Dartmouth College. He was a member of the research team and substantive author of three critical national reports to document and present the most pressing impediments facing the law-enforcement community when investigating and responding to cyber attacks: Law Enforcement Tools and Technologies for Investigating Cyber Attacks: A National Needs Assessment, Gap Analysis, and the Research and Development Agenda. Donald P. Withers is the CEO and cofounder of TheTrainingCo., which produces the Annual International Techno Security & Techno Forensic Conferences each year. Don has an extensive background in Information Security and was a member of the management team at Ernst & Young’s Information Security Services practice for the mid-Atlantic region. He also served as the Director of Information Security for Bell Atlantic, where he championed the development of a corporate incident response team and implemented their war room facility used for managing investigations, vulnerability testing, and forensic analysis. He also served as a voting member of the American National Standards Institute Committee T1 for nine years developing and representing Bell Atlantic’s positions on computer and network security. He was the Sub-working group Secretary and Technical Editor for the committee that was instrumental in developing several of the first telecommunications standards in North America relating to network security.Don was the cofounder and two-term president of the Maryland Chapter of InfraGard and is a member of the Secret Service’s Electronic Crimes Task Force. He was the cofounder and two-term President of the mid-Atlantic Chapter of the High Technology Crime Investigation Association, and he has served as secretary for its National Board of Directors. He is a member of the American Society for Industrial Security, the Association of Former Intelligence Officers, and the Academy of Security Educators and Trainers, where he earned the academy’s designation of Certified Security Trainer. Don is also a member of the Nine Lives Associates and has earned its designation of Personal Protection Specialist from the Executive Protection Institute. He has attended the Federal Law Enforcement Training Center in Glenco, GA, and has a Bachelor’s degree in Criminal Justice from the University of Maryland.
How much do you know about getting and staying secure in a rapidly changing techno world? Before you answer that, let’s ask a much more important question. “How much don’t you know about staying secure? This book will help re-enforce many of the threats that you already know about, as well as introducing you to at least a few that you probably never even thought of. The experts who share their experiences through its chapters come from many different areas with different security concerns. All of them are senior level managers who have been thru the trenches in reacting to a multitude of security risks, threats, vulnerabilities and countermeasures. Many are considered by their piers to be among the best security minds in the world today. If you take the time to read their chapters, you will learn something that will help you remain secure in a rapidly changing technical world. Some of the topics shared by our experts include: The Physical Side of Technical Security Social Engineering – Here’s How I Broke Into Their Buildings Risk Management – Are you At Risk? – How Do You Know? A Senior Managers Guide For Making Security Work for Thousands of People Effective Employee Awareness Training – The Most Cost Effective Countermeasure Industry and Law Enforcement Working Together – When Should You Call Them? Steganography – A Growing High-tech Threat Intrusion Detection – How Will You Know If They Are Knocking At Your Door? Incident Response – What Are You Going To Do When They Do Come Knocking At Your Door? Computer Forensics – What Are You Going To Do AFTER They’ve Come Thru The Door? Cell Phone Forensics – Now We’re Really Getting High-tech Hackers – Good Guys or bad Guys? Much, much more……..
Erscheint lt. Verlag | 31.5.2007 |
---|---|
Verlagsort | Rockland, MA |
Sprache | englisch |
Maße | 178 x 229 mm |
Gewicht | 690 g |
Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
Informatik ► Theorie / Studium ► Kryptologie | |
Mathematik / Informatik ► Mathematik ► Finanz- / Wirtschaftsmathematik | |
ISBN-10 | 1-59749-138-1 / 1597491381 |
ISBN-13 | 978-1-59749-138-9 / 9781597491389 |
Zustand | Neuware |
Haben Sie eine Frage zum Produkt? |
aus dem Bereich