Today′s e–business depends on the security of its networks and information technology infrastructure to safeguard its customers and its profits. But with rapid innovation and the emergence of new threats and new countermeasures, keeping up with security is becoming more complex than ever. Securing E–Business Systems offers a new model for developing a proactive program of security administration that works as a continuous process of identifying weaknesses and implementing solutions. This book offers a real, working design for managing an IT security program with the attention it truly warrants, treating security as a constant function that adapts to meet a company′s changing security needs.
∗ Security weaknesses
∗ Safeguarding technologies
∗ Countermeasure best practices
∗ Establishing an adaptable e–business security management program
∗ Essential elements of a corporate security management program
∗ Functions, structure, staffing, and contracting considerations in security management
∗ Implementing intrusion detection technology
∗ Designing tomorrow′s e–business application for secured operations
∗ Contemporary rationales for justifying increased spending on security programs
∗ Emerging liability issues for e–businesses
Chapter 1 Electronic Business Systems Security.
How Is E–Business Security Defined?
Can E–Business Security Be Explained More Simply?
Is E–Business Security Really Such a Big Deal?
Is E–Business Security More Important Than Other Information Technology Initiatives?
How Does an Organization Get Started?
Instead of Playing "Catch–Up," What Should an Organization Be Doing to Design E–Business Systems That Are Secure in the First Place?
Chapter 2 E–Business Systems and Infrastructure Support Issues.
A Short History of E–Business Innovations.
The Need for Secure E–Business Systems.
Software: The Vulnerable Underbelly of Computing.
The Interoperability Challenge and E–Business Success.
E–Business Security: An Exercise in Trade–Offs.
Few Systems Are Designed to Be Secure.
Chapter 3 Security Weaknesses in E–Business Infrastructure and "Best Practices" Security.
Fundamental Technical Security Threats.
The Guiding Principles of Protection.
"Best Practice" Prevention, Detection, and Countermeasures and Recovery Techniques.
x Chapter 4 Managing E–Business Systems and Security.
Part One: Misconceptions and Questionable Assumptions.
Part Two: Managing E–Business Systems as a Corporate Asset.
Part Three: E–Business Security Program Management.
Chapter 5 A "Just–in–Time" Strategy for Securing the E–Business System: The Role for Security Monitoring and Incident Response.
The Current State of E–Business Security.
Standard Requirements of an E–Business Security Strategy.
A New Security Strategy.
The Crucial Role of Security Monitoring and Incident Response to the Securing of E–Business Systems.
The Current State of Intrusion Detection Systems (IDS).
Defining a Cost–Effective Security Monitoring and Incident Response Capability.
Alternatives to Building "Your Own" Security Monitoring and Incident Response Capability.
Chapter 6 Designing and Delivering Secured E–Business Application Systems.
Past Development Realities.
Contemporary Development Realities.
Developing Secured E–Business Systems.
Using the SDR Framework.
Choosing a Systems Development Methodology That Is Compatible with the SDR Framework.
Participants in the Identification of Security and Integrity Controls.
Importance of Automated Tools.
A Cautionary Word About New Technologies.
Summary and Conclusions.
Chapter 7 Justifying E–Business Security and the Security Management Program.
The "Quantifiable" Argument.
Emerging "Nonquantifiable" Arguments.
Benefits Justifications Must Cover Security Program Administration.
Chapter 8 Computers, Software, Security, and Issues of Liability.
Evolving Theories of Responsibility.
How Might a Liability Case Unfold?
Questions to Be Asked to Ensure That Reasonable Care Has Been Taken in Developing a Secure E–Business System.
Chapter 9 The National Critical Infrastructure Protection (CIP) Initiative.
The Problem of Dependency.
Critical Infrastructure Protection (CIP) Purpose, Directives, Organizations, and Relationships.
Frequently Asked Questions About the IT–ISAC.
Critical Information Infrastructure Protection Issues that Need Resolution.
Appendix A: Y2K Lessons Learned and Their Importance for E–Business Security.
Appendix B: Systems Development Review Framework for E–Business Development Projects.
Appendix C: A Corporate Plan of Action for Securing E–Business Systems (Sample).
Appendix D: E–Business Risk Management Review Model Instructions for Use.
Appendix E: Resources Guide.