Showing 1–12 of 51 results
Past events have shed light on the vulnerability of mission-critical computer systems at highly sensitive levels. It has been demonstrated that common hackers can use tools and techniques downloaded from the Internet to attack government and commercial information systems. Although threats may come from mischief makers and pranksters, they are more likely to result from hackers working in concert for profit, hackers working under the protection of nation states, or malicious insiders.
Securing an IT Organization through Governance, Risk Management, and Audit introduces two internationally recognized bodies of knowledge: Control Objectives for Information and Related Technology (COBIT 5) from a cybersecurity perspective and the NIST Framework for Improving Critical Infrastructure Cybersecurity (CSF). Emphasizing the processes directly related to governance, risk management, and audit, the book provides details of a cybersecurity framework (CSF), mapping each of the CSF steps and activities to the methods defined in COBIT 5. This method leverages operational risk understanding in a business context, allowing the information and communications technology (ICT) organization to convert high-level enterprise goals into manageable, specific goals rather than unintegrated checklist models.
The real value of this methodology is to reduce the knowledge fog that frequently engulfs senior business management, and results in the false conclusion that overseeing security controls for information systems is not a leadership role or responsibility but a technical management task. By carefully reading, implementing, and practicing the techniques and methodologies outlined in this book, you can successfully implement a plan that increases security and lowers risk for you and your organization.
Introduces COBIT 5 methods from a cybersecurity perspective
Provides details of the cybersecurity framework (CSF) with emphasis on the processes directly related to governance, risk management, and audit
Maps each of the CSF steps and activities to the methods defined in COBIT 5 which results in an extension of the CSF objectives with practical and measurable activities
Leverages operational risk understanding in a business context, allowing readers to be proactive and competitive
Conveys value to the ICT organization’s stakeholders, converting high-level enterprise goals into manageable, specific goals rather than unintegrated checklist models
Most books on public key infrastructure (PKI) seem to focus on asymmetric cryptography, X.509 certificates, certificate authority (CA) hierarchies, or certificate policy (CP), and certificate practice statements. While algorithms, certificates, and theoretical policy are all excellent discussions, the real-world issues for operating a commercial or private CA can be overwhelming.
Security without Obscurity: A Guide to PKI Operations provides a no-nonsense approach and realistic guide to operating a PKI system. In addition to discussions on PKI best practices, the book supplies warnings against bad PKI practices. Scattered throughout the book are anonymous case studies identifying both good and bad practices.
The highlighted bad practices, based on real-world scenarios from the authors’ experiences, illustrate how bad things are often done with good intentions but cause bigger problems than the original one being solved.
This book offers readers the opportunity to benefit from the authors’ more than 50 years of combined experience in developing PKI-related policies, standards, practices, procedures, and audits, as well as designing and operating various commercial and private PKI systems.
Provides a no-nonsense approach and realistic guide for operating a PKI system
Includes discussions on PKI best practices and contains warnings against PKI bad practices
Presents multiple anonymous case studies that illustrate what not to do when handling particular problems
The EU’s General Data Protection Regulation created the position of corporate Data Protection Officer (DPO), who is empowered to ensure the organization is compliant with all aspects of the new data protection regime. Organizations must now appoint and designate a DPO. The specific definitions and building blocks of the data protection regime are enhanced by the new General Data Protection Regulation and therefore the DPO will be very active in passing the message and requirements of the new data protection regime throughout the organization. This book explains the roles and responsiblies of the DPO, as well as highlights the potential cost of getting data protection wrong.
Explains the General Data Protection Regulation
Explains the roles and responsiblies of the DPO position required by the General Data Protection Regulation
Highlights the potential cost of getting data protection wrong
Enable employees to be productive and access data from any location or device Protect both corporate assets and employee privacy, so your people can be fully productive from any device, anywhere. Learn how to use Microsoft Intune to manage applications to satisfy your unique requirements, make the most of Mobile Device Management (MDM) for Office 365, and defend on-premises resources with Microsoft Advanced Threat Analytics (ATA). Plan, deploy, and deliver complete enterprise mobility while improving security * Choose the right Microsoft enterprise mobility solution for your organization* Protect apps and data with Microsoft Intune Mobile Application Management (MAM)* Identify suspicious user or device activity in hybrid cloud/on-premises environments* Prepare for and successfully implement Microsoft ATA* Flexibly manage diverse mobile devices with MDM for Office 365* Configure access, define policies, enroll mobile devices, and manage compliance
About the Author
YURI DIOGENES is a Senior Content Developer on the CSI Enterprise Mobility Team, focusing on BYOD and Azure Security Center. Previously, Yuri has worked as a writer for the Windows Security Team and as a Support Escalation Engineer for the CSS Forefront Team, also at Microsoft. He has a Master of Science degree in Cybersecurity Intelligence and Forensics from UTICA College and an MBA from FGF in Brazil, and he holds several industry certifications. He is co-author of Enterprise Mobility Suite: Managing BYOD and Company-Owned Devices (Microsoft Press, 2015), Microsoft Forefront Threat Management Gateway (TMG) Administrator’s Companion (Microsoft Press, 2010), and three other Forefront titles from Microsoft Press. JEFF GILBERT is a Senior Content Publishing Manager on the Enterprise Mobility Team at Microsoft. He manages the documentation teams supporting Microsoft System Center Configuration Manager and Microsoft Intune. Prior to returning to management, he was responsible for authoring cross-product solutions to IT business problems involving enterprise client-management technologies, including Microsoft System Center Configuration Manager, Microsoft Intune, and MDOP. Previously, Jeff was the content publishing manager for MDOP and a senior technical writing lead for the Configuration Manager 2007 documentation team. Before joining Microsoft, Jeff was an SMS administrator with the US Army. Jeff is a regular speaker on enterprise client management and MDOP technologies at conferences including the Microsoft Management Summit (MMS), TechEd, ITDev Connections, and the Minnesota Management Summit (MMS). ROBERT MAZZOLI is a Senior Content Developer with Microsoft on the Enterprise Mobility team, working on developing enterprise mobility solutions using the Microsoft Enterprise Mobility Suite and MDM for Office 365. Robert joined the Enterprise Mobility team in 2014 and has been a speaker on enterprise mobility solutions and mobile device management at several conferences, including Ignite 2015 and the 2015 Microsoft MVP Summit. Previously, Robert was a Senior Content Developer for Microsoft Exchange Server and Exchange Online in Office 365, specializing in Exchange hybrid deployments and managing the Exchange Server Deployment Assistant. Before joining Microsoft, Robert owned an information technology consulting business and served as an officer in the United States Navy.
Security and Auditing of Smart Devices: Managing Proliferation of Confidential Data on Corporate and BYOD Devices
Most organizations have been caught off-guard with the proliferation of smart devices. The IT organization was comfortable supporting the Blackberry due to its ease of implementation and maintenance. But the use of Android and iOS smart devices have created a maintenance nightmare not only for the IT organization but for the IT auditors as well. This book will serve as a guide to IT and Audit professionals on how to manage, secure and audit smart device. It provides guidance on the handling of corporate devices and the Bring Your Own Devices (BYOD) smart devices.
About the Author
Sajay Rai has more than 30 years of experience in information technology, specializing in information technology processes, IT architecture, security, business continuity, disaster recovery, privacy, IT audit and information risk. Mr. Rai is the Founder and CEO of Securely Yours LLC, which is focused on delivering innovative solutions through delivery channels like Software-as-a-Service, Managed Services and traditional IT consulting. Prior to starting Securely Yours LLC, Mr. Rai was a Partner with Ernst & Young LLP for 10 years and was responsible for the information advisory practice in the Detroit Metro area. He also served as the national leader of EY’s Information Security and Business Continuity practices. Mr. Rai’s clients included General Motors, Blue Cross Blue Shield of Michigan, Yazaki North America, Tecumseh and Federal Mogul. He also served as a member of his firm’s Partners Advisory Council. Mr. Rai also worked with IBM for 13 years, most recently serving as an executive of the national Business Continuity and Contingency consulting practice. He was instrumental in starting the company’s Information Security consulting practice and managing its information technology consulting practice in Latin America. Mr. Rai co-authored Defending the Digital Frontier: A Security Agenda, which guides business and IT executives on how to develop an effective and efficient information security program within their enterprise. He also co-authored Institute of Internal Auditors’ publications of “Sawyer’s Internal Audit Handbook 6th Edition” and the publication of IIA’s Global Technology Audit Guide (GTAG) No. 9 on the topic of Identity and Access Management. Mr. Rai is a member of IIA’s Professional Issues Committee (PIC). He also serves on the board of ISACA Detroit Chapter, IIA’s Detroit Chapter, Society of Information Management (SIM) Detroit Chapter and as a member of Walsh College’s Accounting Advisory and Technology Committees. Mr. Rai is a regular speaker at industry conferences on information security, business continuity, disaster recovery, technology strategy and is frequently quoted in magazines and newspapers. He has also served as expert witness in litigation cases in the area of information technology and information security. He holds a Master’s degree in Information Management from Washington University of St. Louis, and a Bachelors degree in Computer Science from Fontbonne College of St. Louis.
See your app through a hacker’s eyes to find the real sources of vulnerability The Mobile Application Hacker’s Handbook is a comprehensive guide to securing all mobile applications by approaching the issue from a hacker’s point of view. Heavily practical, this book provides expert guidance toward discovering and exploiting flaws in mobile applications on the iOS, Android, Blackberry, and Windows Phone platforms. You will learn a proven methodology for approaching mobile application assessments, and the techniques used to prevent, disrupt, and remediate the various types of attacks. Coverage includes data storage, cryptography, transport layers, data leakage, injection attacks, runtime manipulation, security controls, and cross-platform apps, with vulnerabilities highlighted and detailed information on the methods hackers use to get around standard security. Mobile applications are widely used in the consumer and enterprise markets to process and/or store sensitive data. There is currently little published on the topic of mobile security, but with over a million apps in the Apple App Store alone, the attack surface is significant. This book helps you secure mobile apps by demonstrating the ways in which hackers exploit weak points and flaws to gain access to data. * Understand the ways data can be stored, and how cryptography is defeated * Set up an environment for identifying insecurities and the data leakages that arise * Develop extensions to bypass security controls and perform injection attacks * Learn the different attacks that apply specifically to cross-platform apps IT security breaches have made big headlines, with millions of consumers vulnerable as major corporations come under attack. Learning the tricks of the hacker’s trade allows security professionals to lock the app up tight. For better mobile security and less vulnerable data, The Mobile Application Hacker’s Handbook is a practical, comprehensive guide.
About the Author
DOMINIC CHELL is a director of MDSec and a recognized expert in mobile security, providing training to leading global organizations.
TYRONE ERASMUS is an expert on Android security and heads Mobile Practice at MWR InfoSecurity SA.
SHAUN COLLEY is a security consultant and researcher at IOActive specializing in mobile security and reverse engineering.
OLLIE WHITEHOUSE is Technical Director with NCC Group who has previously worked for BlackBerry and Symantec specialising in mobile security.
The convergence of knowledge, technology, and human performance which comprises today’s enterprise allows creative business process design. Thus, an organization can create new and innovative ways to service customers or to do business with suppliers and make itself a leader in its field. This capability relies on a successful strategy that integrates the enterprise. Enterprise Systems Integration, Second Edition continues to provide you with the business insight and the technical know-how that ensures successful systems integration.The book combines the perspectives, knowledge, and experience of more than 70 experts in the various areas that involve enterprise integration. Their expertise ranges from hands-on experience with technology and project management to the higher-level issues of business and management strategy. Each chapter examines an issue or technology relevant to today’s enterprise. Collectively, these chapters span the range of enterprise computing and systems integration. Once armed with the strategy and technologies, you must successfully deploy ERP systems within budget and on time. In addition, you must be able to integrate them into the rest of the enterprise. Still, ERP software does not make up the full picture of today’s enterprise. Legacy systems, e-commerce and other Web-based systems, client/server applications, networks and communications systems, data warehousing, and integrated databases enter into the mix. Enterprise Systems Integration, Second Edition paints a comprehensive picture of the technologies that comprise today’s enterprise and shows you how to make them work together.
Fraud Analytics Using Descriptive, Predictive, and Social Network Techniques: A Guide to Data Science for Fraud Detection (Wiley and SAS Business Series) 1st Edition
Detect fraud earlier to mitigate loss and prevent cascading damage Fraud Analytics Using Descriptive, Predictive, and Social Network Techniques is an authoritative guidebook for setting up a comprehensive fraud detection analytics solution. Early detection is a key factor in mitigating fraud damage, but it involves more specialized techniques than detecting fraud at the more advanced stages. This invaluable guide details both the theory and technical aspects of these techniques, and provides expert insight into streamlining implementation. Coverage includes data gathering, preprocessing, model building, and post-implementation, with comprehensive guidance on various learning techniques and the data types utilized by each. These techniques are effective for fraud detection across industry boundaries, including applications in insurance fraud, credit card fraud, anti-money laundering, healthcare fraud, telecommunications fraud, click fraud, tax evasion, and more, giving you a highly practical framework for fraud prevention. It is estimated that a typical organization loses about 5% of its revenue to fraud every year. More effective fraud detection is possible, and this book describes the various analytical techniques your organization must implement to put a stop to the revenue leak. * Examine fraud patterns in historical data * Utilize labeled, unlabeled, and networked data * Detect fraud before the damage cascades * Reduce losses, increase recovery, and tighten security The longer fraud is allowed to go on, the more harm it causes. It expands exponentially, sending ripples of damage throughout the organization, and becomes more and more complex to track, stop, and reverse. Fraud prevention relies on early and effective fraud detection, enabled by the techniques discussed here. Fraud Analytics Using Descriptive, Predictive, and Social Network Techniques helps you stop fraud in its tracks, and eliminate the opportunities for future occurrence.
About the Author
BART BAESENS is a full professor at KU Leuven, and a lecturer at the University of Southampton. He has done extensive research on analytics, customer relationship management, web analytics, fraud detection, and credit risk management. He regularly advises and provides consulting support to international firms with respect to their analytics and credit risk management strategy. VERONIQUE VAN VLASSELAER is a PhD researcher in the Department of Decision Sciences and Information Management at KU Leuven. Her research focuses on the development of new techniques for fraud detection by combining predictive and network analytics. WOUTER VERBEKE is an assistant professor at Vrije Universiteit Brussel (Brussels, Belgium). His research is situated in the field of predictive analytics and complex network analysis with applications in fraud, marketing, credit risk, human resources management, and mobility.