Asset Protection through Security Awareness
Features
- Validates the need to enlist employees as the front line defense for protecting enterprise assets
- Delivers a practical approach to implementing security awareness within your enterprise
- Presents essential tools of diplomacy to help managers win support from subordinates
- Outlines managers' and employees' roles in Information Security
- Covers specific security awareness topics, including PCI compliance, password management, and social engineering
- Supplies detailed instruction and helpful tools for building an effective and efficient security awareness team
Summary
Supplying a high-level overview of how to protect your company’s physical and intangible assets, Asset Protection through Security Awareness explains the best ways to enlist the assistance of your employees as the first line of defense in safeguarding company assets and mitigating security risks. The author reviews key topics surrounding computer security—including privacy, access controls, and risk management—to help fill the gaps that might exist between management and the technicians securing your network systems.
In an accessible style that requires no previous networking or programming experience, the book delivers a practical approach to asset protection. It specifies the roles of managers and employees in creating a company-wide culture of security awareness and provides step-by-step instruction on how to build an effective security awareness team. Each chapter examines a separate security issue and provides a brief overview of how to address that issue. It includes tools and checklists to help you address:
- Visual, digital, and auditory data security
- Credit card compliance (PCI), password management, and social engineering
- User authentication methods
- Computer and network forensics
- Physical security and continuity planning
- Privacy concerns and privacy-related regulation
This concise security management primer facilitates the up-to-date understanding required to protect your digital and physical assets, including customer data, networking equipment, and employee information. Providing you with powerful tools of diplomacy, this text will help you win the support of your employees and empower them to be effective gatekeepers of your company’s most valued assets and trade secrets.
Table of Contents
Introduction: What Is Information Security?
Creating a Culture of Security Awareness
Protective Measures
A Culture of Security Awareness
Remaining Dynamic
Overview of Security Awareness Categories
Industry Standards
Privacy Concerns
Password Management
Credit Card Compliance (PCI)
General File Management
Examples of Security Regulations and Laws
Who Is an IS Professional?
Empowering Security Professionals
Top-Down Approach
Diplomacy
The IS Specialist
Diplomacy—The IS Professional’s Best Friend
End Users Are Great Network Monitors
The End User’s Diplomatic Responsibility
Privacy Concerns
Why Does Privacy Matter?
Types of Private Data
Keeping Files Private
Privacy-Related Regulations and Laws
Privacy Policies
Interdepartmental Security
Risk Management
Risk Management and Asset Protection
Risk Management
Social Engineering
Psychology of Social Engineering
Social Engineering Information Gathering Methods
Incident Detection and Response
Incident Detection
Incident Response
Computer Security Incident Response Teams
Preparedness Is Key
Physical Security
Physical Security Measures
Weather/Natural Disasters
PCI Compliance
Category 2: Protect Cardholder Data
Category 3: Maintain a Vulnerability Management Program
Category 4: Implement Strong Access Control Measures
Category 5: Regularly Monitor and Test Networks
Category 6: Maintain an Information Security Policy
A Good Place to Start
Business Continuity Planning
Prioritization of Critical Systems and Resources
Identify Threats Posed to Critical Systems and Resources
Assign Business Continuity Responsibilities
Develop the Continuity Planning Policy Statement
Implement Business Continuity Plan
Maintain the Plan
Train According to Business Continuity Plan Objectives
User Authentication Methods
User Authentication
Cryptosystems
Public Key Infrastructure
Web of Trust
Computer and Network Forensics
Authenticate
Analyze
Malware
Viruses
Worms
Keyloggers
Rootkits
Spyware
Adware
Trojan Horses
Types of Antivirus Programs
Detecting and Removing Viruses
Recommended Antivirus Programs
Software Updates
Crafting a Security Policy
Planning Versus Reactionary Response (Or—Why It’s Important to Have a Security Plan)
Don’t Wait to Plan
Standards, Policies, Procedures, and Controls
Accessibility, Supportability, and Clarity
Assessing the Organization’s Network Infrastructure
Security Policy Structure Outline
Distribution of the Policy
Performing Security Analyses and Audits
Audit Committees
Preaudit Considerations
Defining Security Rules
Performing a Risk Assessment
Build the Security Architecture
How Frequently Should Audits Be Performed?
Access Control
Identification and Authentication
Different Access Control Methodologies
Security Checklists
Network Inventory Checklist
Physical Security Checklist
Index
Author Bio(s)
Tyler Speed is the Executive Vice President of Electronics International in Bend, Oregon and has a Masters Degree in Information Assurance from the NSA-certified Norwich University in Northfield, Vermont. As a corporate leader in aviation, not only does Tyler deal with governmental regulations and compliance issues from the FAA, but he must also temper customer service and sales needs with a solid foundation in security and training in order to protect sales records, customer information, trade secrets and proprietary information. Tyler has been tinkering with computers and networks since the days of Bulletin Board Services, and understands the need for a common sense approach to corporate security awareness and training. At the time of this publication, Tyler is studying to obtain his Certified Information Systems Seucrity Professional (CISSP) certification.
