Mission-Critical Security Planner

All the worksheets and templates you need to create a complete customized security plan that works for your business

Let's face it: Security is a business problem, not just a technical challenge. Whether hackers simply want to test their skills or steal your data, they can-and will-do incalculable damage to your company. You need a solid plan. The good news is that Eric Greenberg has done most of the planning work for you.

This isn't just an "I told you so" book. You get hands-on involvement from the start. You'll see your own customized security plan template begin to take shape as you complete the accompanying worksheets. Choose any one of the security plans outlined in this book, and you will be able to protect your data and deter hackers. And by implementing the proven strategies Greenberg details, you can secure your company's competitive edge for the long term.

Backed up by solid business planning methods collected from years of experience, Greenberg:

• Steps you through a complete customized security improvement plan
• Provides worksheets at every stage that you can use to create a comprehensive and meaningful security plan
• Introduces practical risk management techniques to intelligently assess and manage the network security risks and costs facing your organization

The book's companion Web site contains the security planning template and all the worksheets in downloadable Microsoft Word format as well as additional resources to ensure that you have exactly what you need to protect your company.

1. Setting the Stage for Successful Security Planning
• Not an Absolute Science
• A Way of Thinking
• Avoiding the Pitfalls
  • The Ultra-Planner
  • The Nonplanner
  • The Shock-Advisor
• Identifying Risk
  • Profiling Hackers
    • The Attention Seeker
    • The Malicious
    • The Curious
    • The Thief
    • The Unintentional Hacker
  • Negotiating with Hackers
• Selling Security
  • Authentication, Tokens, Smart Cards, and Biometrics: An Overview
  • Making the Security Sale: An Example
• Doing the Math
  • Understanding Impact Analysis
  • Performing Security Impact Analysis: An Example
  • Counting the Cost of Security
  • Establishing Maximum Impact, Cost, and the Security Budget
  • Estimating the Value of Security
  • Laying the Security Foundation
• Improving Security as Part of the Business Process
• Conclusions
2. A Security Plan That Works
• Forming a Security Planning Team
  • At the First Meeting
• Anatomy of an Effective Security Plan
  • The Importance of a Security-Centric Business Model
    • Information
    • Infrastructure
    • People
• Security Life Cycle
  • Choosing Technology
  • Hitting the On Switch: Implementation
  • Keeping a Lookout: Operations
  • Dealing with Threats, Hacks, and Mistakes: Incident Response
    • Activities
    • Coordinating Team Members
    • Notifying Authorities
    • Filing an Incident Report
    • Testing Incident Handling
  • Creating Order from Chaos: The Security Stack
• Mapping the Template: The Keys to the Kingdom
  • Preparing to Work with the Security Elements
• Introducing the Security Elements
  • The Core Elements
    • The Fundamentals
    • The Wrap-up Elements
• Conclusions
3. Using the Security Plan Worksheets: The Fundamentals
• From Here to Security
  • Organization of the Worksheets
• Filling in the Fundamental Security Element Worksheets
  • Authorization and Access Control
    • Summary
    • Security Stack
    • Life-Cycle Management
    • Business
    • Selling Security
  • Authentication
    • Summary
    • Security Stack
    • Life-Cycle Management
    • Business
    • Selling Security
  • Encryption
    • Summary
    • Security Stack
    • Life-Cycle Management
    • Business
    • Selling Security
  • Integrity
    • Summary
    • Security Stack
    • Life-Cycle Management
    • Business
    • Selling Security
  • Nonrepudiation
    • Summary
    • Security Stack
    • Life-Cycle Management
    • Business
    • Selling Security
  • Privacy
    • Summary
    • Security Stack
    • Life-Cycle Management
    • Business
    • Selling Security
• Conclusions
4. Using the Security Plan Worksheets: The Remaining Core and Wrap-up Elements
• Organization of the Worksheets
• Addressing, Protocol Space, Routing Plan, Filtering, and Disablement
  • Summary
  • Security Stack
  • Life-Cycle Management
  • Business
  • Selling Security
• Configuration Management
  • Summary
  • Security Stack
  • Life-Cycle Management
  • Business
  • Selling Security
• Content and Executable Management (CEM)
  • Summary
  • Security Stack
  • Life-Cycle Management
  • Business
  • Selling Security
• Directory Services
  • Summary
  • Security Stack
  • Life Cycle Management
  • Business
  • Selling Security
• Diversity, Redundancy, and Isolation (DRI)
  • Summary
  • DRI: An Example
  • Security Stack
  • Life-Cycle Management
  • Business
  • Selling Security
• Intrusion Detection and Vulnerability Analysis (IDS/VA)
  • Summary
  • Security Stack
  • Life-Cycle Management
  • Business
  • Selling Security
• Secure Software
  • Summary
  • Security Stack
  • Life Cycle Management
  • Business
  • Selling Security
• Secure Time Services
  • Summary
  • Security Stack
  • Life-Cycle Management
  • Business
  • Selling Security
• Staff Management
  • Summary
  • Security Stack
  • Life-Cycle Management
  • Business
  • Selling Security
• Wrap-Up Security Element Worksheets
  • Administration and Management
  • Interoperability and Standards
  • Laws and Regulations
  • Lockdown
  • Lost or Stolen Items
  • Managed (Outsourced) Security
  • Performance
  • Physical Security
  • Procurement
  • Support Interface
  • Testing, Integration, and Staging
  • Training
  • Recovery
• Conclusions
5. Strategic Security Planning with PKI
• PKI Primer
  • Authentication and Nonrepudiation with Digital Signatures
  • The X.509 Standard and Certificate Authorities
• Making a Business Case for PKI
  • Classifying PKI
    • Benefits of Virtual Private Networks
  • PKI Services
  • PKI Business Integration
    • Collaboration, Workflow, and Business Processes
    • Inventory and Supplier Management
    • Software Distribution Methods
    • Single, or Reduced, Sign-On
    • Formalization of Policies and Practices
    • Legislation
  • PKI in Vertical Industries
    • Financial Services
    • Health Care
    • Legal
    • Retail and Manufacturing
    • Government
• Challenges of PKI
  • Business Justification
  • Scalability
  • Interoperability
    • Emerging Standards
  • Complexity
  • Maturity
  • Physical Security
  • Disaster Planning and Recovery
  • Integration
  • Policies, Practices, Reliance, Risk, Liability, and Trust
  • Legislation
• Case Study: A Real-World Business-to-Business PKI Success Story
  • Background
  • Components of the Solution
  • Roles and Responsibilities
  • Challenges and Lessons Learned
    • Educating Users on Internet and Digital Certificate Technologies
    • Defining Roles
    • Linking Corporate Security with Doing Business Successfully
    • Developing Digital Certificate Policies and Procedures
    • Coordinating Product Dependencies
  • OASIS Today
• Conclusions
6. Ahead of the Hacker: Best Practices and a View of the Future
• Practice Makes Perfect — Or at Least More Secure
• Into the Future: The Top 10 Methods of Attack
• In Closing
• For Further Reading

A plethora of very useful worksheets. Worth the money.