the-infoshop.com - The vertical markets research portal
View CartView Cart
Global Information, Inc.
US: +1-860-674-8796
EU: +32-2-535-7543
SG: +65-6223-2436
  Home | Catalog | E-mail Alert | Custom Research | About The Infoshop | Contact Us | Site Map |
 
RSS Feed
Telecom & IT
Next Generation Wireless Com
Wireless LAN
Mobile Subscribers
Contents
Mobile Handset
WiMAX/LTE
Optical Network
Optical Component
Set-Top Box
Broadband
FMC
NGN/IMS
Network & Access Devices
RFID
NFC
Digital TV
Satellite Telecom
LBS
Mobile TV
IPTV
E-commerce
Internet Security
Online Ad
Home Network
Enterprise Network
ME/Africa Telecom
North America Telecom
Latin America Telecom
Western European Telecom
Asia Telecom
Central & Eastern European Telecom
Middleware
Web-Service
Server
Embedded Software
Data Center
Green IT
Integrated Software
Operator Company Profile
VoIP
Billing systems
Contact Centers
Prepaid
CRM
BPO

* View All Categories
Japanese
Home > Category > Telecom & IT >

[Report]

Deploying Effective Security Solutions

Published: 2001/05
Contact 24 hrs/day
"Attacks against digitally stored information are still very cheap to carry out, hard to detect, and nearly impossible to retaliate against."

-- Jeffrey Voas, Cutter Consortium contributing author and coauthor of Deploying Effective Security Solutions

"Digital information is our newest measure of wealth," writes Cutter Consortium contributing author Jeffrey Voas, "and that provides the incentive to engage in information warfare, cyber-terrorism, and other malicious activities against information assets."

What can you do to protect your enterprise? Deploying Effective Security Solutions offers a multifaceted approach that draws on the expertise of 13 experts in information security. You'll benefit from both best practices and technical solutions to the problem of doing business effectively and securely.

Based on a special issue of the monthly Cutter IT Journal and three Executive Reports by Cutter Consortium, this report includes: Using the system survivability concept for more secure and survivable COTS-based systems

  • When prevention isn't enough: assessing your capability for system recovery
  • Measuring risk and security with the Time Based Security approach
  • Going beyond the username/password identity method
  • Separating security policies from the rest of the code, using aspect-oriented programming
  • The four-step approach to building a robust security strategy
  • In-depth examinations of firewalls, cryptography, and virtual private networks
  • The importance of carrying out a thorough risk analysis

    • A message from Jeffrey Voas, Cutter Consortium contributing author and guest editor of the Cutter IT Journal.

    "Software is quickly becoming a serious threat to business. The threat stems from a variety of problems, ranging from negligent development practices that engender defective software to vulnerabilities that are deliberately programmed into software (logic bombs, Trojan Horses, and the like). Regardless of the reasons for information systems' vulnerability, without adequate attention to security, our newfound digital wealth may begin slipping away."

    Introduction

    by Jeffrey Voas Toward Survivable COTS-Based Systems by Nancy R. Mead, Howard F. Lipson, and Carol A. Sledge

    Mead, Lipson, and Sledge of the Software Engineering Institute introduce the concept of system survivability, which they simply define as "the capability of a system to fulfill its mission, in a timely manner, in the presence of attacks, failures, or accidents." They argue that survivability blends computer security with software engineering and business risk management. This chapter presents their research objects and ideas for creating a practical software development methodology that leads to more secure and survivable COTS-based systems. Their belief is that achieving a survivable system requires that survivability be integrated into the software development lifecycle and not treated as an add-on property.

    An Ounce of Prevention and a Pound of Cure: Taking a Comprehensive Approach to Information Risk Management by Brett Young

    Brett Young addresses the need to not only deal with information security from a threat prevention standpoint but from a recovery standpoint. He observes, "Today, the weakest area of most organizations' information defense is incident response.... Most companies are woefully unprepared to respond to incidents because of their faith in avoidance." Young recommends that organizations review their defensive strategy in four areas -- security architecture, risk analysis, business impact analysis, and incident response -- in order to better assess how able they are to deal with successful attacks.

    It's About Time: Can We Actually Measure Information Security? by Winn Schwartau Winn Schwartau discusses a Time Based Security approach that creates a new security perspective on networks and their vulnerabilities. The Time Based Security technique provides a common metric, time, to be used to gauge both risk and security of a network system. Schwartau goes on to argue that we should at least know how fast our existing detection and reaction processes are, even if we cannot know how strong or weak our protective products and processes are. The metric he proposes addresses this problem.

    Bridging E-Business and Added Trust: The Keys to E-Business Growth by Hsiaosu Hsiung, Scott Scheurich, and Frank Ferrante Hsiung, Scheurich, and Ferrante suggest that as the number of services available to end users continues to increase, so will the need to maintain the user's identity in a secure and trusted manner. They argue that although the username and password concept has worked thus far, it lacks the needed portability and scalability that will be required in the future as more and more transactions are carried out over the Internet. Because the authors envision that the future global e-commerce system will accept various equipment, ranging from desktop computers to handheld devices, they argue for the need to have as little as one certificate to authenticate an individual across multiple services and equipment instead of the multitude of passwords we use today.

    Applying Aspect-Oriented Programming to Security by John Viega, J.T. Bloch, and Pravir Chandra

    Viega, Bloch, and Chandra introduce aspect-oriented programming (AOP), a new programming paradigm that explicitly promotes the separation of various functional and nonfunctional concerns within a single piece of software. The authors describe an aspect-oriented extension to the C programming language that allows security policies to be separated from the code, enabling developers to write the main application and a security expert to specify security properties. This approach allows developers to reasonably secure their software even if a security expert is not available to assist them.

    Creating and Implementing a Security Strategy by Charles P. Pfleeger

    "A security strategy," writes Charles Pfleeger, "is composed of four steps: planning, assessment, implementation, and response." Pfleeger explodes a number of popular myths about security, explains how to use the four-step security strategy, and details the pros and cons of a number of control systems available for use: firewalls, intrusion-detection systems, authentication devices, cryptography, virtual private networks, secure links, public key infrastructures, digital signatures, cryptographic checksums, hardened hosts, virus scanners, auditing, backups, security policy, security procedures and practices, redundancy, and training and awareness.

    Security Considerations in Modern Distributed Computing Architectures by John Viega and Jeffrey Voas

    "Today's state-of-the-art in computer and software security is dismal," write Viega and Voas. "The main reason is that most companies do not have a deep enough understanding of the serious technical risks to make intelligent decisions about how to reduce those risks." The authors examine methods for employing cryptography successfully, the importance of carrying out a thorough risk analysis, perhaps with outside security experts, as well as the need to avoid simple security hazards such as the tendency for legitimate users to choose passwords that can easily be guessed.

    Off-the-Shelf Security Solutions for Distributed Computing by John Viega, Pravir Chandra, and J.T. Bloch

    This in-depth chapter introduces two technologies for security enterprise networks: firewalls and virtual private networks (VPNs). "Although firewalls and VPNs are certainly capable of being an effective deterrent to those who would attack your network," the authors write, "they are both complex technologies that are hard to get right. Not only must you have a good understanding of these technologies to make effective use of them, you should also perform enough research on the vendors you may use to convince yourself that the product itself is of the highest quality.... For example, in the past year, many holes have been found in the Checkpoint-1 firewall, which is among the most popular firewalls available. Obviously, popularity is not a wholly reliable metric for robustness."

    [Report]
    Deploying Effective Security Solutions
    Published: 2001/05
    Published by : Cutter Information Corp. Cutter Information Corp.

    US $ 495.00 Hard Copy
    US $ 495.00 PDF by E-mail
    >
    How to Order?
    Product Code : CU7198
    Related Topics : Internet Security
    Please inform me when related publications are released
    InfoWatch

    | Home | FAQ | Contact | E-mail Alert | About The Infoshop | Policies | Links | Site Map |
    Available 24 Hours a Day
    US: 1-860-674-8796 EU: 32-2-535-7543 SG: 65-6223-2436
    The vertical markets research portal
    © 2009, the-infoshop.com by Global Information, Inc. All rights reserved.