Larstan's The Black Book On: Coporate Security

Corporate Security > Table of Contents

Foreword: Securing Today, Protecting Tomorrow (15)

By Howard Schmidt,
former Chairman, President’s Critical Infrastructure Protection Board, White House

A seasoned and influential security professional puts the chapters of this book into context by discussing the overarching trends that affect security at companies of all types. He explains why the old “bricks and mortar” approach is obsolete and poses a new paradigm for corporate security.

1| Building a Secure Corporate Environment from the Ground Up (19)

By Stephen W. Foster,
former CISO, Avaya

As it grows, a company eventually faces the need to create a security organization. This chapter reveals how to build such a system from scratch. The author shows why it is imperative for anyone creating a security program to understand the needs of internal and external customers, as businesses increasingly forge partnerships outside their perimeters.

2| The Information Security Officer: A New Role for New Threats (39)

By Joyce Brocaglia,
President & CEO, Alta Associates

Increasing reliance on technology brings greater vulnerability to security risks. As IT systems become more complex and prone to attack, the definition of an information security officer continues to evolve. The ISO today must embrace a host of interrelated skills beyond mere technological prowess.

3| Corporate Security as Part of Your Overall Risk Management Strategy (71)

By George G. McBride,
Senior Network Security Manager, Lucent Technologies

Some threats, like hurricanes and tornadoes, leave little opportunity for control, but many others can be mitigated. A new risk management process is emerging, whereby managers scrutinize all components of risk, including likelihood and impact across the entire asset lifecycle, and address those that can be controlled.

4| Integrating Security into Extended Enterprise Business Strategies (101)

By Mehrzad Mahdavi,
Vice President, Enterprise Security Services, Schlumberger & Colin Elliott, Global Practice Leader, Security, Schlumberger

Extended collaboration allows firms to focus on what they do best, but it has also created myriad portals into their systems as they manage supply and outsourcing arrangements. This has created a security nightmare which these authors address with practical solutions.

5| Blending Corporate Governance with Information Security (131)

By Ron Moritz,
Chief Security Strategist, Computer Associates

Today, it is understood that information security is something that moves up and down the enterprise, and that every end-user has to be given the tools to participate and engage in information security on their own. Everyone has a role; it can't be done via remote control from a single point.

6| Identity-aware Business Service Management: An Integrated Approach to Security and Business Performance (16)

By Somesh Singh,
Vice President and General Manager, Security Business Unit, BMC Software & Rami Elron, CTO, BMC Software

Information technology does not exist in a vacuum; it's part and parcel of the rest of the business. Managers must ask tough questions, e.g., How important is a system to a company's business operation? If several systems go down, which one should be addressed first? Business service management enables companies to correlate the important parts of their mission to the systems that support it, making prioritization easy.

7| Multi-Level Security: Your Key to Data Safety (195)

By Jim Porell,
Distinguished Engineer and Chief Architect, Mainframe Software, IBM

In the words of Thoreau: you must "simplify, simplify," and that applies to your data systems as well. The concept behind multi-level security is to share data and ultimately applications, to reduce and simplify operational complexity. In addition, the timeliness of data is ensured, since the time lag required to replicate data and sanitize it for different departments is eliminated.

8| Defending the Digital You: How to Fight Online Identity Theft (221)

By Tony Alagna,
Founder & CTO, Wholesecurity & Howard Schmidt

The theft of your very identity is arguably the ultimate crime. Malicious code and hacker attacks used to be about glory, vandalism, anarchy, and notoriety. They were also usually created and deployed by isolated and random individuals. The Internet today is a much scarier place.

9| Preempting Data Warfare: The Art of Comprehensive Vulnerability Management (249)

By Maria Cirino,
Senior Vice President, Managed Security Services, VeriSign, Inc.

IT infrastructures are like ecosystems, which makes continuous vulnerability management an important process. Infrastructures change, grow, and morph everyday, often many times a day. These changes are driven by the connection of new Internet devices, by employees returning from traveling and plugging laptops into docking stations, and by a wide variety of events that impact the IT infrastructure on a continual basis.

10| Collaborative Security: Uniting Against a Common Foe (277)

By Professor Salvatore Stolfo,
Department of Computer Science, Columbia University

In unity, there is strength. This axiom is especially true, as data intrusions increasingly occur at a dizzying pace. Malicious worm writers exploit newly discovered software vulnerabilities and launch their attacks far faster than systems can be patched to repair those vulnerabilities. The time between first discovery of a new vulnerability and widespread patch production and deployment is typically measured in days, which is too long to prevent exposure to a worm attack.

11| Managing and Protecting Intellectual Property in a Shared Information Environment (297)

By Jim Nisbet,
President & CEO, Tablus, Inc.

Intellectual property is typically a nebulous entity, but losing control over it can be fatal for a business. Today, many common corporate activities involve the transmission of intellectual property. This includes email attachments, which have emerged as a key workflow system for many companies.

12| Recovery Strategies for the "Boundless" Enterprise (329)

By Eva Chen,
CEO, Trend Micro

Traditional recovery strategies tend to focus more on data recovery than on system recovery, and not on an outbreak situation that impacts the system and therefore the efficacy of data.

13| Content Security and the Expanding Network Perimeter (351)

By Michael Xie,
Founder, CTO, Fortinet

Traditionally, network security did not consider the end user viewpoint. Network security has always been about bits, bytes, and packets, not about applications, databases, files, graphics, emails/attachments, and downloaded music. These days, a virus can attack from inside the perimeter. Your enemy doesn't necessarily lurk outside the firewall - you could become the victim of "an inside job."

14| The Rise of Converged Networks: A New Threat to Security (385)

By Joseph C. Seanor,
former Security Consulting Manager, Avaya

The days of separate telephone and data networks have ended, but too many executives still live in the past, with dire consequences for the security of their data. A company doesn't have to run VoIP to operate telephony and data along the same network. So why do companies protect their data network with advanced technologies but leave their phone systems relatively unguarded? It's a curious lapse in logic that must be rectified.

15| Business Continuity and Disaster Recovery Post 9/11 (413)

By Dr. Jim Kennedy,
Distinguished Member of Consulting Staff - Security Practice, Lucent Worldwide Services

Whether the attack is chemical, biological, or nuclear, you now do business in a Brave New World of insidious dangers. This chapter provides practical advice on how to adapt to the host of emerging and unconventional threats. Since 9/11, businesses and contingency planners have been compelled to change the way they think and plan for adverse events. In fact, 9/11 was only the beginning of a new security perspective.

Glossary (445)


		Appendix (451)