Read more
An information security operations involves monitoring, assessing, and defending enterprise information systems. For organizations without a formalized incident-handling capability, the creation from scratch of a security operations center that enables centralized visibility, alerting and investigation can be a daunting task. But fortunately organizations don¿t need a room full of security experts and an investment of millions of dollars in security systems to make progress here. This book explains how to develop an effective security operations center (SOC) and provides a roadmap for continuously evolving this capability to keep pace with the tactics of the adversaries.
List of contents
Roles of Security Operations: IT Security Specialists and Security Analysts. The Role of Forensics and the IT Audit Discipline. Executive Level IT Security Roles.
Simulating and Mitigating Threats: Documenting Abstraction and What to Anticipate. Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege (STRIDE). Modeling tools for Threat Analysis.
Social Hacking: Never `Too Much¿ Information. Disguise. Persuasion. IT Security Operations and Privacy: Protecting Confidential Data. Assessing Impact.
IT Security Documentation: Business Impact Assessments. Disaster Recovery Documentation. Technical Aspects of Security Operations: Execution of Network Security Monitoring (NSM) and Audit Logs. Packet Analysis . Defending the Applications, Servers and Clients.
Collateral Duties of Security Operations: Policy, Configuration Management, Password Administration and Management, and Proactive Audit Preparation
About the author
Dr. James L. Rainey III is an IT Specialist with the US Federal Government where he works with a group of developers. James received a BA from the University of Detroit Mercy in 1995 and an MS in Computer and Information systems in 1997, where he studied under the supervision of Dr. Daniel Shoemaker. He worked for the Detroit Public Schools as a Computer Education Technician for five years. He did a tour with the National Security Agency (Fort Meade, MD) in 1998 where he earned a citation for his work with the System and Network Attack Center (SNAC). He also worked at GM’s Tech Center in Warren, Michigan while working for EDS as a developer. Following his job with EDS he worked at Comerica Bank’s Data Center in Auburn Hills, Michigan as a developer. He taught in the University of Detroit Mercy’s CIS Department for 10 years as an adjunct. Prior to accepting this position, James worked on a large-scale ERP Implementation as both an SAP Basis Administrator and was eventually promoted to the Infrastructure Architect. Following this, he was then promoted to management. He's coauthored a couple of articles over the past five years. In April of 2010, Dr. Rainey successfully defended his dissertation at Lawrence Technological University where Dr. Annette Lerine Steenkamp chaired his dissertation committee. The research topic was ‘‘A process improvement model for improving problem resolution tracking in data centers.’’
Summary
An information security operations involves monitoring, assessing, and defending enterprise information systems. For organizations without a formalized incident-handling capability, the creation from scratch of a security operations center that enables centralized visibility, alerting and investigation can be a daunting task. But fortunately organizations don’t need a room full of security experts and an investment of millions of dollars in security systems to make progress here. This book explains how to develop an effective security operations center (SOC) and provides a roadmap for continuously evolving this capability to keep pace with the tactics of the adversaries.
