Read more
This complete new guide to auditing network security is an indispensable resource for security, network, and IT professionals, and for the consultants and technology partners who serve them. Cisco network security expert Chris Jackson begins with a thorough overview of the auditing process, including coverage of the latest regulations, compliance issues, and industry best practices. The author then demonstrates how to segment security architectures into domains and measure security effectiveness through a comprehensive systems approach. Network Security Auditing thoroughly covers the use of both commercial and open source tools to assist in auditing and validating security policy assumptions. The book also introduces leading IT governance frameworks such as COBIT, ITIL, and ISO 17799/27001, explaining their values, usages, and effective integrations with Cisco security products. This book arms you with detailed auditing checklists for each domain, realistic design insights for meeting auditing requirements, and practical guidance for using complementary solutions to improve any company's security posture.
* Master the five pillars of security auditing: assessment, prevention, detection, reaction, and recovery.* Recognize the foundational roles of security policies, procedures, and standards.* Understand current laws related to hacking, cracking, fraud, intellectual property, spam, and reporting.* Analyze security governance, including the roles of CXOs, security directors, administrators, users, and auditors.* Evaluate people, processes, and technical security controls through a system-based approach.* Audit security services enabled through Cisco products.* Analyze security policy and compliance requirements for Cisco networks.* Assess infrastructure security and intrusion prevention systems.* Audit network access control and secure remote access systems.* Review security in clients, hosts, and IP communications.* Evaluate the performance of security monitoring and management systems. This security book is part of the Cisco Press Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end, self-defending networks.
List of contents
Part I: Principles of Auditing Chap 1: Principles of Auditing Chap 2: Regulatory Compliance and Auditing Frameworks Chap 3: Auditing Tools Part II: Mapping Cisco Security Controls to Auditing Requirements Chap 4: Cisco Security Solutions Domains Chap 5: Policy and Compliance Chap 6: Infrastructure Security Chap 7: Intrusion Prevention Chap 8: Role Based Access Control Chap 9: Secure Remote Access Chap 10: Secure Clients and Hosts Chap 11: Secure IP Communications Chap 12: Monitoring and Management Part III: Setting Up Auditing Programs Chap 13: Developing an auditing program
About the author
Chris Jackson is a Consulting Systems Engineer in Cisco's US Channels organization, where he has focused on developing security practices within the partner community for the last six years. Through a fifteen year career in internetworking, he has built secure networks that map to strong security policies for organizations including UPS, GE, and Sprint. Jackson speaks on security for Cisco through IPTV, seminars, and training sessions, has authored multiple whitepapers, and written SANS Institute course material. He also helped write the requirements for the Cisco Master Security Specialization program. He holds dual CCIEs, as well as CISSP and seven SANS certifications
