Cover image for The business case for network security : advocacy, governance, and ROI
The business case for network security : advocacy, governance, and ROI
Personal Author:
Network business series
Publication Information:
Indianapolis, IN : Cisco Press, 2005
Added Author:


Item Barcode
Call Number
Material Type
Item Category 1
30000004727297 TK5105.59 P36 2005 Open Access Book Book

On Order



Understand the total cost of ownership and return on investment for network security solutions *Understand what motivates hackers and how to classify threats *Learn how to recognize common vulnerabilities and common types of attacks *Examine modern day security systems, devices, and mitigation techniques *Integrate policies and personnel with security equipment to effectively lessen security risks *Analyze the greater implications of security breaches facing corporations and executives today *Understand the governance aspects of network security to help implement a climate of change throughout your organization *Learn how to qualify your organization's aversion to risk *Quantify the hard costs of attacks versus the cost of security technology investment to determine ROI

Author Notes

Catherine Paquet is a freelancer in the field of internetworking and return on security investment. Catherine has in-depth knowledge of security systems, remote access, and routing technology. She is a Cisco Certified Security Professional (CCSP(tm)) and a Cisco Certified Network Professional (CCNP®). Her internetworking career started as a LAN manager; she then moved to MAN manager and eventually became the nationwide WAN manager. Catherine was also a certified Cisco Systems instructor with the largest Cisco® training partner, serving as the course director/ master instructor for security and remote access courses. Most recently she held the position of director of technical resources for Canada, where she was responsible for instructor corps and equipment offerings, including Cisco courses. In 2002 and 2003, Catherine volunteered with the UN mission in Kabul, Afghanistan, to train Afghan public servants in the area of networking. Catherine has an MBA with a major in management information systems (MIS).

Catherine coauthored the Cisco Press books Building Scalable Cisco Networks, CCNP Self-Study: Building Scalable Cisco Internetworks (BSCI), and CCNP Self-Study: Building Scalable Cisco Internetworks (BSCI), Second Edition, and she edited Building Cisco Remote Access Networks.

Warren Saxe has an extensive background in profit and loss (P&L) management as general manager for a Fortune 1000 semiconductor distributor. As a top- and bottom-line-focused senior manager, he brings a unique perspective to this business decision maker oriented book. He applies an overriding business strategy to drive IT decisions by utilizing a value-driven approach. He has extensive background in sales management, marketing management, and demand creation fundamentals. He directed a large multidisciplinary team composed of managers, engineers, sales, and marketing professionals. He was responsible for strategic and tactical planning, and he negotiated directly with CxO-level executives, both internally and with customers across many industries. He is currently focusing in the areas of security governance, risk management, and return on security investment planning. He earned his degree at McGill University.

Table of Contents

I Vulnerabilities and Technologies
1 Hackers and Threats
Contending with Vulnerability
Realizing Value in Security Audits
Analyzing Hacking
Assessing Vulnerability and Response
Hackers: Motivation and Characteristics
The Enemy Within: Maliciousness and Sloppiness
Threats Classification
The Future of Hacking and Security
End Notes
2 Crucial Need for Security: Vulnerabilities and Attacks
Recognizing Vulnerabilities
Design Vulnerabilities Issues
Human Vulnerability Issues
Implementation Vulnerability Issues
Categories of Attacks
The Human Component in Attacks
Reconnaissance Attacks
Access Attacks
Denial of Service Attacks
Additional Common Attacks
Scanning and System Detailing
Password Attacks
Trust Exploitation
Software and Protocol Exploitation
Trojan Horses
Attack Trends
Wireless Intrusions
Wireless Eavesdropping
Man-in-the-Middle Wireless Attacks
Walk-By Hacking
Drive-By Spamming
Wireless Denial of Service
Frequency Jamming
The Hapless Road Warrior
Social Engineering
Examples of Social Engineering Tactics
Summary of Attacks
Cisco SAFE Axioms
Routers Are Targets
Switches Are Targets
Hosts Are Targets
Networks Are Targets
Applications Are Targets
3 Security Technology and Related Equipment
Virus Protection
Traffic Filtering
Basic Filtering
Advanced Filtering
Filtering Summary
Encrypted VPNSSL Encryption
File Encryption
Authentication, Authorization, and Accounting: AAA
Public Key Infrastructure
From Detection to Prevention: Intrusion-Detection Systems and Intrusion-Prevention Systems
IDS Overview
Network- and Host-Based IDSIPS Overview
Target-Based IDS
Content Filtering
URL Filtering
E-Mail Content Filtering
Assessment and Audit
Assessment Tools
Audit Tools
Additional Mitigation Methods
Self-Defending Networks
Stopping a Worm with Network-Based Application Recognition
Automated Patch Management
Notebook Privacy Filter
End Notes
4 Putting It All Together: Threats and Security Equipment
Threats, Targets, and Trends
Lowering Risk Exposure
Security Topologies
SAFE Blueprints
SAFE Architecture
Using SAFE
II Human and Financial Issues
5 Policy, Personnel, and Equipment as Security Enablers
Securing the Organization: Equipment and Access
Job Categories
Departing Employees
Password Sanctity
Managing the Availability and Integrity of Operations
Implementing New Software and Privacy Concerns
Custom and Vendor-Supplied Software
Sending Data: Privacy and Encryption Considerations
Regulating Interactivity Through Information and Equipment Control
Determining Levels of Confidentiality
Inventory Control: Logging and Tagging
Mobilizing the Human Element: Creating a Secure Culture
Employee Involvement
Management Involvement: Steering Committee
Creating Guidelines Through the Establishment of Procedural Requirements
Policy Fundamentals
Determining Ownership
Determining Rules and Defining Compliance
Corporate Compliance
User Compliance
Securing the Future: Business Continuity Planning
Ensuring a Successful Security Policy Approach
Security Is a Learned Behavior
Inviting the Unknown
Avoiding a Fall into the Safety Trap
Accounting for the Unaccountable
Workflow Considerations
Striving to Make Security Policies More Efficient
Surveying IT Management
The Need for Determining a Consensus on Risk
Infosec Management Survey
Infosec Management Quotient
6 A Matter of Governance: Taking Security to the Board
Security-A Governance Issue
Directing Security Initiatives
Steering Committee
Leading the Way
Establishing a Secure Culture
Securing the Physical Business
Securing Business Relationships
Securing the Homeland
Involving the Board
Examining the Need for Executive Involvement
Elements Requiring Executive Participation
End Notes
7 Creating Demand for the Security Proposal: IT Management's Role
Delivering the Security Message to Executive Management
Recognizing the Goals of the Corporation
Knowing How the Organization Can Use ROP