Techno Security's Guide to Managing Risks for IT Managers, Auditors, and Investigators

Techno Security's Guide to Managing Risks for IT Managers, Auditors, and Investigators

by Johnny Long, Jack Wiles, Russ Rogers, Phil Drake, Ron J. Green, Greg Kipper, Raymond Todd Blackwood, Amber Schroader, Eric Cole, Dennis O'Brien, Kevin O'Shea, Donald Withers
Released April 2011
Publisher(s): Syngress
ISBN: 9780080553979

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

“This book contains some of the most up-to-date information available anywhere on a wide variety of topics related to Techno Security. As you read the book, you will notice that the authors took the approach of identifying some of the risks, threats, and vulnerabilities and then discussing the countermeasures to address them. Some of the topics and thoughts discussed here are as new as tomorrow’s headlines, whereas others have been around for decades without being properly addressed. I hope you enjoy this book as much as we have enjoyed working with the various authors and friends during its development.” —Donald Withers, CEO and Cofounder of TheTrainingCo.

• Jack Wiles, on Social Engineering offers up a potpourri of tips, tricks, vulnerabilities, and lessons learned from 30-plus years of experience in the worlds of both physical and technical security.

• Russ Rogers on the Basics of Penetration Testing illustrates the standard methodology for penetration testing: information gathering, network enumeration, vulnerability identification, vulnerability exploitation, privilege escalation, expansion of reach, future access, and information compromise.

• Johnny Long on No Tech Hacking shows how to hack without touching a computer using tailgating, lock bumping, shoulder surfing, and dumpster diving.

• Phil Drake on Personal, Workforce, and Family Preparedness covers the basics of creating a plan for you and your family, identifying and obtaining the supplies you will need in an emergency.

• Kevin O’Shea on Seizure of Digital Information discusses collecting hardware and information from the scene.

• Amber Schroader on Cell Phone Forensics writes on new methods and guidelines for digital forensics.

• Dennis O’Brien on RFID: An Introduction, Security Issues, and Concerns discusses how this well-intended technology has been eroded and used for fringe implementations.

• Ron Green on Open Source Intelligence details how a good Open Source Intelligence program can help you create leverage in negotiations, enable smart decisions regarding the selection of goods and services, and help avoid pitfalls and hazards.

• Raymond Blackwood on Wireless Awareness: Increasing the Sophistication of Wireless Users maintains it is the technologist’s responsibility to educate, communicate, and support users despite their lack of interest in understanding how it works.

• Greg Kipper on What is Steganography? provides a solid understanding of the basics of steganography, what it can and can’t do, and arms you with the information you need to set your career path.

• Eric Cole on Insider Threat discusses why the insider threat is worse than the external threat and the effects of insider threats on a company.
  • Internationally known experts in information security share their wisdom
  • Free pass to Techno Security Conference for everyone who purchases a book—$1,200 value

Table of contents

  1. Front Cover
  2. Techno Security's™ Guide to Managing Risks: For IT Managers, Auditors, and Investigators
  3. Copyright Page (1/3)
  4. Copyright Page (2/3)
  5. Copyright Page (3/3)
  6. Contents (1/3)
  7. Contents (2/3)
  8. Contents (3/3)
  9. Introduction
  10. Foreword
  11. Chapter 1. Social Engineering: Risks, Threats, Vulnerabilities, and Countermeasures
    1. Introduction
    2. How Easy Is It?
    3. Human Nature: Human Weakness
    4. Risk Management: Performing a Mini Risk Assessment
    5. Outsider–Insider Threats
    6. The Mind of a Social Engineer
    7. The Mind of a Victim
    8. Countermeasures: How Do Bad Guys Target Us, and What Can We Do About It (1/5)
    9. Countermeasures: How Do Bad Guys Target Us, and What Can We Do About It (2/5)
    10. Countermeasures: How Do Bad Guys Target Us, and What Can We Do About It (3/5)
    11. Countermeasures: How Do Bad Guys Target Us, and What Can We Do About It (4/5)
    12. Countermeasures: How Do Bad Guys Target Us, and What Can We Do About It (5/5)
    13. Social Engineering Awareness: A War Story
    14. Answer to the Riddle
    15. Summary
  12. Chapter 2. Personal, Workforce, and Family Preparedness
    1. Introduction
    2. Threats
    3. Your Personal Preparedness Plan (1/7)
    4. Your Personal Preparedness Plan (2/7)
    5. Your Personal Preparedness Plan (3/7)
    6. Your Personal Preparedness Plan (4/7)
    7. Your Personal Preparedness Plan (5/7)
    8. Your Personal Preparedness Plan (6/7)
    9. Your Personal Preparedness Plan (7/7)
    10. Summary
  13. Chapter 3. Seizure of Digital Information
    1. Introduction
    2. Defining Digital Evidence
    3. Digital Evidence Seizure Methodology (1/2)
    4. Digital Evidence Seizure Methodology (2/2)
    5. Factors Limiting the Wholesale Seizure of Hardware (1/2)
    6. Factors Limiting the Wholesale Seizure of Hardware (2/2)
    7. Other Options for Seizing Digital Evidence (1/3)
    8. Other Options for Seizing Digital Evidence (2/3)
    9. Other Options for Seizing Digital Evidence (3/3)
    10. Common Threads within Digital Evidence Seizure
    11. Determining the Most Appropriate Seizure Method
    12. Summary
    13. Works Cited
  14. Chapter 4. Handheld Forensics
    1. Digital Forensics
    2. What Is the Handheld Forensic Impact? (1/2)
    3. What Is the Handheld Forensic Impact? (2/2)
    4. Cellular Handling
    5. Evidence Preservation
    6. Maintain a Forensic Data Connection
    7. Analysis and Reporting
    8. Summary
    9. Bibliography
  15. Chapter 5. RFID: An Introduction to Security Issues and Concerns
    1. Introduction
    2. Background
    3. RFID Purposes
    4. Where Does RFID fit in?
    5. Technology Involved (1/3)
    6. Technology Involved (2/3)
    7. Technology Involved (3/3)
    8. Summary
  16. Chapter 6. Open Source Intelligence
    1. Introduction
    2. Direction
    3. Discovery (1/6)
    4. Discovery (2/6)
    5. Discovery (3/6)
    6. Discovery (4/6)
    7. Discovery (5/6)
    8. Discovery (6/6)
    9. Summary
    10. Notes
  17. Chapter 7. Wireless Awareness: Increasing the Sophistication of Wireless Users
    1. Introduction
    2. Putting Together a War-Driving Team
    3. Increasing User Sophistication (1/6)
    4. Increasing User Sophistication (2/6)
    5. Increasing User Sophistication (3/6)
    6. Increasing User Sophistication (4/6)
    7. Increasing User Sophistication (5/6)
    8. Increasing User Sophistication (6/6)
    9. Summary
  18. Chapter 8. No-Tech Hacking
    1. Introduction: What Is "No-Tech Hacking?"
    2. Physical Security (1/3)
    3. Physical Security (2/3)
    4. Physical Security (3/3)
    5. Lock Bumping (1/3)
    6. Lock Bumping (2/3)
    7. Lock Bumping (3/3)
    8. Information Security (1/5)
    9. Information Security (2/5)
    10. Information Security (3/5)
    11. Information Security (4/5)
    12. Information Security (5/5)
    13. Checklist
    14. Summary
    15. Notes
  19. Chapter 9. The Basics of Penetration Testing
    1. Introduction
    2. Know the Security Analysis Life Cycle
    3. Know When to Deviate
    4. The Penetration Tester Mentality
    5. The Penetration Methodology (1/2)
    6. The Penetration Methodology (2/2)
    7. Summary
  20. Chapter 10. What Is Steganography?
    1. Introduction
    2. Defining Steganography
    3. Analog Steganography
    4. Digital Steganography
    5. The Six Categories of Steganography
    6. Types of Steganography
    7. Steganography Applied to Different Media
    8. Hiding in Network Packets
    9. Issues in Information Hiding
    10. Watermarking
    11. Steganography Tools
    12. Real-World Uses
    13. Detection and Attacks
    14. Summary
  21. Chapter 11. Insider Threat
    1. Introduction
    2. The Devil Inside
    3. The Importance of Insider Threat (1/3)
    4. The Importance of Insider Threat (2/3)
    5. The Importance of Insider Threat (3/3)
    6. Why the Insider Threat Has Been Ignored
    7. Why the Insider Threat Is Worse Than the External Threat
    8. The Effect of Insider Threats on a Company
    9. How Bad Is It—Statistics on What Is Happening . (1/3)
    10. How Bad Is It—Statistics on What Is Happening . (2/3)
    11. How Bad Is It—Statistics on What Is Happening . (3/3)
    12. Targets of Attack
    13. The Threat Is Real
    14. New World Order
    15. Future Trends
    16. Summary
  22. Index (1/2)
  23. Index (2/2)

Product information

  • Title: Techno Security's Guide to Managing Risks for IT Managers, Auditors, and Investigators
  • Author(s): Johnny Long, Jack Wiles, Russ Rogers, Phil Drake, Ron J. Green, Greg Kipper, Raymond Todd Blackwood, Amber Schroader, Eric Cole, Dennis O'Brien, Kevin O'Shea, Donald Withers
  • Release date: April 2011
  • Publisher(s): Syngress
  • ISBN: 9780080553979