Advances in security information management : perceptions and outcomes / Guillermo Su�arez de Tangil and Esther Palomar, editors.
Material type:
TextSeries: Computer science, technology and applicationsPublisher: New York : Nova Publishers, [2013]Description: 1 online resourceContent type: - text
- computer
- online resource
- 9781624172212
- 1624172210
- 005.8 23
- QA76.9.A25
Includes bibliographical references and index.
Description based on print version record and CIP data provided by publisher.
English.
ADVANCES IN SECURITY INFORMATION MANAGEMENT ; ADVANCES IN SECURITY INFORMATION MANAGEMENT ; CONTENTS ; PREFACE ; SECURITY INFORMATION AND EVENT MANAGEMENT SYSTEMS ... A NEED IN THE REAL WORLD; Abstract; 1. Introduction; 2. Security Evolution; 2.1. Attack Evolution; 2.2.Compliance; 3. Traditional Incident Handling Strategies; 3.1. Passive Tools; 3.1.1. IDS; 3.1.2. Operating System (OS) Detection; 3.1.3. User Identi cation; 3.2. Active Tools; 3.2.1. Firewalls; 3.2.2. Intrusion Prevention Systems; 3.2.3. Web Content Filtering; 3.2.4. Anti-Virus; 3.2.5. Web Application Firewalls.
3.2.6. Data or Information Leakage Prevention3.3. Proactive Tools; 3.3.1. Vulnerability Assessment; 3.3.2. Exploit Tools and Penetration Testing; 3.4. Attacking Tools; 4. Deployment and Use ofSecurity Tools; 4.1. Proper Deployment; 4.1.1. Input for the Tools; 4.1.2.Network Access Requirements; 4.2. Log Analysis; 5. Dealing with Information Overload; 5.1. Log Correlation Basis; 5.2. Actionable Data; 5.2.1. Individual High Value True Positives Pre-SIEM; 5.2.2. SIEM Correlated True Positives; 5.2.3. Dealing with False Positives; 5.2.4. Evaluating Effectiveness: Results and Stats from SIEM; 6. AccomplishingSIEM.
6.1.Company Rules6.2. Management Buy-In; 6.3. Requirements and Testing; 7. SIEM Speci c Requirements; 7.1. Dealing with Standard Logs; 7.1.1. Logs need to be correctly interpreted by SIEM; 7.1.2. Support; 7.2. SIEM Defaults: Rules and Parsers; 7.3. Customization; 7.3.1. Incidents; 7.3.2. Events; 7.3.3. Fixed Hardware and Software Architectures; 7.4. Physical and Logical Implementation; 7.5. Training; 8. Role Speci c Importance; 8.1. Managed Security Services; 8.1.1. Outsourced Security Management; 8.1.2. In-House Security Management; 8.2. Incident Handlers and Analysts; 8.2.1. Tracking and Reporting.
8.2.2. Analysts8.2.3. Incident Response; 9. Conclusion; References; SECURITY INFORMATION AND VULNERABILITY MANAGEMENT; Abstract; 1. Introduction; 2. Software Vulnerability Evaluation; 2.1. Security Risk Evaluation; 2.2. Vulnerability Monitoring; 2.3. Perimeter Security Traf c and Risk Monitoring; 2.4. Vulnerability Recovery; 3. Security Information and Event Management; 3.1. Log information quality; 3.2. Reliable sources of security advisories; 3.3. Accurac yof the asset inventory; 3.4. Vulnerability assessment; 3.5. Firewall change management; 4. Building blocks; 4.1. Building connector.
4.2. Building collector4.3. Adaptive ltering and correlation; 4.4. Correlation capability; 4.5. Correlation scenario; 5. Conclusion; A Advisory Information; A1. Secunia Sample Report; A2. Oval Sample Report; B Generic Advisory Report Taxonomy; B1. Asset Sample Report; B2. Vulnerability Scan Sample Report; B3. Application Log Sample Report; B4. Firewall Sample Report; References; TOWARD A MULTISTAGE ATTACK DETECTION FRAMEWORK; Abstract; 1. Introduction; 2. Attack Scenarios; 2.1. Analysis Methodology; 2.2. Scenario Alpha; 2.2.1. General Statistics; 2.2.2. Summary of Conversations; 2.2.3. In-depth Analysis.
eBooks on EBSCOhost EBSCO eBook Subscription Academic Collection - Worldwide