| |
The Fat Controllers
|
Security Primer
|
| |
1 Introduction
|
Why the book
|
| |
2 Organisations and Roles
|
- Where does the security department thrive
- What are pros & cons of each
- What should a security department do
- What are the qualities of a Head of Security
- What are the other departments to partner with
|
| |
3 Getting the Framework in place
|
- Disclaimer -Why there is more to life than policy
- Strategy
- Plan
- Policy
- Standards
- Baselines
|
| |
4 Basic Concepts
|
- CIA
- Defense in depth
- Segregation of duty
- Principle of least privilege
- Prudent man
- Non-repudiation
- Not specifically allowed denied
|
| |
5 UK Legislation
|
UK acts
- DPA
- CMA
- RIP
- FDI
- HRA
USA acts
- HIPAA
- Gram Leach Bliley
- SBO
- SB1386
|
| |
6 Types of audit
|
- External audit
- Internal audit
- SAS70 type 1 + 2
- NHS connection Audit
- Section 39
- Web trust
- Sys trust
|
| |
7 Types of certification
|
|
| |
8 BS7799 & PAS 56
|
|
| |
9 Infrastructure design
|
- Infrastructure design
- Firewalls
- Proxy servers
- Out of band management
- IDS IPS AUDITING
|
| |
10 Firewalls
|
- History - types of firewalls
- Firewall rules plus do and don't
For the more technical
- Firewall 1
- PIX
- Netscreen
|
| |
11 Ids part 1
|
|
| |
Ids part 2
|
- What IDS does
- The difference between auditing, state monitoring and IDS
- Anomolous detection v's signature analysis
- Why IDS fail
- IDS implementation
For the more technical
- Realsecure
- Snort
|
| |
12 IPS
|
|
| |
13 network penetration testing
|
|
| |
14 Application and Web Application flaws
|
- OWASP
- Cross Site scripting - Theory
- Cross Site scripting - Example
- SQL injection - Theory
- SQL injection -- Theory
- Command injection
- Buffer overflows
- Forced directory browsing
|
