This book is a guide for Network professionals to understand real-world information security scenarios. It offers a systematic approach to prepare for security assessments including process security audits, technical security audits and Penetration tests. This book aims at training preemptive security to network professionals in order to improve their understanding of security infrastructure and policies.
With our network being exposed to a whole plethora of security threats, all technical and non-technical people are expected to be aware of security processes. Every security assessment (technical/ non-technical) leads to new findings and the cycle continues after every audit. This book explains the auditor's process and expectations and also helps an organisation prepare for any type of audit and minimise security findings.
It follows a lifecycle approach to information security by understanding:
Why we need Information securityHow we can implement How to operate securely and maintain a secure postureHow to face audits
Contents
Basics of Information Security Threat ParadigmInformation Security Controls Decoding Policies Standards Procedures & GuidelinesNetwork security designKnow your assetsImplementing Network SecuritySecure Change ManagementVulnerability and Risk ManagementAccess ControlCapacity ManagementLog ManagementNetwork Monitoring Information Security AuditTechnical Compliance AuditPenetration Testing