Index
497
breach, 372
function, ownership of, 149
incident(s), 71
backup, 300
data classification policy and, 285
employee termination and, 346
past, 130, 272, 313, 327, 346
management practices, 30
Officer, 440, 441
organization, 49, 65
outsourcing of, 220
patch levels, 185
personnel, 78
policy(ies), 47
documentation, 121
employee compliance with, 51
enforcement of, 54, 55
fragmented, 35
interpretation of, 80
lack of, 268
lack of enforcement, 36
noncompliance with, 23
questionnaires and checklists, 255–258
-related events, 70
-related questions, 132
roadmap, 86, 141, 226, 212, 215, 228
services, managed, 220
strategy, 46
system-enforced, 202
training, provider of, 242
transmission, 482
view of as business enabler, 26
view of as revenue enabler, 25
vulnerabilities, 265
weaknesses
client knowledge of, 208
risks associated with, 71
Security Operations Center (SOC), 408, 410
Selling, general, and administrative expenses
(SG&A), 114
Servers
critical, 185
proxy, 269
Service level agreement (SLA), 41, 236, 303, 312,
313, 364
monitoring of, 365
performance metrics, 405
scope of service, 406
specifications, 322
Service Level Objectives (SLOs), 303
SG&A,
see
Selling, general, and administrative
expenses
Shareware, 54, 182
Single point of contact (SPOC), 90, 92
SLA,
see
Service level agreement
SLOs,
see
Service Level Objectives
SOC,
see
Security Operations Center
Social engineering, 336, 482
Soft tokens, 482
Software
anti-virus, 453
authentication, 9
maintenance, 39
malicious, 453
standards, 265
updates, 40
SPOC,
see
Single point of contact
SQL,
see
Structure query language
Standards,
see also
Information security standards
best practice, 17
encryption, 365
hardware, 265
ISO 17799, 9, 17, 69, 132, 283, 248, 415
lack of, 80
marketplace, 17, 19
password, 457
software, 265
Statement on Auditing Standards (SAS) 70, 239,
412
Status meetings, 97, 158, 189, 192
Structure query language (SQL), 13, 60, 384
SysAdmin, Audit, Network, Security (SANS), 19,
33, 242
System
hardening measures, 73
logs, 48, 293
settings, required changes to, 181
SysTrust, 240
T
TCO,
see
Total cost of ownership
TCP/IP,
see
Transmission Control
Protocol/Internet Protocol
Technical documents, 121
Technical testing, 78
Technology
best-practice standards, 197
owners
generic questionnaire for meetings with,
277–281
identification of, 91
lack of cooperation from, 191
meeting with, 174
understanding of security assessment by,
176
Technology evaluation, 62, 66, 165–192
analysis of information collected and
documenting of findings, 187–189
AU1706_Idx.fm Page 497 Saturday, August 21, 2004 6:26 PM