Description: 1. Visitors in the Night. An Unwanted Guest. Day 1: A Nice Night for a Hack. Day 2: Out of Sight, Out of Mind. Day 3: The Hack is Back. Days 4 to 7: Waiting to Exhale. Day 8: Too Little, Too Late. Day 9: Just the Facts. Summary: It Can Come from Within. Let's Not Go There. Focus on Prevention. Prepare for the Worst. React Quickly and Decisively. Follow Up. Checklist. Final Words. 2. The Bogus Box. Out-of-the-box Security. Day 1: False Security from a Box. Two Years Later: It Was Bound to Happen Eventually. + Two Weeks: Once Is Never Enough. + Three Weeks: No Quick Fix. The Saga Continues: A Disaster Awaits. Summary: Would You Hire this ISP? Let's Not Go There. Know Your Risks. Avoid Out-of-the-box Installations. Audit Your Network. Know the People Who Know Your Data. Assign or Acquire Adequate Funding for Security. Don't Export Read/Write Permissions to the World. Remove Old Accounts. Forbid the Use of Crackable Passwords. Apply Security Patches. Follow Policies and Procedures. Get Help. Use Training. Checklist. Final Words. 3. Executive Nightmare. Can You Hear Me At The Top? Day 1: Not a Security Measure in Sight. A Year Later: The Hacks Continue. Summary: Take an Active Approach. Let's Not Go There. Commit to Security from the Top Down. Speak Softly and ACT LOUDLY. Keep Levels of Management to a Minimum. Report Back! Set Security as a Management Goal. Provide or Take Training as Required. Make Sure that All Managers Understand Security. Check that System Administrators Communicate Needs Clearly. Checklist. Final Words. 4. Controlling Access. The Never-ending Network. Day 1: An Ill Fated Plan for Outside Access. A Few Weeks Later: Dave's Big Mistake. The Next Day: Who's Job is Security, Anyway? Over the Next 29 Days: And the Hacker Wanders Quietly. + One Month: A Spot Audit Spots the Hacker. Audit Day 1: Follow the Network Map to Follow the Security Hole. Audit Day 2: An Unenforced Policy is a Useless Policy. The Last Audit Day: The Wrong Man for the Job is Worse than No Man for the Job. Summary: Close the Door to the Competition. Let's Not Go There. Use Standard Architecture Designs. Track External Connections. Take Responsibility for Your Territory. Require Approval for External Connections. Enforce Policies and Procedures. Disable Unnecessary Services. Stress the Importance of Training. Follow Through. Don't Connect Unsecured Systems to the Internet. Checklist. Final Words. 5. What You Don't Know. Sink or Swim? Initial Contact: A Good Sign. Day 1: Don't Put Your Security Eggs in One Basket. Day 2: The Penetration Begins. Day 3: Sink or Swin Always Means Sink. Summary: Can't Afford the Power of Negative Training. Let's Not Go There. Have Management Send the Right Security Message. Educate Executive Management. Protect the Security Training Budget. Make Security a Management Requirement. Make Training a System Administrator Requirement. Attend Security Seminars. Have Brown Bag Lunches. Disseminate Security Information. Join Security Aliases. Write White Papers. Write for Newsletters. Develop Tools into Products. Checklist. Final Words. 6. Risking the Corporation. Trauma Zone. Day 1: An Unscheduled Audit. A Game of Risk is a Game of Strategy. Phase One: Dress the Part. Phase Two: Infiltrate Physical Security. Phase Three: A Walk Through the System Park. Day 2: Patient Records at Risk. Summary: Look Before You Leap. Let's Not Go There. Assess Risks. Classify Systems. Forbid Out-of-the-box Installations. Don't Be Too Trusting. Learn from the Past. Target Budget Cuts. Conduct Security Audits. Hold Management Accountable. Don't Set Yourself Up. Include Training in Right-sizing Budgets. Keep Score. Checklist. Final Words. 7. Not My Job. Come On In, The Door's Open. Day 1: Why Can't We Lock the Hackers Out? Day 2: The

Please Wait