The Business Case for Network Security: Advocacy, Governance, and ROI (Network Business) (Paperback)

by Catherine Paquet (Author), Warren Saxe (Author)

Editorial Reviews

Product Description

Understand the total cost of ownership and return on investment for network security solutions

• Understand what motivates hackers and how to classify threats
• Learn how to recognize common vulnerabilities and common types of attacks
• Examine modern day security systems, devices, and mitigation techniques
• Integrate policies and personnel with security equipment to effectively lessen security risks
• Analyze the greater implications of security breaches facing corporations and executives today
• Understand the governance aspects of network security to help implement a climate of change throughout your organization
• Learn how to qualify your organization’s aversion to risk
• Quantify the hard costs of attacks versus the cost of security technology investment to determine ROI
• Learn the essential elements of security policy development and how to continually assess security needs and vulnerabilities

The Business Case for Network Security: Advocacy, Governance, and ROI addresses the needs of networking professionals and business executives who seek to assess their organization’s risks and objectively quantify both costs and cost savings related to network security technology investments. This book covers the latest topics in network attacks and security. It includes a detailed security-minded examination of return on investment (ROI) and associated financial methodologies that yield both objective and subjective data. The book also introduces and explores the concept of return on prevention (ROP) and discusses the greater implications currently facing corporations, including governance and the fundamental importance of security, for senior executives and the board.

 

Making technical issues accessible, this book presents an overview of security technologies that uses a holistic and objective model to quantify issues such as ROI, total cost of ownership (TCO), and risk tolerance. This book explores capital expenditures and fixed and variable costs, such as maintenance and upgrades, to determine a realistic TCO figure, which in turn is used as the foundation in calculating ROI. The importance of security policies addressing such issues as Internet usage, remote-access usage, and incident reporting is also discussed, acknowledging that the most comprehensive security equipment will not protect an organization if it is poorly configured, implemented, or used. Quick reference sheets and worksheets, included in the appendixes, provide technology reviews and allow financial modeling exercises to be performed easily.

 

An essential IT security-investing tool written from a business management perspective, The Business Case for Network Security: Advocacy, Governance, and ROI helps you determine the effective ROP for your business.

 

This volume is in the Network Business Series offered by Cisco Press®. Books in this series provide IT executives, decision makers, and networking professionals with pertinent information about today’s most important technologies and business strategies.

About the Author

Catherine Paquet is a freelancer in the field of internetworking and return on security investment. Catherine has in-depth knowledge of security systems, remote access, and routing technology. She is a Cisco Certified Security Professional (CCSP™) and a Cisco Certified Network Professional (CCNP®). Her internetworking career started as a LAN manager; she then moved to MAN manager and eventually became the nationwide WAN manager. Catherine was also a certified Cisco Systems instructor with the largest Cisco® training partner, serving as the course director/ master instructor for security and remote access courses. Most recently she held the position of director of technical resources for Canada, where she was responsible for instructor corps and equipment offerings, including Cisco courses. In 2002 and 2003, Catherine volunteered with the UN mission in Kabul, Afghanistan, to train Afghan public servants in the area of networking. Catherine has an MBA with a major in management information systems (MIS).

 

Catherine coauthored the Cisco Press books Building Scalable Cisco Networks, CCNP Self-Study: Building Scalable Cisco Internetworks (BSCI), and CCNP Self-Study: Building Scalable Cisco Internetworks (BSCI), Second Edition, and she edited Building Cisco Remote Access Networks.

 

Warren Saxe has an extensive background in profit and loss (P&L) management as general manager for a Fortune 1000 semiconductor distributor. As a top- and bottom-line-focused senior manager, he brings a unique perspective to this business decision maker—oriented book. He applies an overriding business strategy to drive IT decisions by utilizing a value-driven approach. He has extensive background in sales management, marketing management, and demand creation fundamentals. He directed a large multidisciplinary team composed of managers, engineers, sales, and marketing professionals. He was responsible for strategic and tactical planning, and he negotiated directly with CxO-level executives, both internally and with customers across many industries. He is currently focusing in the areas of security governance, risk management, and return on security investment planning. He earned his degree at McGill University.

 

 

Product Details

• Paperback: 408 pages
• Publisher: Cisco Press (December 23, 2004)
• Language: English
• ISBN-10: 1587201216
• ISBN-13: 978-1587201219
• Product Dimensions: 8.8 x 6.9 x 1 inches
• Shipping Weight: 1.4 pounds (View shipping rates and policies)
• Average Customer Review: 5.0 out of 5 stars See all reviews (1 customer review)
• Amazon.com Sales Rank: #794,883 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

3 of 3 people found the following review helpful:

5.0 out of 5 stars A goldmine of vital information, August 7, 2005

By	Christos Partsenidis (Thessaloniki, Greece - www.Firewall.cx) - See all my reviews (REAL NAME)

Ever wished you grabbed a network security title off the shelf and found it to be comprehensive enough, covering hot topics such as security policies, risk management, top-level attacks and security threats in a non-technical manner, but without compromising quality and important information?

If so, then this is your book. Catherine Paquet, Warren Saxe and Cisco Press have managed to produce what seems to be more than just `another fine title'.

The Business Case For Network Security is a book aimed at people.

The book is well written using simple English language, allowing people of all levels to clearly understand the topics analysed. The target audience would seem to be people in a managerial position or network professionals who require basic understanding of network threats, security measures, risk assessment tools etc., without getting into the details required by a programmer or security auditor.

So what's covered?

The book has 3 main sections:
1) Vulnerabilities and Technologies
2) Human and Financial Issues
3) Policies and Future

Vulnerabilities and Technologies

The first section is certainly a favourite!

It starts by introducing the reader to the world of security by exposing the damage caused by exploits and hackers in general.

Continuing with a small yet effective analysis of `the hacker', where they come from, how they are categorised, the authors then move into the popular topic `categories of attacks'. Here are just a few illustrated and well documented attacks outlined in the book:
* Buffer Overflow and Bandwidth Consumption
* Domain Name Hijacking
* Mail Bomb
* Distributed Denial of Service Attack
* Footprinting
* Eavesdropping
* Password Attack

Even the new wireless attacks are included here, along with the famous `Social Engineering Tactics'!

The authors take the reader through ways to protect a network from these types of attacks. Virus protection, traffic filtering, encryption, content filtering, assessment and auditing are a few of the methods and tactics analysed.

Human and Financial Issues

The second section is where this wonderful book starts to really move away from your everyday security book. It discusses in detail how company managers are able to `secure' their network by enforcing policies and providing strict guidelines to their employees.

This is a topic many books fail to cover in the detail required. Some don't mention it at all. If you consider that the `human factor' still remains the greatest threat of all, then you'll understand how important this topic is. The book does a great job by not only fully covering the topic, but also providing useful information to help managers start thinking and acting accordingly.

A generous 130 pages are devoted to this section and here are a few of the topics discussed:
* Securing the Organization: Equipment and Access
* Managing the Availability and Integrity of Operations
* Mobilizing the Human Element: Creating a Secure Culture
* Determining Rules and Defining Compliance
* Ensuring a Successful Security Policy Approach
* Involving the Board
* Recognizing the Goals of the Corporation
* Outlining Methods IT Managers Can Use to Engage the Organization
* Risk Aversion and Security Topologies
* Return on Prevention: Investing in Capital Assets

We don't want to tell you all the topics, but from this sample you get the idea. Guidelines for creating policies is not something you'll find easy and most IT Managers end up turning to security companies to provide them with the information contained in this book!

Policies and Future

The last section of the book extends the policies to provide more sophisticated technical `hands-on' policies. These polices are the key elements your engineers (or you) will use to ensure your security systems and network(s) are safeguarded from the prying eyes of hackers.

The reader is given an understanding of the purposes of the various policies available and how they can be implemented. Physical security policies, access-control policies, VPN and encryption policies, Data sensitivity, retention and ethics policies are just a few.

The authors make it clear that `Security is a Living Process' and describe methodology required to ensure you're not caught off-guard by uninvited guests.

Overall the book gets the thumbs up, and is highly recommended to IT Managers, networking professionals and business executives seeking to asses their organisations risks and introduce mechanisms to protect their investments, data and integrity.

This book is a goldmine of vital information, so get out there and grab yourself a copy - you surely won't regret it!