La Securite Des Acces Mobiles Au Dela Du Byod

La sécurité des accès mobiles : au-delà du BYOD

Author : ASSING Dominique

Publisher : Lavoisier

Page : 274 pages

File Size : 12,66 MB

Release : 2012-09-18

Category :

ISBN : 2746289253

Get eBook

Book Description

Au cours des dernières années, les équipements mobiles permettant de se connecter à distance au réseau d’entreprise (smartphones, ordinateurs ultraportables…) ont connu une croissance fulgurante. Les perspectives futures de développement et les nouvelles pratiques comme le BYOD (bring your own device) exposent plus que jamais le système d’information d’entreprise à des menaces d’origines diverses. La maîtrise de la sécurité des accès mobiles devient un enjeu stratégique pour l’entreprise. Cet ouvrage didactique présente un panorama des risques pesant sur les accès à distance. L’exemple concret d’un utilisateur lambda et des différentes attaques subies lors d’une « journée ordinaire » sensibilise le lecteur aux défenses standard et spécifiques qui existent pour le protéger. Le domaine de la sécurité n’étant pas uniquement lié aux seuls aspects techniques, le lien entre ces différentes recommandations et l’une des principales approches méthodologiques en la matière (ISO/IEC 27002) est également exposé.



Mobile Access Safety

Author : Dominique Assing

Publisher : John Wiley & Sons

Page : 225 pages

File Size : 10,22 MB

Release : 2013-02-05

Category : Technology & Engineering

ISBN : 1118577981

Get eBook

Book Description

Over recent years, the amount of mobile equipment that needs to be connected to corporate networks remotely (smartphones, laptops, etc.) has increased rapidly. Innovative development perspectives and new tendencies such as BYOD (bring your own device) are exposing business information systems more than ever to various compromising threats. The safety control of remote access has become a strategic issue for all companies. This book reviews all the threats weighing on these remote access points, as well as the existing standards and specific countermeasures to protect companies, from both the technical and organizational points of view. It also reminds us that the organization of safety is a key element in the implementation of an efficient system of countermeasures as well. The authors also discuss the novelty of BYOD, its dangers and how to face them. Contents 1. An Ordinary Day in the Life of Mr. Rowley, or the Dangers of Virtualization and Mobility. 2.Threats and Attacks. 3. Technological Countermeasures. 4. Technological Countermeasures for Remote Access. 5. What Should Have Been Done to Make Sure Mr Rowley’s Day Really Was Ordinary. About the Authors Dominique Assing is a senior security consultant and a specialist in the management and security of information systems in the banking and stock markets sectors. As a security architect and risk manager, he has made information security his field of expertise. Stephane Calé is security manager (CISSP) for a major automobile manufacturer and has more than 15 years of experience of putting in place telecommunications and security infrastructures in an international context.



Protection des données sur Internet

Author : LE GUYADER Patrick

Publisher : Lavoisier

Page : 274 pages

File Size : 40,62 MB

Release : 2013-01-01

Category : Data protection

ISBN : 2746295083

Get eBook

Book Description

La cybercriminalité croissante atteste de la difficulté de trouver un juste équilibre entre la sécurité, la protection de la vie privée et la liberté de naviguer sur le web. Cet ouvrage expose les menaces de confidentialité qui pèsent sur les technologies fixes et mobiles, plus particulièrement au niveau de la protection des données personnelles, qu’elles soient fournies volontairement par l’utilisateur ou recueillies à son insu. Illustré d’exemples et de décisions jurisprudentielles, il décline également l'ensemble des législations nationales et internationales destinées à protéger l’internaute tout en assurant l’ordre public. Enfin, ce livre énonce les règles de bonne conduite et alerte le lecteur sur les pièges dont il peut faire l’objet sur Internet.



Computer Security

Author : William Stallings

Publisher : Pearson Higher Ed

Page : 817 pages

File Size : 18,40 MB

Release : 2012-02-28

Category : Computers

ISBN : 0133072630

Get eBook

Book Description

This is the eBook of the printed book and may not include any media, website access codes, or print supplements that may come packaged with the bound book. Computer Security: Principles and Practice, 2e, is ideal for courses in Computer/Network Security. In recent years, the need for education in computer security and related topics has grown dramatically – and is essential for anyone studying Computer Science or Computer Engineering. This is the only text available to provide integrated, comprehensive, up-to-date coverage of the broad range of topics in this subject. In addition to an extensive pedagogical program, the book provides unparalleled support for both research and modeling projects, giving students a broader perspective. The Text and Academic Authors Association named Computer Security: Principles and Practice, 1e, the winner of the Textbook Excellence Award for the best Computer Science textbook of 2008.



ON/OFF

Author : Sarah Genner

Publisher : vdf Hochschulverlag AG

Page : 231 pages

File Size : 46,92 MB

Release : 2017-01-03

Category : Computers

ISBN : 3728137995

Get eBook

Book Description

Are you constantly online? Or are you offline sometimes? Are you offline if you are not interacting with your connected devices? Or if no data about you is being collected? Do you check Instagram and Twitter during dinner? Do you turn off your smartphone at night? Do you check work emails on vacation? Do you feel you have to disconnect regularly – to relax, to concentrate, or to protect your privacy? Or do you feel more relaxed when constantly connected because your loved ones, a work emergency, or the news are always at your fingertips? Why are some people – even within networked societies – still completely offline given the tremendous opportunities of the Internet? And what does it even mean to be online or offline in the age of hyper-connectivity? In ON/OFF, Sarah Genner assesses the risks and rewards of the anytime-anywhere Internet, focusing on digital divides, social relationships, physical and mental health, and data privacy. She discusses implications for a variety of decision-makers in the world of work, in education, in families, and in politics. The author deconstructs the online/offline dichotomy and suggests the ON/OFF scale as a new theoretical framework for researchers and practitioners.



Guidelines on Firewalls and Firewall Policy

Author : Karen Scarfone

Publisher : DIANE Publishing

Page : 50 pages

File Size : 48,15 MB

Release : 2010-03

Category : Computers

ISBN : 1437926029

Get eBook

Book Description

This updated report provides an overview of firewall technology, and helps organizations plan for and implement effective firewalls. It explains the technical features of firewalls, the types of firewalls that are available for implementation by organizations, and their security capabilities. Organizations are advised on the placement of firewalls within the network architecture, and on the selection, implementation, testing, and management of firewalls. Other issues covered in detail are the development of firewall policies, and recommendations on the types of network traffic that should be prohibited. The appendices contain helpful supporting material, including a glossary and lists of acronyms and abreviations; and listings of in-print and online resources. Illus.



The Cyber Risk Handbook

Author : Domenic Antonucci

Publisher : John Wiley & Sons

Page : 442 pages

File Size : 12,86 MB

Release : 2017-05-01

Category : Business & Economics

ISBN : 1119308801

Get eBook

Book Description

Actionable guidance and expert perspective for real-world cybersecurity The Cyber Risk Handbook is the practitioner's guide to implementing, measuring and improving the counter-cyber capabilities of the modern enterprise. The first resource of its kind, this book provides authoritative guidance for real-world situations, and cross-functional solutions for enterprise-wide improvement. Beginning with an overview of counter-cyber evolution, the discussion quickly turns practical with design and implementation guidance for the range of capabilities expected of a robust cyber risk management system that is integrated with the enterprise risk management (ERM) system. Expert contributors from around the globe weigh in on specialized topics with tools and techniques to help any type or size of organization create a robust system tailored to its needs. Chapter summaries of required capabilities are aggregated to provide a new cyber risk maturity model used to benchmark capabilities and to road-map gap-improvement. Cyber risk is a fast-growing enterprise risk, not just an IT risk. Yet seldom is guidance provided as to what this means. This book is the first to tackle in detail those enterprise-wide capabilities expected by Board, CEO and Internal Audit, of the diverse executive management functions that need to team up with the Information Security function in order to provide integrated solutions. Learn how cyber risk management can be integrated to better protect your enterprise Design and benchmark new and improved practical counter-cyber capabilities Examine planning and implementation approaches, models, methods, and more Adopt a new cyber risk maturity model tailored to your enterprise needs The need to manage cyber risk across the enterprise—inclusive of the IT operations—is a growing concern as massive data breaches make the news on an alarmingly frequent basis. With a cyber risk management system now a business-necessary requirement, practitioners need to assess the effectiveness of their current system, and measure its gap-improvement over time in response to a dynamic and fast-moving threat landscape. The Cyber Risk Handbook brings the world's best thinking to bear on aligning that system to the enterprise and vice-a-versa. Every functional head of any organization must have a copy at-hand to understand their role in achieving that alignment.



Privileged Attack Vectors

Author : Morey J. Haber

Publisher : Apress

Page : 403 pages

File Size : 49,80 MB

Release : 2020-06-13

Category : Computers

ISBN : 1484259149

Get eBook

Book Description

See how privileges, insecure passwords, administrative rights, and remote access can be combined as an attack vector to breach any organization. Cyber attacks continue to increase in volume and sophistication. It is not a matter of if, but when, your organization will be breached. Threat actors target the path of least resistance: users and their privileges. In decades past, an entire enterprise might be sufficiently managed through just a handful of credentials. Today’s environmental complexity has seen an explosion of privileged credentials for many different account types such as domain and local administrators, operating systems (Windows, Unix, Linux, macOS, etc.), directory services, databases, applications, cloud instances, networking hardware, Internet of Things (IoT), social media, and so many more. When unmanaged, these privileged credentials pose a significant threat from external hackers and insider threats. We are experiencing an expanding universe of privileged accounts almost everywhere. There is no one solution or strategy to provide the protection you need against all vectors and stages of an attack. And while some new and innovative products will help protect against or detect against a privilege attack, they are not guaranteed to stop 100% of malicious activity. The volume and frequency of privilege-based attacks continues to increase and test the limits of existing security controls and solution implementations. Privileged Attack Vectors details the risks associated with poor privilege management, the techniques that threat actors leverage, and the defensive measures that organizations should adopt to protect against an incident, protect against lateral movement, and improve the ability to detect malicious activity due to the inappropriate usage of privileged credentials. This revised and expanded second edition covers new attack vectors, has updated definitions for privileged access management (PAM), new strategies for defense, tested empirical steps for a successful implementation, and includes new disciplines for least privilege endpoint management and privileged remote access. What You Will Learn Know how identities, accounts, credentials, passwords, and exploits can be leveraged to escalate privileges during an attack Implement defensive and monitoring strategies to mitigate privilege threats and risk Understand a 10-step universal privilege management implementation plan to guide you through a successful privilege access management journeyDevelop a comprehensive model for documenting risk, compliance, and reporting based on privilege session activity Who This Book Is For Security management professionals, new security professionals, and auditors looking to understand and solve privilege access management problems





Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Author : John Soldatos

Publisher :

Page : 450 pages

File Size : 35,22 MB

Release : 2020-06-30

Category :

ISBN : 9781680836868

Get eBook

Book Description

Modern critical infrastructures comprise of many interconnected cyber and physical assets, and as such are large scale cyber-physical systems. Hence, the conventional approach of securing these infrastructures by addressing cyber security and physical security separately is no longer effective. Rather more integrated approaches that address the security of cyber and physical assets at the same time are required. This book presents integrated (i.e. cyber and physical) security approaches and technologies for the critical infrastructures that underpin our societies. Specifically, it introduces advanced techniques for threat detection, risk assessment and security information sharing, based on leading edge technologies like machine learning, security knowledge modelling, IoT security and distributed ledger infrastructures. Likewise, it presets how established security technologies like Security Information and Event Management (SIEM), pen-testing, vulnerability assessment and security data analytics can be used in the context of integrated Critical Infrastructure Protection. The novel methods and techniques of the book are exemplified in case studies involving critical infrastructures in four industrial sectors, namely finance, healthcare, energy and communications. The peculiarities of critical infrastructure protection in each one of these sectors is discussed and addressed based on sector-specific solutions. The advent of the fourth industrial revolution (Industry 4.0) is expected to increase the cyber-physical nature of critical infrastructures as well as their interconnection in the scope of sectorial and cross-sector value chains. Therefore, the demand for solutions that foster the interplay between cyber and physical security, and enable Cyber-Physical Threat Intelligence is likely to explode. In this book, we have shed light on the structure of such integrated security systems, as well as on the technologies that will underpin their operation. We hope that Security and Critical Infrastructure Protection stakeholders will find the book useful when planning their future security strategies.