Prepare yourself for any type of audit and minimise security findings
It follows a lifecycle approach to information security by understanding:
â— Why we need Information security
â— How we can implement
â— How to operate securely and maintain a secure posture
â— How to face audits
This book is a guide for Network professionals to understand real-world information security scenarios. It offers a systematic approach to prepare for security assessments including process security audits, technical security audits and Penetration tests. This book aims at training pre-emptive security to network professionals in order to improve their understanding of security infrastructure and policies.
With our network being exposed to a whole plethora of security threats, all technical and non-technical people are expected to be aware of security processes. Every security assessment (technical/ non-technical) leads to new findings and the cycle continues after every audit. This book explains the auditor’s process and expectations.
What will you learn
â— This book is solely focused on aspects of Information security that Network professionals (Network engineer, manager and trainee) need to deal with, for different types of Audits.
â— Information Security Basics, security concepts in detail, threat
â— Securing the Network focuses on network security design aspects and how policies influence network design decisions.
â— Secure Operations is all about incorporating security in Network operations.
â— Managing Audits is the real test.
Who this book is for
IT Heads, Network managers, Network planning engineers, Network Operation engineer or anybody interested in understanding holistic network security.
Table of Contents
1. Basics of Information Security
2. Threat Paradigm
3. Information Security Controls
4. Decoding Policies Standards Procedures & Guidelines
5. Network security design
6. Know your assets
7. Implementing Network Security
8. Secure Change Management
9. Vulnerability and Risk Management
10. Access Control
11. Capacity Management
12. Log Management
13. Network Monitoring
14. Information Security Audit
15. Technical Compliance Audit
16. Penetration Testing
About the Author
Neha Saxena is currently teaching at Symbiosis International (Deemed University) as guest faculty and working as a Freelance security consultant with various organizations.
She has previously worked with HP Singapore, Etihad airways Abu Dhabi, Quadrant Risk Management Dubai, Noor Islamic bank Dubai as Information security Officer (ISO), Senior Consultant and Team Lead. Her recently concluded projects include ISO27001 audit preparation for one of Dubai’s government subsidiary and Process Gap assessment at a Bank in Abu Dhabi.
During her tenure at various jobs she wore many hats including Pen Tester, Application security assessor, Security Trainer, ISO27001 Implementer etc. Later on she moved to leading Audit and Compliance team. Currently she enjoys the thrill of challenges posed by doing different type of security/ teaching assignments as well as flexibility of working as a Freelancer. She takes each project as an opportunity to learn new things, new environment and meet interesting people around the world.
She holds a Master’s degree in Computer Applications from Symbiosis International (Deemed University). She resides with her family in Pune, India currently. When not working she indulges herself in reading books, watching movies & paranormal/fantasy TV series, yoga and meditation.