Securing e-business systems : a guide for managers and executives / Timothy Braithwaite.

Includes bibliographic references and index.

Preface. Chapter 1 Electronic Business Systems Security.--Introduction.-- How Is E-Business Security Defined?.-- Can E-Business Security Be Explained More Simply?.-- Is E-Business Security Really Such a Big Deal?.-- Is E-Business Security More Important Than Other Information Technology Initiatives?.-- How Does an Organization Get Started?.-- Instead of Playing "Catch-Up," What Should an Organization Be Doing to Design E-Business Systems That Are Secure in the First Place?.-- Chapter 2 E-Business Systems and Infrastructure Support Issues.-- Introduction.-- E-Business Defined. A Short History of E-Business Innovations.-- The Need for Secure E-Business Systems. Software: The Vulnerable Underbelly of Computing.-- The Interoperability Challenge and E-Business Success. E-Business Security: An Exercise in Trade-Offs.-- Few Systems Are Designed to Be Secure. Conclusion.-- Chapter 3 Security Weaknesses in E-Business Infrastructure and "Best Practices" Security.-- Introduction.-- Fundamental Technical Security Threats.-- The Guiding Principles of Protection. "Best Practice" Prevention, Detection, and Countermeasures and Recovery Techniques.-- Chapter 4 Managing E-Business Systems and Security.-- Introduction.-- Part One: Misconceptions and Questionable Assumptions.-- Part Two: Managing E-Business Systems as a Corporate Asset.-- Part Three: E-Business Security Program Management. Chapter 5 A "Just-in-Time" Strategy for Securing the E-Business System: The Role for Security Monitoring and Incident Response. The Current State of E-Business Security. Standard Requirements of an E-Business Security Strategy. A New Security Strategy. --The Crucial Role of Security Monitoring and Incident Response to the Securing of E-Business Systems.-- The Current State of Intrusion Detection Systems (IDS).-- Defining a Cost-Effective Security Monitoring and Incident Response Capability.-- Alternatives to Building "Your Own" Security Monitoring and Incident Response Capability.-- Summary.-- Chapter 6 Designing and Delivering Secured E-Business Application Systems. Introduction.-- Past Development Realities.-- Contemporary Development Realities.-- Developing Secured E-Business Systems.-- Using the SDR Framework. Choosing a Systems Development Methodology That Is Compatible with the SDR Framework.-- Participants in the Identification of Security and Integrity Controls.-- Importance of Automated Tools.-- A Cautionary Word About New Technologies.-- Summary and Conclusions.-- Chapter 7 Justifying E-Business Security and the Security Management Program.-- Introduction.-- The "Quantifiable" Argument. Emerging "Nonquantifiable" Arguments.-- Benefits Justifications Must Cover Security Program Administration.-- Conclusion.-- Chapter 8 Computers, Software, Security, and Issues of Liability.-- Evolving Theories of Responsibility.-- Likely Scenarios. How Might a Liability Case Unfold? Questions to Be Asked to Ensure That Reasonable Care Has Been Taken in Developing a Secure E-Business System.-- Chapter 9 The National Critical Infrastructure Protection (CIP) Initiative.-- The Problem of Dependency. Critical Infrastructure Protection (CIP) Purpose, Directives, Organizations, and Relationships.-- Frequently Asked Questions About the IT-ISAC.-- Critical Information Infrastructure Protection Issues that Need Resolution.-- Appendix A: Y2K Lessons Learned and Their Importance for E-Business Security.-- Appendix B: Systems Development Review Framework for E-Business Development Projects. Appendix C: A Corporate Plan of Action for Securing E-Business Systems (Sample).-- Appendix D: E-Business Risk Management Review Model Instructions for Use.-- Appendix E: Resources Guide.-- Index.

A must-read for CXO community. It introduces methodologies to attack the cyber threat against business systems. Offers a new model for developing a proactive program security administration that works as a continuous process of identifying weaknesses and implementing solutions