Offers a formal framework for finding and eliminating network security threats. This title focuses on the steps necessary to manage an assessment, including the development of a scope statement, the understanding and use of assessment methodology, the creation of an assessment team, and the production of a response report.

Introduction Information Security Lifecycle Network Vulnerability Assessment Do I Need to be a Technical Expert to Run an NVA? What Level of Skill Is Needed? Which Specific Skills Are Needed? Can One Person Run an NVA? Introduction to Vulnerability Assessment Goals of Vulnerability Assessment How Many Trees Should Die to Generate This Type of Report? What Are Vulnerabilities? Classes of Vulnerabilities Elements of a Good Vulnerability Assessment Project Scoping General Scoping Practices Developing the Project Overview Statement Developing the Project Scope Project Scope Document Project Scope Change Summary Assessing Current Network Concerns Network Vulnerability Assessment Timeline Network Vulnerability Assessment Team (NVAT) Threats to Computer Systems Other Concerns Additional Threats Prioritizing Risks and Threats Other Considerations Checklists Summary Network Vulnerability Assessment Methodology Methodology Purpose Definitions Justification Philosophy Top-Down Examination Bottom-Up Examination Network Vulnerability Assessment Methodology The NVA Process (Step-by-Step) Summary Policy Review (Top-Down) Methodology Definitions Policy Review Elements Summary Technical (Bottom-Up) Step 1: Site Survey Step 2: Develop a Test Plan Step 3: Building the Toolkit Step 4: Conduct the Assessment Step 5: Analysis Step 6: Documentation Summary Network Vulnerability Assessment Sample Report Table of Executive Summary Body of the NVA Report Summary Summary Appendixes ISO17799 Self-Assessment Checklist Window NT Server 4.0 Checklist Network Vulnerability Assessment Checklist Pre-NVA Checklist Sample NVA Report NIST Special Publications Glossary of Terms

"Readers will find detailed definitions, thorough explanations, step-by-step procedures, and sample reports to guide them through a network vulnerability assessment (NVA). … [The book] is clear and easy to read, conveying the authors' outstanding grasp of the material. Despite the extremely detailed content, the presentation is not too technical or confusing. Numerous graphs, sample reports, and computer illustrations effectively support the text. … Of the many readers who would benefit from this work, security managers responsible for computer protection will learn how to conduct an NVA. IT professionals will benefit from the exposure to detailed security concepts and procedures. Finally, college instructors and students will find that the work serves as an excellent educational resource." - Security Management, Sept. 2004Promo Copy