|
|
|
|
LEADER |
06372nmm a2200469 u 4500 |
001 |
EB001944413 |
003 |
EBX01000000000000001107315 |
005 |
00000000000000.0 |
007 |
cr||||||||||||||||||||| |
008 |
210123 ||| eng |
020 |
|
|
|a 0071772510
|
020 |
|
|
|a 9780071772518
|
020 |
|
|
|a 9781280998638
|
020 |
|
|
|a 6613770248
|
020 |
|
|
|a 9786613770240
|
020 |
|
|
|a 1280998636
|
020 |
|
|
|a 0071772529
|
050 |
|
4 |
|a QA76.9.A25
|
100 |
1 |
|
|a Witte, Greg
|
245 |
0 |
0 |
|a Security automation essentials
|b streamlined enterprise security management & monitoring with SCAP
|c Greg Witte, Melanie Cook, Matt Kerr, Shane Shaffer
|
260 |
|
|
|a New York
|b McGraw-Hill
|c 2012
|
300 |
|
|
|a xviii, 269 pages
|b illustrations
|
505 |
0 |
|
|a Putting It All Together -- Chapter 4: Asset Management -- Asset Identification -- Literal and Synthetic Identifiers -- Correlation -- AI Elements -- Helper Elements -- Asset Reporting Format -- Relationship Terms -- ARF Example -- Assessment Summary Results -- System-Ident Model -- Chapter 5: Enumerations -- Automation Enumerations and Their Purposes -- Enumerations Included in SCAP -- Common Configuration Enumeration -- CCE History -- The Purpose of CCE -- CCE Entries -- CCE Submission Process -- CC E and the National Vulnerability Database -- Common Platform Enumeration -- The New CPE 2.3 Stack -- Common Vulnerability and Exposures -- The Birth of CVE -- CVE Editorial Board -- CVE Identifiers -- Common Vulnerability Scoring System -- Other Related Enumerations and Expressions -- Common Weakness Enumeration -- Common Attack Pattern Enumeration and Classification -- Common Malware Enumeration -- Common Event Expression -- Distributed Audit Service -- Common Remediation Enumeration -- Chapter 6: SCAP Vulnerability Measurement -- Common Vulnerability Scoring System -- CVSS History -- CVSS Use Cases -- Vulnerability Characteristics -- CVSS Scoring -- Base Scoring -- Temporal Scores -- Environmental Scores -- Base, Temporal, Environmental Vectors -- CVSS Equations -- Your Mileage May Vary -- Common Vulnerability Reporting Framework (CVRF) -- Common Misuse Scoring System (CMSS) -- Common Configuration Scoring System -- Vulnerability Management in the Enterprise -- Part III: Putting It All Together -- Chapter 7: Building Automated Security Content -- Working with Files -- XML Editors -- Content Maintenance Tools -- Enhanced SCAP Editor (eSCAPe) -- The eSCAPe Wizards -- Opening and Navigating an SCAP Data Stream -- Example: Finding Malware with SCAP -- Example: Creating Content to Check for Malicious File -- Using the Regex Validator Tool
|
505 |
0 |
|
|a Using the Merge OVAL Documents Tool -- Some Useful Tips for Creating Content -- Explain Yourself -- Make Sure It Works -- Version Your Artifacts -- Reuse of Artifacts -- Content Correctness -- Least Version Principle -- Design for People -- Follow the Rules of the Road -- Minimize Extension Depth -- Granularity -- Customization -- Performance -- Regular Expressions -- Chapter 8: Putting Security Automation to Work in the Enterprise -- How Organizations Are Using Security Automation -- Automated Hardware and Software Inventory -- Security Configuration Management (SCM) -- OpenSCAP Security Automation Software in Linux Distributions -- Use of Security Automation to Track Management and Operational Security -- Security Automation to Discover Malicious Software -- Continuous Monitoring by Integrating Security Systems -- Device Health Monitoring -- Building a Healthy and Resilient Cyber Ecosystem -- Chapter 9: Conclusion -- The Road Ahead -- Appendix: XCCDF, OVAL, OCIL, and Supporting Enumerations Usage -- Index
|
505 |
0 |
|
|a Intro -- Security Automation Essentials -- About the Authors -- About the Technical Editor -- Contents at a Glance -- Contents -- Foreword -- Acknowledgments -- Introduction -- Why This Book? -- Who Should Read This Book -- What This Book Covers -- How to Use This Book -- How Is This Book Organized? -- Part I: Security Automation Essentials -- Chapter 1: The Security Management Problem -- Security Management Challenges -- The Number and Variety of Systems and Software to Secure -- The Need for Continuous Security Management -- The Need for a Comprehensive Picture of Enterprise Security -- The Need for Standardization in Security -- Security Requirements from Regulations and Other Sources -- The Security Automation Solution -- Security Automation Basics -- Knowledge About Individual Security Elements -- Using Checklists to Achieve Compliance -- The Evolution of Security Automation Technologies and Standards -- Enumeration Standards -- Language Standards -- Risk Measurement Standards -- Chapter 2: What Is SCAP? -- The History of SCAP -- The Parts of SCAP -- Component Specifications -- How the SCAP Component Specifications Fit Together -- The SCAP Protocol -- SCAP Content -- The Value of SCAP -- Inventorying Installed Software -- Identifying Security Issues -- Monitoring the Security State -- Security Measures and Metrics -- Quantifying Risk -- Fostering Common Terminology -- Part II: Using SCAP -- Chapter 3: SCAP Checklist and Check Languages -- Extensible Checklist Configuration Description Format -- Data Model and Syntax -- Benchmark -- Items -- Profile -- TestResult -- Open Vulnerability and Assessment Language -- Data Model -- Generator -- Definition -- Test -- Object -- State -- Variables -- OVAL Results -- Open Checklist Interactive Language -- OCIL Data Model -- Questions -- Question_Test_Action Elements -- Questionnaires
|
653 |
|
|
|a Computer security / Management
|
653 |
|
|
|a Computer networks / Security measures / Standards / fast
|
653 |
|
|
|a SCAP (Protocole de réseaux d'ordinateurs)
|
653 |
|
|
|a Sécurité informatique / Gestion
|
653 |
|
|
|a Computer networks / Security measures / Standards
|
653 |
|
|
|a SCAP (Computer network protocol) / http://id.loc.gov/authorities/subjects/sh2012003008
|
653 |
|
|
|a Computer security / Management / fast
|
653 |
|
|
|a Réseaux d'ordinateurs / Sécurité / Mesures / Normes
|
653 |
|
|
|a SCAP (Computer network protocol) / fast
|
041 |
0 |
7 |
|a eng
|2 ISO 639-2
|
989 |
|
|
|b OREILLY
|a O'Reilly
|
500 |
|
|
|a Includes index
|
856 |
4 |
0 |
|u https://learning.oreilly.com/library/view/~/9780071772518/?ar
|x Verlag
|3 Volltext
|
082 |
0 |
|
|a 331
|
082 |
0 |
|
|a 658
|
082 |
0 |
|
|a 005.8
|
520 |
|
|
|a Annotation
|