IT Security: Risking the Corporation

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 94%)
Other sellers (Paperback)
  • All (15) from $1.99   
  • New (4) from $26.18   
  • Used (11) from $1.99   
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any coupons and promotions
Seller since 2008

Feedback rating:



New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

Brand New, Perfect Condition, Please allow 4-14 business days for delivery. 100% Money Back Guarantee, Over 1,000,000 customers served.

Ships from: Montgomery, IL

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
Seller since 2007

Feedback rating:


Condition: New

Ships from: Avenel, NJ

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
Seller since 2015

Feedback rating:


Condition: New

Ships from: Idyllwild, CA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Seller since 2008

Feedback rating:


Condition: New

Ships from: Chicago, IL

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Sort by


"Even the world's largest and most sophisticated networks are vulnerable to attack - and so is yours. The scenarios described in IT Security: Risking the Corporation expose crucial flaws in operating systems, networks, servers, and software - as well as the vulnerability caused by poor training, corporate politics, and careless management." In the previous version of this book, originally published as Intranet Security: Stories from the Trenches, Linda McCarthy drew on her experience penetrating thousands of corporate networks to identify key security risks and practical solutions. This update is even more compelling and offers a clear plan for improving the security of your systems. You'll find useful tools and preventive measures you can take right now. In addition, McCarthy's security checklists and resource listings can help you tighten security throughout your entire IT infrastructure.
Read More Show Less

Product Details

  • ISBN-13: 9780131011120
  • Publisher: Prentice Hall
  • Publication date: 2/24/2003
  • Pages: 272
  • Product dimensions: 6.90 (w) x 9.10 (h) x 0.80 (d)

Meet the Author

Linda McCarthy has worked with UNIX for over a decade, focusing primarily on security administration, hardware architecture, product development, and key management (encryption) technology. She lead a worldwide security research and development team at Sun Microsystems. She has also taught several courses at Sun, including classes in hardware architecture, system administration, and UNIX security. As part of her research Linda, has broken into thousands of systems on corporate intranets, often while posing as a new clerical worker at the company. She currently is a security consultant.

Read More Show Less

Table of Contents



About the Author.


1. Responding to Attacks.

Incident-Response Nightmare. Day 1: Unauthorized Access. Day 2: Problem Fixed. Day 3: Security Is Breached Again. Days 4 to 7: Escalating the Incident. Day 8: Too Late to Gain Evidence. Day 9: Who Was the Bad Guy? Summary: Attacks from the Inside. Let's Not Go There… Focus on Prevention. Prepare for the Worst. React Quickly and Decisively. Follow Up. Checklist. Final Words.

2. Out-of-the-Box Security.

Deal with Security Later. Day 1: False Sense of Security. Two Years Later: Noticed the Attack. + Two Weeks: The Hacker's Back. + Three Weeks: Fixing Security. The Saga Continues: The Network Remains at Risk. Summary: Would You Hire This ISP? Let's Not Go There… Know Your Risks. Avoid Out-of-the-Box Installations. Test Your Network. Know the People Who Know Your Data. Assign or Acquire Adequate Funding for Security. Don't Export Read/Write Permissions to the World. Remove Old Accounts. Test Passwords. Apply Security Patches. Follow Policies and Procedures. Work with Experts. Use Training. Checklist. Final Words.

3. Executive Support.

Executive Commitment. Day 1: Unsecured Systems. A Year Later: Unauthorized Access Continues. Summary: Take an Active Approach. Let's Not Go There… Commit to Security from the Top Down. Don't Delegate Security. Keep Levels of Management to a Minimum. Report Back to Executive Management. Set Security as a Corporate Goal. Provide or Take Training as Required. Make Sure That All Managers Understand Security. Communicate to Management Clearly. Checklist. Final Words.

4. Network Access.

Partner Connections. Day 1: Security Architecture. A Few Weeks Later: Security Installation Policy. The Next Day: Who's Responsible for Security. Over the Next 29 Days: A Hacker Gains Control. + One Month: An Unscheduled Security Test. Audit Day 1: Network Maps Tell a Lot. Audit Day 2: Unenforced Policies. The Last Audit Day: Taking Responsibility for Security. Summary: Keep the Competition Out. Let's Not Go There... Use Standard Architecture Designs. Track External Connections. Take Responsibility for Your Territory. Require Approval for External Connections. Enforce Policies and Procedures. Disable Unnecessary Services. Stress the Importance of Training. Follow Through. Don't Connect Unsecured Systems to the Internet. Checklist. Final Words.

5. Security Training.

Overlooking Training. Initial Contact: Security Testing. Day 1: Gathering Facts. Day 2: Testing the Systems. Day 3: Leaving Security Training out of the Budget. Summary: Make Sure You Fund Training. Let's Not Go There... Educate Executive Management. Protect the Security Training Budget. Make Security a Management Requirement. Make Training a System Administrator Requirement. Attend Security Seminars. Have Brown-Bag Lunches. Disseminate Security Information. Join Security Lists. Write White Papers. Write for Newsletters. Develop Tools into Products. Checklist. Final Words.

6. Unplanned Security.

Transition Plan. Day 1: Testing Security. Understanding Risk. Phase One: Physical Security. Phase Two: Getting Past Physical Controls. Phase Three: Unauthorized Access. Day 2: Personal Information at Risk. Summary: Plan Outsourcing Carefully. Let's Not Go There... Assess Risks. Classify Systems. Forbid Out-of-the-Box Installations. Don't Be Too Trusting. Learn from the Past. Target Budget Cuts. Conduct Security Testing. Hold Management Accountable. Don't Set Yourself Up. Include Training in Budgets. Keep Score. Checklist. Final Words.

7. Maintaining Security.

Responsible for Security. Day 1: Keeping The Bad Guys Out. Day 2: Firewall Administrator. Temporary Security. Management and Security. Being Serious about Supporting Security. My Last Day: Attitudes Can Tell A Lot. Summary: Ask Not What Your Company's Security Can Do for You. Let's Not Go There... Define Roles and Responsibilities. Develop Firewall Policies and Procedures. Feed Your Firewall. Read Your Audit Logs. Use Detection Software. Respond Quickly! Require Proof of Security. Conduct Audits. Get Educated. Checklist. Final Words.

8. Internal Network Security.

Unsafe Network. In the Beginning: Bypassing the Corporate Network. Day 1: Collecting Evidence. Day 2: System Administrators Versus the Security Team. Who Owns Security. Transferring Responsibility. Summary: Security Is the Casualty of War. Let's Not Go There… Put Someone in Charge of Policies and Procedures. Delineate Cross-Organizational Security Support. Don't Wait for Miracles. Question Processes. Know When to Cry “Uncle”. Be Responsible. Checklist. Final Words.

9. Outsourcing Security.

Forget Security? Day 1: Taking a Look at Security Controls. Day 2: Network Connections. Amazing Security Mistakes. Untrained and Inexperienced Support. Days 3 and 4: Does Management Understand? Summary: Outsourced Systems Must Be Secured. Let's Not Go There… Conduct Security Assessments. Do It Right. Do It Regularly. Fix the Problems You Find. Don't Use the Sink-or-Swim Approach. Checklist. Final Words.

10. Unsecure Email.

Email or See Mail? Personal Data Accessed. Summary: You Have the Right to Waive Your Right to Privacy. Let's Not Go There... Use Encryption! Encourage Your Company to Encrypt. Add Encryption to Your Security Budget. Watch for Other Email Hazards. Final Words.

11. Looking Back: What's Next?

Risking the Corporation. Legal Duties to Protect Information and Networks. Business Initiatives and Corporate Goals. Threats Require Action.

12. A Hacker's Walk Through the Network.

A Hacker's Profile. The Real Hackers. About Those Tools. Walking with the Hacker. What the Hacker Was Doing…


Appendix A. People and Products to Know.




Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)