The Business Case for Network Security: Advocacy, Governance, and ROI


Understand the total cost of ownership and return on investment for network security solutions

  • Understand what motivates hackers and how to classify threats
  • Learn how to recognize common vulnerabilities and common types of attacks
  • Examine modern day security systems, devices, and mitigation techniques
  • ...
See more details below
Available through our Marketplace sellers.
Other sellers (Paperback)
  • All (13) from $1.99   
  • New (4) from $19.98   
  • Used (9) from $1.99   
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any coupons and promotions
Seller since 2005

Feedback rating:



New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

2005 Softcover New

Ships from: Portland, OR

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Seller since 2007

Feedback rating:


Condition: New

Ships from: Avenel, NJ

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
Seller since 2014

Feedback rating:


Condition: New

Ships from: Idyllwild, CA

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Seller since 2010

Feedback rating:


Condition: New
12-13-04 other 1 BRAND NEW! ONLY Expedited orders are shipped with tracking number! *WE DO NOT SHIP TO PO BOX* Please allow up to 14 days delivery for order with standard ... shipping. SHIPPED FROM MULTIPLE LOCATIONS. Read more Show Less

Ships from: San Jose, CA

Usually ships in 1-2 business days

  • Canadian
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Page 1 of 1
Showing All
Sort by
Sending request ...


Understand the total cost of ownership and return on investment for network security solutions

  • Understand what motivates hackers and how to classify threats
  • Learn how to recognize common vulnerabilities and common types of attacks
  • Examine modern day security systems, devices, and mitigation techniques
  • Integrate policies and personnel with security equipment to effectively lessen security risks
  • Analyze the greater implications of security breaches facing corporations and executives today
  • Understand the governance aspects of network security to help implement a climate of change throughout your organization
  • Learn how to qualify your organization’s aversion to risk
  • Quantify the hard costs of attacks versus the cost of security technology investment to determine ROI
  • Learn the essential elements of security policy development and how to continually assess security needs and vulnerabilities

The Business Case for Network Security: Advocacy, Governance, and ROI addresses the needs of networking professionals and business executives who seek to assess their organization’s risks and objectively quantify both costs and cost savings related to network security technology investments. This book covers the latest topics in network attacks and security. It includes a detailed security-minded examination of return on investment (ROI) and associated financial methodologies that yield both objective and subjective data. The book also introduces and explores the concept of return on prevention (ROP) and discusses the greater implications currently facing corporations, including governance and the fundamental importance of security, for senior executives and the board.

Making technical issues accessible, this book presents an overview of security technologies that uses a holistic and objective model to quantify issues such as ROI, total cost of ownership (TCO), and risk tolerance. This book explores capital expenditures and fixed and variable costs, such as maintenance and upgrades, to determine a realistic TCO figure, which in turn is used as the foundation in calculating ROI. The importance of security policies addressing such issues as Internet usage, remote-access usage, and incident reporting is also discussed, acknowledging that the most comprehensive security equipment will not protect an organization if it is poorly configured, implemented, or used. Quick reference sheets and worksheets, included in the appendixes, provide technology reviews and allow financial modeling exercises to be performed easily.

An essential IT security-investing tool written from a business management perspective, The Business Case for Network Security: Advocacy, Governance, and ROI helps you determine the effective ROP for your business.

This volume is in the Network Business Series offered by Cisco Press®. Books in this series provide IT executives, decision makers, and networking professionals with pertinent information about today’s most important technologies and business strategies.

Read More Show Less

Product Details

  • ISBN-13: 9781587201219
  • Publisher: Cisco Press
  • Publication date: 12/23/2004
  • Series: Network Business Series
  • Pages: 408
  • Product dimensions: 6.95 (w) x 8.88 (h) x 0.92 (d)

Meet the Author

Catherine Paquet is a freelancer in the field of internetworking and return on security investment. Catherine has in-depth knowledge of security systems, remote access, and routing technology. She is a Cisco Certified Security Professional (CCSP™) and a Cisco Certified Network Professional (CCNP®). Her internetworking career started as a LAN manager; she then moved to MAN manager and eventually became the nationwide WAN manager. Catherine was also a certified Cisco Systems instructor with the largest Cisco® training partner, serving as the course director/ master instructor for security and remote access courses. Most recently she held the position of director of technical resources for Canada, where she was responsible for instructor corps and equipment offerings, including Cisco courses. In 2002 and 2003, Catherine volunteered with the UN mission in Kabul, Afghanistan, to train Afghan public servants in the area of networking. Catherine has an MBA with a major in management information systems (MIS).

Catherine coauthored the Cisco Press books Building Scalable Cisco Networks, CCNP Self-Study: Building Scalable Cisco Internetworks (BSCI), and CCNP Self-Study: Building Scalable Cisco Internetworks (BSCI), Second Edition, and she edited Building Cisco Remote Access Networks.

Warren Saxe has an extensive background in profit and loss (P&L) management as general manager for a Fortune 1000 semiconductor distributor. As a top- and bottom-line-focused senior manager, he brings a unique perspective to this business decision maker—oriented book. He applies an overriding business strategy to drive IT decisions by utilizing a value-driven approach. He has extensive background in sales management, marketing management, and demand creation fundamentals. He directed a large multidisciplinary team composed of managers, engineers, sales, and marketing professionals. He was responsible for strategic and tactical planning, and he negotiated directly with CxO-level executives, both internally and with customers across many industries. He is currently focusing in the areas of security governance, risk management, and return on security investment planning. He earned his degree at McGill University.

Read More Show Less

Table of Contents



1. Hackers and Threats.

Contending with Vulnerability

Realizing Value in Security Audits

Analyzing Hacking

Assessing Vulnerability and Response

Hackers: Motivation and Characteristics

The Enemy Within: Maliciousness and Sloppiness

Threats Classification

The Future of Hacking and Security


End Notes

2. Crucial Need for Security: Vulnerabilities and Attacks.

Recognizing Vulnerabilities

Design Vulnerabilities Issues

Human Vulnerability Issues

Implementation Vulnerability Issues

Categories of Attacks

The Human Component in Attacks

Reconnaissance Attacks

Access Attacks

Denial of Service Attacks

Additional Common Attacks


Scanning and System Detailing


Password Attacks


Trust Exploitation

Software and Protocol Exploitation



Trojan Horses

Attack Trends

Wireless Intrusions

Wireless Eavesdropping

Man-in-the-Middle Wireless Attacks

Walk-By Hacking

Drive-By Spamming

Wireless Denial of Service

Frequency Jamming

The Hapless Road Warrior

Social Engineering

Examples of Social Engineering Tactics

Summary of Attacks

Cisco SAFE Axioms

Routers Are Targets

Switches Are Targets

Hosts Are Targets

Networks Are Targets

Applications Are Targets


3. Security Technology and Related Equipment.

Virus Protection

Traffic Filtering

Basic Filtering

Advanced Filtering

Filtering Summary


Encrypted VPN

SSL Encryption

File Encryption

Authentication, Authorization, and Accounting: AAA




Public Key Infrastructure

From Detection to Prevention: Intrusion-Detection Systems and Intrusion-Prevention Systems

IDS Overview

Network- and Host-Based IDS

IPS Overview

Target-Based IDS

Content Filtering

URL Filtering

E-Mail Content Filtering

Assessment and Audit

Assessment Tools

Audit Tools

Additional Mitigation Methods

Self-Defending Networks

Stopping a Worm with Network-Based Application Recognition

Automated Patch Management

Notebook Privacy Filter


End Notes

4. Putting It All Together: Threats and Security Equipment.

Threats, Targets, and Trends

Lowering Risk Exposure

Security Topologies

SAFE Blueprints

SAFE Architecture

Using SAFE



5. Policy, Personnel, and Equipment as Security Enablers.

Securing the Organization: Equipment and Access

Job Categories

Departing Employees

Password Sanctity


Managing the Availability and Integrity of Operations

Implementing New Software and Privacy Concerns

Custom and Vendor-Supplied Software

Sending Data: Privacy and Encryption Considerations

Regulating Interactivity Through Information and Equipment Control

Determining Levels of Confidentiality

Inventory Control: Logging and Tagging

Mobilizing the Human Element: Creating a Secure Culture

Employee Involvement

Management Involvement: Steering Committee

Creating Guidelines Through the Establishment of Procedural Requirements

Policy Fundamentals

Determining Ownership

Determining Rules and Defining Compliance

Corporate Compliance

User Compliance

Securing the Future: Business Continuity Planning

Ensuring a Successful Security Policy Approach

Security Is a Learned Behavior

Inviting the Unknown

Avoiding a Fall into the Safety Trap

Accounting for the Unaccountable

Workflow Considerations

Striving to Make Security Policies More Efficient

Surveying IT Management

The Need for Determining a Consensus on Risk

Infosec Management Survey

Infosec Management Quotient


6. A Matter of Governance: Taking Security to the Board.

Security-A Governance Issue

Directing Security Initiatives

Steering Committee

Leading the Way

Establishing a Secure Culture

Securing the Physical Business

Securing Business Relationships

Securing the Homeland

Involving the Board

Examining the Need for Executive Involvement

Elements Requiring Executive Participation


End Notes

7. Creating Demand for the Security Proposal: IT Management's Role.

Delivering the Security Message to Executive Management

Recognizing the Goals of the Corporation

Knowing How the Organization Can Use ROP

Understanding the Organization's Mandate and Directives

Acknowledging the Organization's Imperatives and Required Deliverables

Establishing an Appropriate Security Posture

Outlining Methods IT Managers Can Use to Engage the Organization

Lobbying Support

Assessing Senior Business Management Security Requirements

Every Question Counts: Delivering the Survey to Respondents

Infosec Operational Survey

Infosec Operational Quotient


8. Risk Aversion and Security Topologies.

Risk Aversion

The Notion of Risk Aversion

Determining Risk Tolerance

What Assets to Protect

Short-Term and Long-Term Risks

Risk-Aversion Quotient

Calculating the Risk-Aversion Quotient

Risk-Aversion Quotient and Risk Tolerance

Using the Charts

Security Modeling

Topology Standards

One Size Rarely Fits All

Security Throughout the Network

Diminishing Returns


9. Return on Prevention: Investing in Capital Assets.

Examining Cost of Attacks

Determining a Baseline

Providing Alternatives

Budgeting for Security Equipment

Total Cost of Ownership

Present Value

Analyzing Returns on Security Capital Investments

Net Present Value

Internal Rate of Return

Return on Investment

Payback Period

The Bottom Line

Acknowledging Nonmathematical Security Fundamentals


End Notes


10. Essential Elements of Security Policy Development.

Determining Required Policies

Constructing Reliable and Sound Policies





Using Policy Tools and Policy Implementation Considerations

Useful Policy Tools

Policy Implementation

Performing Comprehensive Monitoring

Knowing Policy Types

Physical Security Policies

Access-Control Policies

Dialup and Analog Policies

Remote-Access Policies

Remote Configuration Policies

VPN and Encryption Policies

Network Policies

Data Sensitivity, Retention, and Ethics Policies

Software Policies

Summary of Policy Types

Handling Incidents


11. Security Is a Living Process.

Security Wheel








Internal Issues




Good Netizen Conduct

SWOT: Strengths, Weaknesses, Opportunities, and Threats






End Note


Appendix A. References.

Appendix B. OSI Model, Internet Protocol, and Packets.

Appendix C. Quick Guides to Security Technologies.

Appendix D. Return on Prevention Calculations Reference Sheets.



Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)