Trojans, Worms, and Spyware: A Computer Security Professional's Guide to Malicious Code

Paperback (Print)
Buy New
Buy New from BN.com
$55.04
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 96%)
Other sellers (Paperback)
  • All (10) from $1.99   
  • New (4) from $31.58   
  • Used (6) from $1.99   

Overview

Computing/Security

Trojans, Worms, and Spyware
A Computer Security Professional's Guide to Malicious Code

Michael Erbschloe

Trojans, Worms, and Spyware provides practical, easy to understand, and readily usable advice to help organizations to improve their security and reduce the possible risks of malicious code attacks. Despite the global and domestic (US) economic downturn, information systems security remains one of the more in-demand professions in the world today. With the widespread use of the Internet as a business tool, more emphasis is being placed on information security than ever before. To successfully deal with this increase in dependence and the ever growing threat of virus and worm attacks, Information security and information assurance (IA) professionals need a jargon-free book that addresses the practical aspects of meeting new security requirements.

Everyone in business today knows what a virus is and, loosely, what effects it can have on computers and networked systems. This book provides a comprehensive list of threats, an explanation of what they are and how they wreak havoc with systems, as well as a set of rules-to-live-by along with a system to develop procedures and implement security training. It is a daunting task to combat the new generation of computer security threats – new and advanced variants of Trojans, as well as spyware (both hardware and software) and “bombs” – and Trojans, Worms, and Spyware will be a handy must-have reference for the computer security professional to battle and prevent financial and operational harm from system attacks.

· A one-minute manager section and approach to issues
· Step-by-step instructions on how to identify and accomplish security objectives
· Easy to implement advice for defending against malicious code attacks
· Resources to get in-depth information on each of the major security functions

Michael Erbschloe is an educator and consultant and the author of Socially Responsible IT Management (Elsevier Digital Press, 2002) and Implementing Homeland Security for Enterprise IT (Elsevier Digital Press, 2003).

http://books.Elsevier.com/security

Read More Show Less

Product Details

  • ISBN-13: 9780750678483
  • Publisher: Elsevier Science
  • Publication date: 8/30/2004
  • Edition description: New Edition
  • Pages: 232
  • Product dimensions: 0.50 (w) x 6.00 (h) x 9.00 (d)

Meet the Author

Michael Erbschloe an information technology consultant, educator, and author. Michael has also taught and developed technology related curriculum for several universities including the University of Denver, and speaks at conferences and industry events around the world. He has authored hundreds of articles on technology and several books including Information Warfare: How to Survive Cyber Attacks.
Read More Show Less

Table of Contents

Preface
Dedication
Acknowledgements
Introduction

Chapter One: Malicious Code Overview
Why Malicious Code Attacks are Dangerous
The Impact of Malicious Code Attacks on Corporate Security
Why Malicious Code Attacks Work
Flaws in Software
Weaknesses in System and Network Configurations
Social Engineering
Human Error and Foolishness
Hackers, Thieves, and Spies
Action Steps to Combat Malicious Code Attacks

Chapter Two: Types of Malicious Code
Email Viruses
Trojans
Back Doors
Worms
Blended Threats
Time Bombs
Spy Ware
Ad Ware
Steal Ware
Action Steps to Combat Malicious Code Attacks

Chapter Three: Review of Malicious Code Incidents
Historic Tidbits
The Morris Worm
Melissa
Love Bug
Code Red(s)
SirCam
Nimda
Slammer
The Summer of 2003 Barrage of Blaster, Sobig and More
Early 2004 with MyDoom, Netsky and More
Action Steps to Combat Malicious Code Attacks

Chapter Four: Basic Steps to Combat Malicious Code
Understanding The Risks
Using Security Policies to Set Standards
System and Patch Updates
Establishing a Computer Incident Response Team
Training for IT Professionals
Training End Users
Applying Social Engineering Methods in an Organization
Working with Law Enforcement Agencies
Action Steps to Combat Malicious Code Attacks

Chapter Five: Organizing for Security, Prevention, and Response
Organization of the IT Security Function
Where Malicious Code Prevention fits Into the IT Security Function
Staffing for Malicious Code Prevention in IT
Budgeting for Malicious Code Prevention
Evaluating Products for Malicious Code Prevention
Establishing and Utilizing an Alert Systems
Establishing and Utilizing a Reporting System
Corporate Security and Malicious Code Incident Investigations
Action Steps to Combat Malicious Code Attacks

Chapter Six: Controlling Computer Behavior of Employees
Policies on Appropriate Use of Corporate Systems
Monitoring Employee Behavior
Site Blockers and Internet Filters
Cookie and Spyware Blockers
Pop Up Blockers
Controlling Downloads
SPAM Control
Action Steps to Combat Malicious Code Attacks

Chapter Seven: Responding to a Malicious Code Incident
The First Report of a Malicious Code Attack
The Confirmation Process
Mobilizing the Response Team
Notifying Management
Using an Alert system and Informing End-Users
Clean up and Restoration
Controlling and Capturing Malicious Code
Identifying the Source of Malicious Code
The Preservation of Evidence
When to Call Law Enforcement
Enterprise Wide Eradication
Returning to Normal Operations
Analyzing Lessons Learned
Action Steps to Combat Malicious Code Attacks

Chapter Eight: Model Training Program for End-Users
Explaining why The Training is Important
Explaining The Appropriate Use Policy for Computers and Networks
Explaining How the Help Desk and PC Support of the Organization Works
Covering the Basic Do’s and Don’ts of Computer Usage to Prevent Attacks
Providing Basic Information about Malicious Code
Explaining How it Identify Potentially Malicious Code
Explaining What Employees Should to do if They Suspect Code is Malicious
Explaining What Employees Should Expect From the IT Department During Incident Response.
Performing the Administrative Aspects of a Training Program
Action Steps to Combat Malicious Code Attacks

Chapter Nine: The Future of Malicious Code
Military Style Information Warfare
Open Source Information Warfare
Militancy and Social Action
Homeland Security Efforts
Action Steps to Combat Malicious Code Attacks

Index

Appendix A: Computer Security Resources

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)