> Log In > My Account > View Cart
> Log In > My Account > View Cart
Rough Cuts
Available from Safari Books Online
What is this?
The Rough Cuts service from Safari Books Online gives you exclusive access to an evolving manuscript that you can read online or download as a PDF and print. A Rough Cuts book is not fully edited or completely formatted, but you'll get access to new versions as they are created.
Register your product to gain access to bonus material or receive a coupon.
Security Auditing provides you with a systematic approach to auditing a Cisco network for best practices and regulatory compliance. The book is a practical guide to building an auditing and assessment program that factors in regulatory and industry security requirements with real examples of how Cisco products can help address those needs. Recognizing that security is a system that relies on strong policy is the key concept that the book will convey. The value of the book lies in its ability to show real applications of Cisco security technology in the context of an auditing framework. There are many books that describe what an audit is and how to do one, but none provide design and configuration examples that directly correlate to compliance requirements and security frameworks.
The book is segmented into 3 parts. Part I covers the principles of auditing and strives to teach the language and key components of the auditing process. This overview pulls together a number of techniques for identifying risk and shows how we must think like auditors in our network designs and device configurations. It also covers the major regulatory, industry compliance, and security framework initiatives. The section ends with a description of common auditing tools and techniques that can be used to assess and verify that the policy is being enforced by our technical controls.
Part 2 covers the Cisco security solutions domains, which break down Cisco security technologies into 10 categories that allow the auditor to examine Cisco security as a system of integrated components rather than individual products. This section contains information about best practices in providing configuration and policy guidance for each solutions domain. You are also supplied with a checklist that they can use to map these solutions back to the regulations and security frameworks they are designed to address. These checklists can then be incorporated into your own auditing practice or used as a reference.
Part 3 provides guidance on starting an "in-house" security assessment and auditing program and ties the material presented in all the sections together.
Introduction
Part I: Principles of Auditing
1 Principles of Auditing
2 Regulatory compliance and Auditing Frameworks
3 Auditing Tools
Part II: Mapping Cisco Security Controls to Auditing Requirements
4 Cisco Security Solutions Domains
5 Policy and Compliance
6 Infrastructure Security
7 Intrusion Prevention
8 Role Based Access Control
9 Secure Remote Access
10 Secure Clients and Hosts
11 Secure IP Communications
12 Monitoring and Management
Part III: Setting Up Auditing Programs
13 Developing an Auditing Program
