Among some of the topics included in this book are: software measurement; ERP project evaluation; strategic electronic commerce evaluation.
Information technology (IT) has become a crucial enabler in the support, sustainability and growth of enterprises. Given this pervasive role of IT, a specific focus on EGIT has arisen over the last two decades, as an integral part of corporate governance. Going well beyond the implementation of a superior IT infrastructure, enterprise governance of IT is about defining and embedding processes and structures throughout the organization that enable boards and business and IT people to execute their responsibilities in support of business/IT alignment and value creation from their IT-enabled investments.
Featuring a variety of elements, including executive summaries and sidebars, extensive references and questions and activities (with additional materials available on-line), this book will be an essential resource for professionals, researchers and students alike
This instructional manual focuses on pin tumbler locks, the construction and function of which are illustrated with the aid of several diagrams. Everything from straightforward lock picking to quick-entry techniques like shimming, bumping, and bypassing are explained and shown. Guides and exercises demonstrate the use of basic lock-picking tools in order to manipulate and open these locks. The text also describes the most common "alternative" designs of pin tumbler locks and summarizes the tools and techniques that can be effective against them. It comes with a DVD filled with indispensable lock picking videos and color photos.
This book is an ideal reference for penetration testers, security consultants, and IT security professionals as well as hackers.Detailed photos make learning as easy as picking a lockDVD is filled with indispensible lock picking videos and color photosExtensive appendix details tools and toolkits currently available for all your lock picking needs
Mullins presents realistic, thorough, and up-to-date coverage of every DBA task, including creating database environments, data modeling, normalization, design, performance, data integrity, compliance, governance, security, backup/recovery, disaster planning, data and storage management, data movement/distribution, data warehousing, connectivity, metadata, tools, and more.
This edition adds new coverage of “Big Data,” database appliances, cloud computing, and NoSQL. Mullins includes an entirely new chapter on the DBA’s role in regulatory compliance, with substantial new material on data breaches, auditing, encryption, retention, and metadata management. You’ll also find an all-new glossary, plus up-to-the-minute DBA rules of thumb.
The Basics of Information Security gives you clear-non-technical explanations of how infosec works and how to apply these principles whether you're in the IT field or want to understand how it affects your career and business. The new Second Edition has been updated for the latest trends and threats, including new material on many infosec subjects.Learn about information security without wading through a huge textbookCovers both theoretical and practical aspects of information securityProvides a broad view of the information security field in a concise mannerAll-new Second Edition updated for the latest information security trends and threats, including material on incident response, social engineering, security awareness, risk management, and legal/regulatory issues
In a fast-paced and entertaining style, three luminaries of the DevOps movement deliver a story that anyone who works in IT will recognize. Readers will not only learn how to improve their own IT organizations, they'll never view IT the same way again.
The book covers recent crises in financial systems and job markets, the housing bubble, and environment, assessing their impact on systems thinking. A companion website is available at interactdesign.com.
This volume is ideal for senior executives as well as for chief information/operating officers and other executives charged with systems management and process improvement. It may also be a helpful resource for IT/MBA students and academics.Four NEW chapters on self-organizing systems, holistic thinking, operational thinking, and design thinkingCovers the recent crises in financial systems and job markets globally, the housing bubble, and the environment, assessing their impact on systems thinkingCompanion website to accompany the book is available at interactdesign.com
Because even if content strategy isn’t your job, content’s probably your problem—and probably more than you think. You or your business has a message you want to deliver, right? You can deliver that message through various channels and content types, from Tweets to testimonials and photo galleries galore, and your audience has just as many ways of engaging with it. So many ways, so much content... so where’s the problem? That is the problem. And you can measure it in time, creativity, money, lost opportunity, and the sobs you hear equally from creative directors, project managers, and search engine marketing specialists.
The solution is content strategy, and this book offers real-world examples and approaches you can adopt, no matter your role on the team. Put content strategy to work for you by gathering this book into your little hands and gobbling up never-before seen case studies from teams at Johns Hopkins Medicine, MINI, Icebreaker, and more. Content Strategy at Work is a book for designers, information architects, copywriters, project managers, and anyone who works with visual or verbal content. It discusses how you can communicate and forge a plan that will enable you, your company, or your client get that message across and foster better user experiences.Presents a content strategy framework and ways to implement in both in-house marketing departments and consultanciesIncludes case studies, interviews, and lessons learned from retail, apparel, network television, business-to-business, automotive, non-profit, and higher ed brandsDetails practical sales techniques to sell content strategy and use content strategy processes to sell other services and larger projects
Security professionals share the responsibility for mitigating damage, serving as a resource to an Emergency Tactical Center, assisting the return of business continuity, and liaising with local response agencies such as police and fire departments, emergency medical responders, and emergency warning centers. At the organizational level, the book addresses budgeting, employee performance, counseling, hiring and termination, employee theft and other misconduct, and offers sound advice on building constructive relationships with organizational peers and company management.Comprehensive introduction to security and IT security management principlesDiscussion of both public and private sector roles, as well as the increasingly common privatizing of government functionsNew experience-based exercises to sharpen security management and strategic skills and reinforce the content of each chapter
Tomorrow’s winning “Intelligent Enterprises” will bring together far more diverse sources of data, analyze it in more powerful ways, and deliver immediate insight to decision-makers throughout the organization. Today, however, most companies fail to apply the information they already have, while struggling with the complexity and costs of their existing information environments.
In this book, a team of IBM’s leading information management experts guide you on a journey that will take you from where you are today toward becoming an “Intelligent Enterprise.”
Drawing on their extensive experience working with enterprise clients, the authors present a new, information-centric approach to architecture and powerful new models that will benefit any organization. Using these strategies and models, companies can systematically unlock the business value of information by delivering actionable, real-time information in context to enable better decision-making throughout the enterprise–from the “shop floor” to the “top floor.”
Coverage IncludesHighlighting the importance of Dynamic Warehousing Defining your Enterprise Information Architecture from conceptual, logical, component, and operational views Using information architecture principles to integrate and rationalize your IT investments, from Cloud Computing to Information Service Lifecycle Management Applying enterprise Master Data Management (MDM) to bolster business functions, ranging from compliance and risk management to marketing and product management Implementing more effective business intelligence and business performance optimization, governance, and security systems and processes Understanding “Information as a Service” and “Info 2.0,” the information delivery side of Web 2.0
The book takes you step-by-step through the analysis of case law as it applies to situations commonly faced by security practitioners. It describes the legal requirements faced by security firms and emphasizes the liability problems common to security operations, including negligence and tortious liability, civil actions frequently litigated, and strategies to avoid legal actions that affect business efficiency. It also examines the constitutional and due-process dimensions of private security both domestically and internationally, including recent cases and trends that are likely to intensify in the future. New features of this edition include: a chapter on the legal implications of private contractors operating in war zones like Afghanistan; updated coverage of statutory authority, as well as state and federal processes of oversight and licensure; and special analysis of public-private cooperative relationships in law enforcement. A historical background helps readers understand the present by seeing the full context of recent developments.
This book will appeal to: students in physical security, security management, and criminal justice programs in traditional and for-profit schools; security professionals; and those working in law enforcement.Authoritative, scholarly treatise sheds light on this increasingly important area of the lawHistorical background helps readers understand the present by seeing the full context of recent developmentsNational scope provides crucial parameters to security practitioners throughout the USNEW TO THIS EDITION! A chapter on the legal implications of private contractors operating in war zones like Afghanistan, updated coverage of statutory authority, updated coverage of state and federal processes of oversight and licensure, special analysis of public-private cooperative relationships in law enforcement
Hacking Web Intelligence shows you how to dig into the Web and uncover the information many don't even know exists. The book takes a holistic approach that is not only about using tools to find information online but also how to link all the information and transform it into presentable and actionable intelligence. You will also learn how to secure your information online to prevent it being discovered by these reconnaissance methods.
Hacking Web Intelligence is an in-depth technical reference covering the methods and techniques you need to unearth open source information from the Internet and utilize it for the purpose of targeted attack during a security assessment. This book will introduce you to many new and leading-edge reconnaissance, information gathering, and open source intelligence methods and techniques, including metadata extraction tools, advanced search engines, advanced browsers, power searching methods, online anonymity tools such as TOR and i2p, OSINT tools such as Maltego, Shodan, Creepy, SearchDiggity, Recon-ng, Social Network Analysis (SNA), Darkweb/Deepweb, data visualization, and much more.Provides a holistic approach to OSINT and Web recon, showing you how to fit all the data together into actionable intelligenceFocuses on hands-on tools such as TOR, i2p, Maltego, Shodan, Creepy, SearchDiggity, Recon-ng, FOCA, EXIF, Metagoofil, MAT, and many moreCovers key technical topics such as metadata searching, advanced browsers and power searching, online anonymity, Darkweb / Deepweb, Social Network Analysis (SNA), and how to manage, analyze, and visualize the data you gatherIncludes hands-on technical examples and case studies, as well as a Python chapter that shows you how to create your own information-gathering tools and modify existing APIs
Covering cloud computing from what the business leader needs to know, this book describes how IT can nimbly ramp up revenue initiatives, positively impact business operations and costs, and how this allows business leaders to shed worry about technology so they can focus on their business. It also reveals the cloud's effect on corporate organization structures, the evolution of traditional IT in the global economy, potential benefits and risks of cloud models and most importantly, how the IT function is being rethought by companies today who are making room for the coming tidal wave that is cloud computing.Why IT and business thinking must change to capture the full potential of cloud computing Topics including emerging cloud solutions, data security, service reliability, the new role of IT and new business organization structures Other titles by Hugos include: Business Agility: Sustainable Prosperity in a Relentlessly Competitive World and Essentials of Supply Chain Management, 2nd Edition
Practical and timely, this book reveals why it's worth every company's time and effort to exploit cloud computing's potential for their business's survival and success.
From one of the world's leading figures in social media marketing, networking, and business applications comes the heavily revised and updated edition of the Likeable Social Media.
Dave Kerpen is CEO of Likeable Local and Likeable Media, which has won two WOMMY awards from the Word of Mouth Marketing Association (WOMMA) for excellence in word-of-mouth marketing.
The book contains 12 units and 45 chapters. Written by leading security educators, trainers and consultants, it has served as the authoritative text for both students and professionals worldwide. This new edition adds critical updates and fresh pedagogy, as well as new diagrams, illustrations, and self assessments. Information included is designed to reflect the latest trends in the industry and to support and reinforce continued professional development. The book concludes with an Emerging Trends feature, laying the groundwork for the future growth of this increasingly vital profession.
This will be an ideal reference for security students and CPO candidates.Information included is designed to reflect the latest trends in the industry and to support and reinforce continued professional development.Concludes chapters with an Emerging Trends feature, laying the groundwork for the future growth of this increasingly vital profession.Written by a cross-disciplinary contributor team consisting of top experts in their respective fields.
Implementing an enterprise-wide Configuration Management Database (CMDB) is one of the most influential actions an IT organization can take to improve service delivery and bridge the gap between technology and the business. With a well-designed CMDB in place, companies are better positioned to manage and optimize IT infrastructure, applications, and services; automate more IT management tasks; and restrain burgeoning costs. Now, there’s an objective, vendor-independent guide to making a CMDB work in your organization. The CMDB Imperative presents a start-to-finish implementation methodology that works and describes how the CMDB is shifting to the superior Configuration Management System (CMS).
Expert CMDB industry analyst Glenn O’Donnell and leading-edge architect and practitioner Carlos Casanova first review the drivers behind a CMDB and the technical, economic, cultural, and political obstacles to success. Drawing on the experiences of hundreds of organizations, they present indispensable guidance on architecting and customizing CMDB solutions to your specific environment. They’ll guide you through planning, implementation, transitioning into production, day-to-day operation and maintenance, and much more. Coverage includes
Defining the tasks and activities associated with configuration management Understanding the CMDB’s role in ITIL and the relationship between CMDBs and ITIL v3’s CMS Building software models that accurately represent each entity in your IT environment Ensuring information accuracy via change management and automated discovery Understanding the state of the CMDB market and selling the CMDB within your organization Creating federated CMDB architectures that successfully balance autonomy with centralized control Planning a deployment strategy that sets appropriate priorities and reflects a realistic view of your organization’s maturity Integrating systems and leveraging established and emerging standards Previewing the future of the CMDB/CMS and how it will be impacted by key trends such as virtualization, SOA, mobility, convergence, and “flexi-sourcing”
This edition offers instruction on how and in which situations the penetration tester can best use them. Real-life scenarios support and expand upon explanations throughout. It also presents core technologies for each type of testing and the best tools for the job. The book consists of 10 chapters that covers a wide range of topics such as reconnaissance; scanning and enumeration; client-side attacks and human weaknesses; hacking database services; Web server and Web application testing; enterprise application testing; wireless penetrating testing; and building penetration test labs. The chapters also include case studies where the tools that are discussed are applied. New to this edition: enterprise application testing, client-side attacks and updates on Metasploit and Backtrack.
This book is for people who are interested in penetration testing or professionals engaged in penetration testing. Those working in the areas of database, network, system, or application administration, as well as architects, can gain insights into how penetration testers perform testing in their specific areas of expertise and learn what to expect from a penetration test. This book can also serve as a reference for security or audit professionals.Details current open source penetration testing toolsPresents core technologies for each type of testing and the best tools for the jobNew to this edition: Enterprise application testing, client-side attacks and updates on Metasploit and Backtrack
Aspiring digital businesses need overall IT agility, not just development team agility. In Agile IT Organization Design , IT management consultant and ThoughtWorks veteran Sriram Narayan shows how to infuse agility throughout your organization. Drawing on more than fifteen years’ experience working with enterprise clients in IT-intensive industries, he introduces an agile approach to “Business–IT Effectiveness” that is as practical as it is valuable.
The author shows how structural, political, operational, and cultural facets of organization design influence overall IT agility—and how you can promote better collaboration across diverse functions, from sales and marketing to product development, and engineering to IT operations. Through real examples, he helps you evaluate and improve organization designs that enhance autonomy, mastery, and purpose: the key ingredients for a highly motivated workforce.
You’ll find “close range” coverage of team design, accountability, alignment, project finance, tooling, metrics, organizational norms, communication, and culture. For each, you’ll gain a deeper understanding of where your organization stands, and clear direction for making improvements. Ready to optimize the performance of your IT organization or digital business? Here are practical solutions for the long term, and for right now.Govern for value over predictability Organize for responsiveness, not lowest cost Clarify accountability for outcomes and for decisions along the way Strengthen the alignment of autonomous teams Move beyond project teams to capability teams Break down tool-induced silos Choose financial practices that are free of harmful side effects Create and retain great teams despite today’s “talent crunch” Reform metrics to promote (not prevent) agility Evolve culture through improvements to structure, practices, and leadership—and careful, deliberate interventions
Strategic Security Management fills a definitive need for guidelines on security best practices. The book also explores the process of in-depth security analysis for decision making, and provides the reader with the framework needed to apply security concepts to specific scenarios. Advanced threat, vulnerability, and risk assessment techniques are presented as the basis for security strategies. These concepts are related back to establishing effective security programs, including program implementation, management, and evaluation. The book also covers metric-based security resource allocation of countermeasures, including security procedures, personnel, and electronic measures.
Strategic Security Management contains contributions by many renowned security experts, such as Nick Vellani, Karl Langhorst, Brian Gouin, James Clark, Norman Bates, and Charles Sennewald.Provides clear direction on how to meet new business demands on the security professionalGuides the security professional in using hard data to drive a security strategy, and follows through with the means to measure success of the programCovers threat assessment, vulnerability assessment, and risk assessment - and highlights the differences, advantages, and disadvantages of each
Commercializing technology has never been easy, and it's getting tougher all the time. All the decisions you need to make are complicated by today's breakneck rates of change in enabling technology and by competitive pressures disseminated globally at the speed of the internet: Where to get ideas? Which to pursue? Whom to hire? Where to manufacture? How to fund? Create a startup or license to another? To answer these questions adequately and bring sophisticated products and services successfully to market, you need to deploy the systematic methods detailed in this book.
Jerry Schaufeld--serial technology entrepreneur, angel investor, and distinguished professor of entrepreneurship--presents in detail his proven step-by-step commercialization process, beginning with technology assessment and culminating with the successful launch of viable products into the global market. Using case studies, models, and practical tips culled from his entrepreneurial career, he shows readers of Commercializing Innovation how toSource technology that can be turned into products
The book consists of seven chapters that cover the seven deadliest attacks against Microsoft software and networks: attacks against Windows passwords; escalation attacks; stored procedure attacks; mail service attacks; client-side ActiveX and macro attacks; Web service attacks; and multi-tier attacks. Each chapter provides an overview of a single Microsoft software product, how it is used, and some of the core functionality behind the software. Furthermore, each chapter explores the anatomy of attacks against the software, the dangers of an attack, and possible defenses to help prevent the attacks described in the scenarios.
This book will be a valuable resource for those responsible for oversight of network security for either small or large organizations. It will also benefit those interested in learning the details behind attacks against Microsoft infrastructure, products, and services; and how to defend against them. Network administrators and integrators will find value in learning how attacks can be executed, and transfer knowledge gained from this book into improving existing deployment and integration practices.Windows Operating System-Password AttacksActive Directory-Escalation of PrivilegeSQL Server-Stored Procedure AttacksExchange Server-Mail Service AttacksOffice-Macros and ActiveXInternet Information Serives(IIS)-Web Serive AttacksSharePoint-Multi-tier Attacks
Today's effective cyber security programs take these best practices and overlay them with intelligence. Adding cyber threat intelligence can help security teams uncover events not detected by traditional security platforms and correlate seemingly disparate events across the network. Properly-implemented intelligence also makes the life of the security practitioner easier by helping him more effectively prioritize and respond to security incidents.
The problem with current efforts is that many security practitioners don't know how to properly implement an intelligence-led program, or are afraid that it is out of their budget. Building an Intelligence-Led Security Program is the first book to show how to implement an intelligence-led program in your enterprise on any budget. It will show you how to implement a security information a security information and event management system, collect and analyze logs, and how to practice real cyber threat intelligence. You'll learn how to understand your network in-depth so that you can protect it in the best possible way.Provides a roadmap and direction on how to build an intelligence-led information security program to protect your company.Learn how to understand your network through logs and client monitoring, so you can effectively evaluate threat intelligence.Learn how to use popular tools such as BIND, SNORT, squid, STIX, TAXII, CyBox, and splunk to conduct network intelligence.