저자명 : David Yack, Joe Mayo, Scott Hanselman, Fredrik Normén, Dan Wahlin, J. Ambrose Little, Jonathan Goodyear   
출판사 : Wrox  
정 가  : 49,000원  
ISBN : 0-7645-9766-3  
원서명 : ASP.NET 2.0 MVP Hacks and Tips   
출간년월 : 2006 년 5 월   
페이지 : 400 쪽   
크기 : 세로 : 235, 가로 : 188, 반양장 

Book Description
- This unique book offers readers invaluable information from the cream of the crop-Microsoft MVPs-who are now sharing undocumented hacks for the first time
Packed with superlative advice on ASP, Microsoft''s popular technology for Web sites, this book will help readers become more productive developers, find solutions to problems they thought unsolvable, and develop better applications
- During their many years of working with ASP.NET, Microsoft MVPs have answered thousands of questions, putting them in the distinctive position of knowing exactly what readers need to know
- Many of the hacks will apply to multiple versions of ASP.NET, not just 2.0 but 1.0 and 1.1 as well

From the Back Cover
As Microsoft MVPs, this team of authors has witnessed first-hand the innumerable problems and challenges that even the most experienced developers regularly encounter. This project survival guide offers little-known solutions, undocumented features, tips, and tricks—otherwise known as hacks—that you can use to build and deliver real-life applications using ASP.NET.

Written with the seasoned professional in mind, this book examines how some hacks ultimately become mainstream code or practices that are integrated into a product or process. You''ll benefit from the extensive experience of the authors as they show you how to adapt various hacks to your specific application and business environment. Plus, in-depth discussions of the solutions prove to bea helpful way to learn more about the inner workings of ASP.NET 2.0.

What you will learn from this book
- Various hacks such as page templates, multiple forms, URL rewriting, and SQL cache dependencies
- The many improvements in ASP.NET 2.0 that were originally hacks but are now part of the base product
- How the many new built-in functions reduce the amount of code you need to write for the most common applications

Who this book is for
This book is for experienced developers familiar with ASP.NET programming who are looking to take their skills from an "average" to "excellent" level.

Wrox MVP Hacks and Tips provide unique and little-known solutions to complex programming challenges. Written by Microsoft MVPs—highly regarded independent technical experts nominated by their peers and selected by Microsoft—each title reveals the highest quality hacks that have been discovered through years of hands-on experience.

About the Author

David Yack is the president of Colorado Technology Consultants, a Microsoft Gold Certified Partner based in Colorado. He is a Microsoft Regional Director and a Microsoft MVP for ASP.NET. As a senior hands-on technology and business consultant with over 18 years of industry experience, David enjoys developing applications for both the Windows and Unix platforms, specializing in large system architecture and design. David embraced .NET during the final beta days of version 1.0 and has been helping clients migrate and build new applications on the technology, as well as helping to mentor and train their staffs. David is a frequent speaker at user group and industry events and is on the author teams of two NET 2.0–related books. David also founded and is on the leadership team for the South Colorado .NET User Group. He lives in Colorado Springs with his wife and two children. You can always track David down via his blog at http:/blog.davidyack.com where he writes about his .NET adventures.

Joe Mayo runs his own company, Mayo Software, and is an author, consultant, and instructor specializing in .NET technologies. He operates the C# Station website (www.csharp-station.com) and is a Microsoft Most Valuable Professional (MVP). Joe’s previous books include C# Unleashed (Sams) and C# Builder Kick Start (Sams). For more information about Joe, please visit mayosoftware.com.

Scott Hanselman is currently the chief architect at the Corillian Corporation (NASDAQ: CORI), an eFinance enabler. He has over 13 years experience developing software in C, C++, VB, COM, and certainly in VB.NET and C#. Scott is proud to be both a Microsoft RD as well as an MVP for both ASP.NET and Solutions Architecture. Scott has spoken at dozens of conferences worldwide, including three TechEds and the North African DevCon. He is a primary contributor to “newtelligence DasBlog Community Edition 1.8,” the most popular open-source ASP.NET blogging software hosted on SourceForge. This is the fourth book Scott has worked on for Wrox. His thoughts on the Zen of .NET, programming, and Web Services can be found on his blog at www.computerzen.com. He welcomes e-mail at mailto:scott@hanselman.com.

Fredrik Normén is a consultant who works for Callista Knowledgebase AB. He works mostly as a mentor, solution developer, architect, and instructor. He has worked with the .NET framework since the first bit of .NET 1.0 was released in 2000. He has over 10 years of experience building web applications, started with Perl and moving on to ASP and ASP.NET. You can find Fredrik’s blog at http://fredrik.nsquared2.com.

Dan Wahlin (Microsoft MVP for ASP.NET and XMLWeb Services) is the president of Wahlin Consulting LLC, which provides enterprise consulting and training services as well as ASP.NET server controls. He also founded the XML for ASP.NET Developers website (www.XMLforASP.net), which focuses on using XML, ADO.NET and Web Services in Microsoft’s .NET platform. Dan is a regular speaker at different .NET conferences and is a member of the INETASpeaker’s Bureau, which enables him to interact with .NET user groups around the United States. He has also authored/co-authored five books on various .NET technologies and writes for several technical magazines.

J. Ambrose Little is an ASP Insider and Microsoft MVP who works as a senior software engineer for a Tampa-based commercial software company and as the content director for ASPAlliance.com. He’s an author of numerous articles, co-author of Professional ADO.NET 2 and ASP.NET 2.0 MVP Hacks and Tips, and has spoken at various .NET user groups and events in Florida.

Jonathan D. Goodyear is the president of ASPSOFT, Inc, a software consulting company based out of Orlando, Florida. He is a contributing editor for both Visual Studio Magazine and asp.netPRO Magazine, and frequently speaks at major technology conferences such as VSLive and ASP.NET Connections. Jonathan was a featured speaker at the Visual Studio 2005 Launch Event in Orlando, Florida, and speaks at numerous .NET user groups through the International .NET Association (INETA). He wrote one of the first books about .NET development, Debugging ASP.NET (New Riders Publishing), and appeared in a video, Visual Studio .NET: An Introduction, by WatchIT.com. He is the founder and editor of the online magazine angryCoder.com, and is a Microsoft Most Valuable Professional (MVP) for ASP.NET, an ASP Insider, and the Microsoft regional director (RD) for Florida.

***********************************************************

CONTENTS

Acknowledgments.
Introduction.

Chapter 1: Hacks Revisited.

Chapter 2: Getting Started.

Chapter 3: The Power of Providers.

Chapter 4: The Smarter Web Client.

Chapter 5: Debugging What You Created.

Chapter 6: Control Hacks.

Chapter 7: GridView Hacks.

Chapter 8: Extreme Data Binding.

Chapter 9: ViewState.

Chapter 10: Cache Hacks.

Chapter 11: Moving to ASP.NET 2.0 from 1.x.

Chapter 12: Deployment Hacks.

Chapter 13: Leveraging Visual Studio.

Chapter 14: Security Hacks.

Chapter 15: Building Your Own Hacks.

Chapter 16: Master Pages.

Chapter 17: Handlers and Modules.

Index.

크리에이티브 커먼즈 라이선스

이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이선스에 따라 이용하실 수 있습니다.

저자명 : Vincent LeVeque   
출판사 : Wiley  
정 가  : 42,000원  
ISBN : 0-471-73612-0  
원서명 : Information Security: A Strategic Approach   
출간년월 : 2006 년 4 월   
페이지 : 272 쪽   
크기 : 세로 : 235, 가로 : 155, 반양장 

From the Back Cover

Bridging the gap between information security and strategic planning

This publication is a reflection of the author''s firsthand experience as an information security consultant, working for an array of clients in the private and public sectors. Readers discover how to work with their organizations to develop and implement a successful information security plan by improving management practices and by establishing information security as an integral part of overall strategic planning.

The book starts with an overview of basic concepts in strategic planning, information technology strategy, and information security strategy. A practical guide to defining an information security strategy is then provided, covering the "nuts and bolts" of defining long-term information security goals that effectively protect information resources. Separate chapters covering technology strategy and management strategy clearly demonstrate that both are essential, complementary elements in protecting information.

Following this practical introduction to strategy development, subsequent chapters cover the theoretical foundation of an information security strategy, including:

- Examination of key enterprise planning models that correspond to different uses of information and different strategies for securing information
- Review of information economics, an essential link between information security strategy and business strategy
- Role of risk in building an information security strategy

Two separate case studies are developed, helping readers understand how the development and implementation of information security strategies can work within their own organizations.

This is essential reading for information security managers, information technology executives, and consultants. By linking information security to general management strategy, the publication is also recommended for nontechnical executives who need to protect the value and security of their organization''s information.

About the Author

VINCENT LeVEQUE is a Senior Security Engineer for a large systems integrator and technology consulting firm, and previously worked for a large public accounting firm in their informationrisk management practice. He has more than fifteen years'' experience in information technology,with an emphasis on information security solutions. His client base has included public utilities, local government, financial institutions, health care, telecommunications, retail, and manufacturers.

***********************************************************

CONTENTS

List of Figures.
Preface.

1. Introduction.

Strategy Overview.

Strategy and Information Technology.

Strategy and Information Security.

An Information Security Strategic Planning Methodology.

The Business Environment.

Information Value.

Risk.

The Strategic Planning Process.

The Technology Plan.

The Management Plan.

Theory and Practice.

2. Developing an Information Security Strategy.

Overview.

An Information Security Strategy Development Methodology.

Strategy Prerequisites.

Research Sources.

Preliminary Development.

Formal Project Introduction.

Fact Finding.

General Background Information.

Documentation Review.

Interviews.

Surveys.

Research Sources.

Analysis Methods.

Strengths, Weaknesses, Opportunities, and Threats.

Business Systems Planning.

Life-Cycle Methods.

Critical Success Factors.

Economic Analysis.

Risk Analysis.

Benchmarks and Best Practices.

Compliance Requirements.

Analysis Focus Areas.

Industry Environment.

Organizational Mission and Goals.

Executive Governance.

Management Systems and Controls.

Information Technology Management.

Information Technology Architecture.

Security Management.

Draft Plan Presentation.

Final Plan Presentation.

Options for Plan Development.

A Plan Outline.

Selling the Strategy.

Plan Maintenance.

The Security Assessment and the Security Strategy.

Strategy Implementation:

What is a Tactical Plan?

Converting Strategic goals to Tactical Plans.

Turning Tactical Planning Outcomes into Ongoing Operations.

Key Points.

Plan Outline.

3. The Technology Strategy.

Thinking About Technology.

Planning Technology Implementation.

Technology Forecasting.

Some Basic Advice.

Technology Life-Cycle Models.

Technology Solution Evaluation.

Role of Analysts.

Technology Strategy Components:

The Security Strategy Technical Architecture.

Leveraging Existing Vendors.

Legacy Technology.

The Management Dimension.

Overall Technical Design.

The Logical Technology Architecture.

Specific Technical Components.

Servers.

Network Zones.

External Network Connections.

Desktop Systems.

Applications and DBMS.

Portable Computing Devices.

Telephone Systems.

Control Devices.

Intelligent Peripherals.

Facility Security Systems.

Security Management Systems.

Key Points.

4. The Management Strategy.

Control Systems.

Control Systems and the Information Security Strategy.

Governance.

Ensuring IT Governance.

IT Governance Models.

Current Issues in Governance.

Control Objectives for Information and Related Technology (CobiT).

IT Balanced Scorecard.

Governance in Information Security.

End-User Role.

An IT Management Model for Information Security.

Policies, Procedures, and Standards.

Assigning Information Security Responsibilities.

To Whom Should Information Security Report?

Executive Roles.

Organizational Interfaces.

Information Security Staff Structure.

Staffing and Funding Levels.

Managing Vendors.

Organizational Culture and Legitimacy.

Training and Awareness.

Key Points.

5. Case Studies.

Case Study 1—Singles Opportunity Services.

Background.

Developing the Strategic Plan.

Information Value Analysis.

Risk Analysis.

Technology Strategy.

Management Strategy.

Implementation.

Case Study 2—Rancho Nachos Mosquito Abatement District.

Background.

Developing the Strategic Plan.

Information Value Analysis.

Risk Analysis.

Technology Strategy.

Management Strategy.

Implementation.

Key Points.

6. Business and IT Strategy:

Introduction.

Strategy and Systems of Management.

Business Strategy Models.

Boston Consulting Group Business Matrix.

Michael Porter—Competitive Advantage.

Business Process Reengineering.

The Strategy of No Strategy.

IT Strategy.

Nolan/Gibson Stages of Growth.

Information Engineering.

Rockart’s Critical Success Factors.

IBM Business System Planning (BSP).

So is IT really “strategic”?

IT Strategy and Information Security Strategy.

Key Points.

7. Information Economics.

Concepts of Information Protection.

Information Ownership.

From Ownership to Asset.

Information Economics and Information Security.

Basic Economic Principles.

Why is Information Economics Difficult?

Information Value—Reducing Uncertainty.

Information Value—Improved Business Processes.

Information Security Investment Economics.

The Economic Cost of Security Failures.

Future Directions in Information Economics.

Information Management Accounting—Return on Investment.

Economic Models and Management Decision Making.

Information Protection or Information Stewardship?

Key Points.

8. Risk Analysis.

Compliance Versus Risk Approaches.

The “Classic” Risk Analysis Model.

Newer Risk Models.

Process-Oriented Risk Models.

Tree-Based Risk Models.

Organizational Risk Cultures.

Risk Averse, Risk Neutral, and Risk Taking Organizations.

Strategic Versus Tactical Risk Analysis.

When Compliance-based Models are Appropriate.

Risk Mitigation.

Key Points.

Notes and References.

Index.

크리에이티브 커먼즈 라이선스

이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이선스에 따라 이용하실 수 있습니다.

저자명 : Roger A. Grimes   
출판사 : Wrox  
정 가  : 49,000원  
ISBN : 0-7645-9990-9  
출간년월 : 2006 년 5 월   
페이지 : 572 쪽   
크기 : 세로 : 233, 가로 : 188, 반양장 

- Shows how to improve Windows desktop and server security by configuring default security before installing off-the-shelf security products
- Educates readers about the most significant security threats, building the ultimate defense, operating system hardening, application security, and automating security
- As a security consultant, the author has an impressive record-of his clients, not one who followed his recommendations has suffered a virus, worm, Trojan, or successful hacker attack in the past five years
- The companion Web site includes author-created custom security templates and group policies that will automate advice given in the book

From the Back Cover

Today''s uber viruses, worms, and trojans may seem more damaging than ever, but the attacking malware and malicious hackers are using the same tricks they always have. With this book, Microsoft MVP Roger Grimes exposes the real threat to Windows computers and offers practical guidance to secure those systems.

Grimes shares proven yet unconventional defenses that most Windows administrators don''t use. He walks you step-by-step through these techniques, clearly showing you how to secure your Windows operating system beyond the Microsoft defaults. You''ll get security advice for Windows 2000, XP, and Server 2003, in addition to emerging technologies from Microsoft. Plus, the book details hundreds of group policy settings and the best way to apply group policy objects. Ultimately, you''ll discover how to harden Microsoft''s most commonly attacked applications while automating all of your security settings.

What you will learn from this book

- How Windows desktop and server security can be dramatically improved by configuring default security
- Ways to enhance authentication and prevent password crackers
- Techniques for stopping unauthorized application installation or execution
- Tips for defending against the biggest e-mail security threats
- How to achieve seamless and secure file encryption
- Steps to create customized security and administrative templates
How Internet Explorer functions behind the scenes and the recommended configuration

Who this book is for

This book is for Microsoft Windows administrators who need to significantly increase the security of their clients and servers using the best methods available.

Wrox Professional guides are planned and written by working programmers to meet the real-world needs of programmers, developers, and IT professionals. Focused and relevant, they address the issues technology professionals face every day. They provide examples, practical solutions, and expert education in new technologies, all designed to help programmers do a better job.

About the Author

Roger A. Grimes (CPA, CISSP, MCSE: Security, MVP, CEH, CHFI, TICSA) is a 20-year computer security consultant, writer, and teacher. He has written over a 150 national magazine articles on computer security, and this is his fifth book on Microsoft Windows security. He has consulted for many of the world’s best-known enterprises (including McAfee, Microsoft, Verisign, and IBM), multiple universities, cities and school systems, plus every branch of the U.S. armed forces. He is currently a highly rated instructor teaching Windows and Linux security in Foundstone’s Ultimate Hacking classes. He has presented at many of the industry’s largest conferences, including MCP TechMentor, Windows Connections, and SANS. He was a contributing editor for Windows IT Pro magazine, and is the security columnist for InfoWorld magazine. He has written several advanced security courses, including for Microsoft. He is a three-year recipient of Microsoft’s Most Valuable Professional (MVP) award, and was the creator and team leader of the successful www.hackiis6.com contest.

***********************************************************

COMTENTS

Acknowledgments.
Introduction.

Part I: The Basics in Depth.

Chapter 1: Windows Attacks.

Chapter 2: Conventional and Unconventional Defenses.

Chapter 3: NTFS Permissions 101.

Part II: OS Hardening.

Chapter 4: Preventing Password Crackers.

Chapter 5: Protecting High-Risk Files.

Chapter 6: Protecting High-Risk Registry Entries.

Chapter 7: Tightening Services.

Chapter 8: Using IPSec.

Part III: Application Security.

Chapter 9: Stopping Unauthorized Execution.

Chapter 10: Securing Internet Explorer.

Chapter 11: Protecting E-mail.

Chapter 12: IIS Security.

Chapter 13: Using Encrypting File System.

Part IV: Automating Security.

Chapter 14: Group Policy Explained.

Chapter 15: Designing a Secure Active Directory Infrastructure.

Book Summary.

Index.
　

크리에이티브 커먼즈 라이선스

이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이선스에 따라 이용하실 수 있습니다.

저자명 : Mark Stamp   
출판사 : Wiley  
정 가  : 51,000원  
ISBN : 0-471-73848-4  
출간년월 : 2005 년 10 월   
페이지 : 416 쪽   
크기 : 세로 : 235, 가로 : 155, 양장 

Your expert guide to information security
As businesses and consumers become more dependent on complex multinational information systems, the need to understand and devise sound information security systems has never been greater. This title takes a practical approach to information security by focusing on real-world examples. While not sidestepping the theory, the emphasis is on developing the skills and knowledge that security and information technology students and professionals need to face their challenges. The book is organized around four major themes:

- Cryptography: classic cryptosystems, symmetric key cryptography, public key cryptography, hash functions, random numbers, information hiding, and cryptanalysis
- Access control: authentication and authorization, password-based security, ACLs and capabilities, multilevel and multilateral security, covert channels and inference control, BLP and Biba''s models, firewalls, and intrusion detection systems
- Protocols: simple authentication protocols, session keys, perfect forward secrecy, timestamps, SSL, IPSec, Kerberos, and GSM
- Software: flaws and malware, buffer overflows, viruses and worms, software reverse engineering, digital rights management, secure software development, and operating systems security
- Additional features include numerous figures and tables to illustrate and clarify complex topics, as well as problems-ranging from basic to challenging-to help readers apply their newly developed skills. A solutions manual and a set of classroom-tested PowerPoint(r) slides will assist instructors in their course development. Students and professors in information technology, computer science, and engineering, and professionals working in the field will find this reference most useful to solve their information security issues.

Download Description
Your expert guide to information security As businesses and consumers become more dependent on complex multinational information systems, the need to understand and devise sound information security systems has never been greater. This title takes a practical approach to information security by focusing on real-world examples. While not sidestepping the theory, the emphasis is on developing the skills and knowledge that security and information technology students and professionals need to face their challenges. The book is organized around four major themes: Cryptography: classic cryptosystems, symmetric key cryptography, public key cryptography, hash functions, random numbers, information hiding, and cryptanalysis Access control: authentication and authorization, password-based security, ACLs and capabilities, multilevel and multilateral security, covert channels and inference control, BLP and Biba''s models, firewalls, and intrusion detection systems Protocols: simple authentication protocols, session keys, perfect forward secrecy, timestamps, SSL, IPSec, Kerberos, and GSM Software: flaws and malware, buffer overflows, viruses and worms, software reverse engineering, digital rights management, secure software development, and operating systems security Additional features include numerous figures and tables to illustrate and clarify complex topics, as well as problems-ranging from basic to challenging-to help readers apply their newly developed skills. A solutions manual and a set of classroom-tested PowerPoint(r) slides will assist instructors in their course development. Students and professors in information technology, computer science, and engineering, and professionals working in the field will find this reference most useful to solve their information security issues.

From the Back Cover
Your expert guide to information security

As businesses and consumers become more dependent on complex multinational information systems, the need to understand and devise sound information security systems has never been greater. This title takes a practical approach to information security by focusing on real-world examples. While not sidestepping the theory, the emphasis is on developing the skills and knowledge that security and information technology students and professionals need to face their challenges. The book is organized around four major themes:

Cryptography: classic cryptosystems, symmetric key cryptography, public key cryptography, hash functions, random numbers, information hiding, and cryptanalysis

Access control: authentication and authorization, password-based security, ACLs and capabilities, multilevel and multilateral security, covert channels and inference control, BLP and Biba''s models, firewalls, and intrusion detection systems

Protocols: simple authentication protocols, session keys, perfect forward secrecy, timestamps, SSL, IPSec, Kerberos, and GSM

Software: flaws and malware, buffer overflows, viruses and worms, software reverse engineering, digital rights management, secure software development, and operating systems security

Additional features include numerous figures and tables to illustrate and clarify complex topics, as well as problems—ranging from basic to challenging—to help readers apply their newly developed skills. A solutions manual and a set of classroom-tested PowerPoint

***********************************************************

CONTENTS

Preface.
About The Author.
Acknowledgments.

1. Introduction.
1.1 The Cast of Characters.
1.2 Alice's Online Bank.
1.3 About This Book.
1.4 The People Problem.
1.5 Theory and Practice.
1.6 Problems.

I. CRYPTO.
2. Crypto Basics.
2.1 Introduction.
2.2 How to Speak Crypto.
2.3 Classic Crypto.
2.4 Modern Crypto History.
2.5 A Taxonomy of Cryptography.
2.6 A Taxonomy of Cryptanalysis.
2.7 Summary.
2.8 Problems.

3. Symmetric Key Crypto.
3.1 Introduction.
3.2 Stream Ciphers.
3.3 Block Ciphers.
3.4 Integrity.
3.5 Summary.
3.6 Problems.

4. Public Key Crypto.
4.1 Introduction.
4.2 Knapsack.
4.3 RSA.
4.4 Diffie-Hellman.
4.5 Elliptic Curve Cryptography.
4.6 Public Key Notation.
4.7 Uses for Public Key Crypto.
4.8 Public Key Infrastructure.
4.9 Summary.
4.10 Problems.

5. Hash Functions and Other Topics.
5.1 What is a Hash Function?
5.2 The Birthday Problem.
5.3 Non-cryptographic Hashes.
5.4 Tiger Hash.
5.5 HMAC.
5.6 Uses of Hash Functions.
5.7 Other Crypto-Related Topics.
5.8 Summary.
5.9 Problems.

6. Advanced Cryptanalysis.
6.1 Introduction.
6.2 Linear and Differential Cryptanalysis.
6.3 Side Channel Attack on RSA.
6.4 Lattice Reduction and the Knapsack.
6.5 Hellman's Time-Memory Tradeo_.
6.6 Summary.
6.7 Problems.

II. ACCESS CONTROL.
7. Authentication.
7.1 Introduction.
7.2 Authentication Methods.
7.3 Passwords.
7.4 Biometrics.
7.5 Something You Have.
7.6 Two-Factor Authentication.
7.7 Single Sign-On and Web Cookies.
7.8 Summary.
7.9 Problems.

8. Authorization.
8.1 Introduction.
8.2 Access Control.
8.3 Multilevel Security Models.
8.4 Multilateral Security.
8.5 Covert Channel.
8.6 Inference Control.
8.7 CAPTCHA.
8.8 Firewalls.
8.9 Intrusion Detection.
8.10 Summary.
8.11 Problems.

III PROTOCOLS.
9. Simple Authentication Protocols.
9.1 Introduction.
9.2 Simple Security Protocols.
9.3 Authentication Protocols.
9.4 Authentication and TCP.
9.5 Zero Knowledge Proofs.
9.6 The Best Authentication Protocol?
9.7 Summary.
9.8 Problems.

10. Real-World Security Protocols.
10.1 Introduction.
10.2 Secure Socket Layer.
10.3 IPSec.
10.4 Kerberos.
10.5 GSM.
10.6 Summary.
10.7 Problems.

11. Software Flaws and Malware.
11.1 Introduction.
11.2 Software Flaws.
11.3 Malware.
11.4 Miscellaneous Software-Based Attacks.
11.5 Summary.
11.6 Problems.

12. Insecurity in Software.
12.1 Introduction.
12.2 Software Reverse Engineering.
12.3 Software Tamper-resistance.
12.4 Digital Rights Management.
12.5 Software Development.
12.6 Summary.
12.7 Problems.

13. Operating Systems and Security.
13.1 Introduction.
13.2 Operating System Security Functions.
13.3 Trusted Operating System.
13.4 Next Generation Secure Computing Base.
13.5 Summary.
13.6 Problems.

Appendices.
A-1 Networking Basics.
A-2 Math Essentials.
A-3 DES S-boxes.

Annotated Bibliography.
Index.
　
***********************************************************

강의자료 다운로드 받기

크리에이티브 커먼즈 라이선스

이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이선스에 따라 이용하실 수 있습니다.

저자명 : Markus Schumacher, Eduardo Fernandez-Buglioni, Duane Hybertson, Frank Buschmann, Peter Sommerlad   
출판사 : Wiley  
정 가  : 51,000원  
ISBN : 0-470-85884-2  
출간년월 : 2006 년 3 월   
페이지 : 600 쪽   
크기 : 세로 : 240, 가로 : 190, 양장 

International security experts explain the full spectrum of security in systems design

Security can be an intimidating subject area, but this need not be the case. Although time constraints may prevent systems engineers from becoming security specialists, guarding systems against attack is essential. With the growing success of the Internet, computer and software systems have become more and more networked. Written from the heart of the patterns community, the authors address key questions and present corresponding proven solutions, clearly showing you how to build secure systems.

In a time where systems are constantly at risk, it is essential that you arm yourself with the knowledge of different security measures. This pioneering title breaks down security at various levels of the system: the enterprise, architectural and operational layers. It acts as an extension to the larger enterprise contexts and shows you how to integrate security in the broader engineering process.

Essential security topics include:

Enterprise level security - security management, principles, institutional policies (such as need-to-know) and enterprise needs (including confidentiality, integrity, availability, accountability, I&A, access control and audit).

Architectural level security - system level solutions responding to enterprise level policies - and the most important level for facilitating building security into a system.

User level security - concerned with achieving security in operational contexts

***********************************************************

CONTENTS

Chapter 1: The Pattern Approach.

Patterns at a Glance.

No Pattern is an Island.

Patterns Everywhere.

Humans are the Target.

Patterns Resolve Problems and Shape Environments.

Towards Pattern Languages.

Documenting Patterns.

A Brief Note on The History of Patterns.

The Pattern Community and its Culture.

Chapter 2: Security Foundations.

Overview.

Security Taxonomy.

General Security Resources.

Chapter 3: Security Patterns.

The History of Security Patterns.

Characteristics of Security Patterns.

Why Security Patterns?

Sources for Security Pattern Mining.

Chapter 4: Patterns Scope and Enterprise Security.

The Scope of Patterns in the Book.

Organization Factors.

Resulting Organization.

Mapping to the Taxonomy.

Organization in the Context of an Enterprise Framework.

Chapter 5: The Security Pattern Landscape.

Enterprise Security and Risk Management Patterns.

Identification & Authentication (I&A) Patterns.

Access Control Model Patterns.

System Access Control Architecture Patterns.

Operating System Access Control Patterns.

Accounting Patterns.

Firewall Architecture Patterns.

Secure Internet Applications Patterns.

Cryptographic Key Management Patterns.

Related Security Pattern Repositories Patterns.

Chapter 6: Enterprise Security and Risk Management.

Security Needs Identification for Enterprise Assets.

Asset Valuation.

Threat Assessment.

Vulnerability Assessment.

Risk Determination.

Enterprise Security Approaches.

Enterprise Security Services.

Enterprise Partner Communication.

Chapter 7: Identification and Authentication (I&A).

I&A Requirements.

Automated I&A Design Alternatives.

Password Design and Use.

Biometrics Design Alternatives.

Chapter 8: Access Control Models.

Authorization.

Role-Based Access Control.

Multilevel Security.

Reference Monitor.

Role Rights Definition.

Chapter 9: System Access Control Architecture.

Access Control Requirements.

Single Access Point.

Check Point.

Security Session.

Full Access with Errors.

Limited Access.

Chapter 10: Operating System Access Control.

Authenticator.

Controlled Process Creator.

Controlled Object Factory.

Controlled Object Monitor.

Controlled Virtual Address Space.

Execution Domain.

Controlled Execution Environment.

File Authorization.

Chapter 11: Accounting.

Security Accounting Requirements.

Audit Requirements.

Audit Trails and Logging Requirements.

Intrusion Detection Requirements.

Non-Repudiation Requirements.

Chapter 12: Firewall Architectures.

Packet Filter Firewall.

Proxy-Based Firewall.

Stateful Firewall.

Chapter 13: Secure Internet Applications.

Information Obscurity.

Secure Channels.

Known Partners.

Demilitarized Zone.

Protection Reverse Proxy.

Integration Reverse Proxy.

Front Door.

Chapter 14: Case Study: IP Telephony.

IP Telephony at a Glance.

The Fundamentals of IP Telephony.

Vulnerabilities of IP Telephony Components.

IP Telephony Use Cases.

Securing IP telephony with patterns.

Applying Individual Security Patterns.

Conclusion.

Chapter 15: Supplementary Concepts.

Security Principles and Security Patterns.

Enhancing Security Patterns with Misuse Cases.

Chapter 16: Closing Remarks.

References.

Index.

크리에이티브 커먼즈 라이선스

이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이선스에 따라 이용하실 수 있습니다.

저자명 : Dieter Gollmann   
출판사 : Wiley  
정 가  : 34,000원  
ISBN : 0-470-86293-9  
출간년월 : 2006 년 1 월   
페이지 : 386 쪽   
크기 : 세로 : 235, 가로 : 188, 반양장 

Today, security is no longer only a topic of interest for specialists, but a concern for all end users, systems administrators, and software developers.

The development of new kinds of IT applications means that unique security threats continue to emerge. These new challenges may require novel solutions, and traditional security solutions can actually exacerbate the problem rather than solve it.

Dieter Gollmann's popular text continues to offer a comprehensive yet concise overview of the subject that will help the reader think about security at every level. Beginning with basic definitions and concepts and going on to outline the mechanisms at the heart of the computer system, this book covers security issues in networks, operating systems and databases, and shows how to evaluate and tackle security problems.

Updated throughout, the second edition includes brand new chapters on software security, authentication in distributed systems, new paradigms in access control, and mobility. Also included are brief introductions to security management and cryptography.

Computer Security is essential reading for undergraduate and postgraduate students on a variety of introductory and advanced security courses in computer science, engineering and related disciplines. Technical and project managers will also find that this book offers a great starting point for dealing with complex security challenges.

Designed for use on courses or self study, additional resources such as lecture slides and suggested solutions to end of chapter exercises can be found at www.wiley.com/go/gollmann

Dieter Gollmann is Professor for Security in Distributed Applications at Hamburg University of Technology. He is also a visiting Professor at Royal Holloway, University of London and Adjunct Professor at the Technical University of Denmark. Previously he was a researcher in Information Security at Microsoft Research in Cambridge.

***********************************************************

CONTENTS

Preface.


Chapter 1: Introduction.

1.1 Attacks and Attackers.

1.2 Security.

1.3 Security Management.

1.4 Risk and Threat Analysis.

1.5 Further Reading.

1.6 Exercises.

Chapter 2: Foundations of Computer Security.

2.1 Definitions.

2.2 The Fundamental Dilemma of Computer Security.

2.3 Data vs Information.

2.4 Principles of Computer Security.

2.5 The Layer Below.

2.6 Further Reading.

2.7 Exercises.

Chapter 3: Identification & Authentication.

3.1 Username and Password.

3.2 Managing Passwords.

3.3 Choosing Passwords.

3.4 Spoofing Attacks.

3.5 Protecting the Password File.

3.6 Single Sign-on.

3.7 Alternative Approaches.

3.8 Further Reading.

3.9 Exercises.

Chapter 4: Access Control.

4.1 Background.

4.2 Authentication and Authorization.

4.3 Access Operations.

4.4 Ownership.

4.5 Access Control Structures.

4.6 Intermediate Controls.

4.7 Partial Orderings.

4.8 Further Reading.

4.9 Exercises.

Chapter 5: Reference Monitors.

5.1 Introduction.

5.2 Operating System Integrity.

5.3 Hardware Security Features.

5.4 Protecting Memory.

5.5 Further Reading.

5.6 Exercises.

Chapter 6: Unix Security.

6.1 Introduction.

6.2 Principals.

6.3 Subjects.

6.4 Objects.

6.5 Access Control.

6.6 Instances of General Security Principles.

6.7 Management Issues.

6.8 Further Reading.

6.9 Exercises.

Chapter 7: Windows 2000 Security.

7.1 Introduction.

7.2 Access Control – Components.

7.3 Access Decisions.

7.4 Restricted Context.

7.5 Administration.

7.6 Further Reading.

7.7 Exercises.

Chapter 8: Bell-LaPadula Model.

8.1 State Machine Models.

8.2 The Bell-LaPadula Model.

8.3 The Multics Interpretation of BLP.

8.4 Further Reading.

8.5 Exercises.

Chapter 9: Security Models.

9.1 The Biba Model.

9.2 The Chinese Wall Model.

9.3 The Clark-Wilson Model.

9.4 The Harrison-Ruzzo-Ullman Model.

9.5 Information-Flow Models.

9.6 Execution Monitors.

9.7 Further Reading.

9.8 Exercises.

Chapter 10: Security Evaluation.

10.1 Introduction.

10.2 The Orange Book.

10.3 The Rainbow Series.

10.4 Information Technology Security Evaluation Criteria.

10.5 The Federal Criteria.

10.6 The Common Criteria.

10.7 Quality Standards.

10.8 An E_ort Well Spent?.

10.9 Further Reading.

10.10Exercises.

Chapter 11: Cryptography.

11.1 Introduction.

11.2 Modular Arithmetic.

11.3 Integrity Check Functions.

11.4 Digital Signatures.

11.5 Encryption.

11.6 Strength of Mechanisms.

11.7 Performance.

11.8 Further Reading.

11.9 Exercises.

Chapter 12: Authentication in Distributed Systems.

12.1 Introduction.

12.2 Key Establishment and Authentication.

12.3 Key Establishment Protocols.

12.4 Kerberos.

12.5 Public Key Infrastructures.

12.6 Trusted Computing – Attestation.

12.7 Further Reading.

12.8 Exercises.

Chapter 13: Network Security.

13.1 Introduction.

13.2 Protocol Design Principles.

13.3 IP Security.

13.4 SSL/TLS.

13.5 DNS.

13.6 Firewalls.

13.7 Intrusion Detection.

13.8 Further Reading.

13.9 Exercises.

Chapetr 14: Software Security.

14.1 Introduction.

14.2 Characters and Numbers.

14.3 Canonical Representations.

14.4 Memory Management.

14.5 Data and Code.

14.6 Race conditions.

14.7 Defences.

14.8 Further Reading.

14.9 Exercises.

Chapter 15: New Access Control Paradigms.

15.1 Introduction.

15.2 Code-based Access Control.

15.3 Java Security.

15.4 .NET Security Framework.

15.5 Cookies.

15.6 SPKI.

15.7 Trust Management.

15.8 Digital Rights Management.

15.9 Further Reading.

15.10Exercises.

Chapter 16: Mobility.

16.1 Introduction.

16.2 GSM.

16.3 UMTS.

16.4 Mobile IPv6 Security.

16.5 WLAN.

16.6 Bluetooth.

16.7 Further Reading.

16.8 Exercises.

Chapter 17: Database Security.

17.1 Introduction.

17.2 Relational Databases.

17.3 Access Control.

17.4 Statistical Database Security.

17.5 Integration with the Operating System.

17.6 Privacy.

Bibliography.

Index.

크리에이티브 커먼즈 라이선스

이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이선스에 따라 이용하실 수 있습니다.

저자명 : David Hook   
출판사 : Wrox  
정 가  : 49,000원  
ISBN : 0-7645-9633-0  
출간년월 : 2005 년 8 월   
페이지 : 448 쪽   
크기 : 세로 : 235, 가로 : 188, 반양장 

While cryptography can still be a controversial topic in the programming community, Java has weathered that storm and provides a rich set of APIs that allow you, the developer, to effectively include cryptography in applications—if you know how. This book teaches you how. Chapters one through five cover the architecture of the JCE and JCA, symmetric and asymmetric key encryption in Java, message authentication codes, and how to create Java implementations with the API provided by the Bouncy Castle ASN.1 packages, all with plenty of examples. Building on that foundation, the second half of the book takes you into higher-level topics, enabling you to create and implement secure Java applications and make use of standard protocols such as CMS, SSL, and S/MIME.

What you will learn from this book
How to understand and use JCE, JCA, and the JSSE for encryption and authentication
The ways in which padding mechanisms work in ciphers and how to spot and fix typical errors
An understanding of how authentication mechanisms are implemented in Java and why they are used
Methods for describing cryptographic objects with ASN.1
How to create certificate revocation lists and use the Online Certificate Status Protocol (OCSP)
Real-world Web solutions using Bouncy Castle APIs

Who this book is for
This book is for Java developers who want to use cryptography in their applications or to understand how cryptography is being used in Java applications. Knowledge of the Java language is necessary, but you need not be familiar with any of the APIs discussed.

***********************************************************

CONTENTS

Chapter 1: The JCA and the JCE.

Chapter 2: Symmetric Key Cryptography.

Chapter 3: Message Digests, MACs, and HMACs.

Chapter 4: Asymmetric Key Cryptography.

Chapter 5: Object Description in Cryptography Using ASN.1.

Chapter 6: Distinguished Names and Certificates.

Chapter 7: Certificate Revocation and Path Validation.

Chapter 8: Key and Certificate Management Using Keystores.

Chapter 9: CMS and S/MIME.

Chapter 10: SSL and TLS.

Appendix A: Solutions to Exercises.

Appendix B: Algorithms Provided by the Bouncy Castle Provider.

Appendix C: Using the Bouncy Castle API for Elliptic Curve.

Appendix D: Bibliography and Further Reading.

크리에이티브 커먼즈 라이선스

이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이선스에 따라 이용하실 수 있습니다.

저자명 : Mostafa Hashem Sherif   
출판사 : Wiley  
정 가  : 39,000원  
ISBN : 0-471-71343-0  
출간년월 : 2006 년 9 월   
페이지 : 247 쪽   
크기 : 세로 : 260, 가로 : 180, 양장 

Many senior managers and management consultants seem to be unaware of the differences between development projects in telecommunications services as opposed to those in equipment design and manufacturing. This book addresses those differences, their interaction with telecommunications deregulation and their consequences on the ability of telecommunications service providers to deliver services on schedule and within budget.

From the Back Cover
Effective project management tailored to the needs of the telecommunications industry

"In our rapidly changing world, the information and communication technologies and services have an immense impact on virtually all aspects of our lives. . . . With his deep understanding of the telecommunication services, and his rich experiences in both standardization activities and teaching practice, [Dr. Sherif''s] book provides a very clear analysis of development projects in telecommunication services. I believe the readers will find this book very useful and interesting."
—Houlin Zhao, Director, Telecommunication Standardization Bureau,International Telecommunication Union

"Dr. Sherif''s book is an important contribution to the project management literature. With the domination of the service economy in recent years, the book addresses the unique features of telecommunication services, a critical pillar of the service sector. Development projects in telecommunications require combining good knowledge of the fundamentals of project management with clear understanding of the complexities arising from fast-changing technology, deregulations, standards, accountability, and supply chain management difficulties. This book addresses the much-needed integrative approach very well."
—Tarek Khalil, President, International Association for Management of Technology (IAMOT)

While there has been much written about project management, the vast majority of the literature focuses on industrial design and production. In Managing Projects in Telecommunication Services, Mostafa Hashem Sherif effectively demonstrates the unique requirements of projects in telecommunication services and, consequently, the benefits of an integrated approach to project management that is specifically tailored to the telecommunications industry.

Managing Projects in Telecommunication Services draws from a wide range of disciplines, including organizational management, motivation, quality control, and software engineering. All the theory and practical guidance that an effective telecommunications project manager needs is provided.

The text is divided into three main parts:
- Chapters 1 through 3 set forth the special characteristics of telecommunications projects, including technology life cycle, type of innovation, and project organization
- Chapters 4 through 10 cover the areas that the Project Management Institute has standardized in its publication A Guide to the Project Management Body of Knowledge (PMBOK Guide), focusing on the issues specific to telecommunications. Chapters address scope, schedule and cost, information and communication, human resources, quality, vendor management, and risk
- Chapters 11 and 12 integrate and summarize all of the concepts for the planning and delivery of a project

Chapters are loaded with examples and case studies, many from the author''s personal experience, that demonstrate the benefits of good project management and the consequences of poor project management. Each chapter includes a summary of key points. References are also provided to facilitate further research and study.

For project managers as well as students in telecommunications, this text is unsurpassed. It not only covers the theory and practice of effective project management, it also tailors its discussion specifically to the unique needs of the telecommunications industry.

About the Author
MOSTAFA HASHEM SHERIF, PhD, is a Certified Project Manager and internationally recognized as an expert on standards for packetized voice and digital signal processing in transmission equipment. He currently is a Senior Technical Specialist for AT&T and is the recipient of the AT&T Standards Recognition Award. Dr. Sherif holds several U.S. patents and is the Standards coeditor for IEEE Communications Magazine and the author of the bestselling book Protocols for Secure Electronic Commerce.
　
***********************************************************

CONTENTS

Foreword.
Preface. Foreword.
Preface.

1 Projects in Telecommunication Services.

Introduction.

Project Management Versus Product Management.

Virtual Network Operators.

Contribution of Project Management.

The Two Facets of Telecommunication Services.

Categories of Projects in Telecommunication Services.

Upgrades of Public Networks.

Establishment of Specialized Business Networks.

Temporary Networks.

Characteristics of Telecommunication Service Projects.

Complex Interfaces.

External Interfaces.

Internal Interfaces.

International Orientation.

Multidisciplinarity.

No Mass Production.

Diverse Users.

A Relatively Long Planning Stage.

Summary of Distinctions Between the Development of Telecommunication Services and Equipment.

Summary.

2 Standards and Innovation in Telecommunication Services.

The Two Dimensions of Telecommunication Projects.

The Technological Dimension.

The Marketing and Social Dimension.

Classification of Innovations.

Innovations and the Technology Life Cycle.

Innovation in Telecommunication Services.

Incremental Innovation.

Architectural Innovation.

Platform Innovation.

Radical Innovation.

Interaction of Innovations in Equipment and Services.

Phasic Relation Between Equipment and Services.

Standardization for Telecommunication Services.

Timing of Standards.

Marketing Perspective.

Technological View of Standards.

Anticipatory Standards.

Enabling (Participatory) Standards.

Responsive Standards.

Lack of Standards.

Standards Policy and Knowledge Management.

Summary.

3 The Project Management Context.

Organization of the Project Team.

Functional Organization.

Examples.

Advantages.

Disadvantages.

Matrix Organization.

Examples.

Advantages.

Disadvantages.

Projectized Organization.

Examples.

Advantages.

Disadvantages.

Comparison of Project Organizations.

Project Organization and Innovation Type.

Incremental Innovation.

Architectural Innovation.

Platform Innovation.

Radical Innovation.

The Role of the Project Sponsor.

Phase Management and Portfolio Management.

The Rolling Wave Method for Service Development.

Phase 1: Concept Definition.

Phase 2: Initiation and Preliminary Planning Phase.

Phase 3: Implementation.

Phase 4: Controlled Introduction.

Phase 5: General Availability and Close-Out.

Canceling Projects.

Relation to the Build–Operate–Transfer Model.

Summary.

4 Scope Management.

Scope Initiation.

Scope Planning.

Market Service Description (MSD).

Scope Definition.

Work Breakdown Structure.

Technical Plan.

The Need for Scope Management.

Salt Lake City Winter Olympics.

E-Zpass Toll Collection System.

Background.

Gaps in the Definition ITS Scope.

Scope Creep in New Jersey.

Sources of Scope Change.

Customer Profile.

Vendor’s Effect.

Basic Principles of Scope Management.

Change Control Policy.

Strictness of the Change Control Policy.

Change Control Board.

Scope Verification.

Tracking and Issue Management.

Project Termination.

Case Studies.

Telecommunications Alliances/Joint Ventures.

Net 1000.

Background.

Timeline and Organization Evolution.

Postmortem Analysis.

Lessons Learned.

Lessons Not Learned.

Summary.

5 Time and Cost Management.

Scheduling.

Delays in Telecommunication Projects.

Compressing the Schedule.

Cost Management.

Project Tracking with Earned Value Analysis.

Metrics for the Earned Value.

Discrete Effort Method.

Apportioned Effort Method.

Level of Effort Method.

Budget Types.

Monitoring Project Progress.

Measures of Efficiency.

Prerequisites for Earned Value Analysis.

Earned Value Analysis in Telecommunication Projects.

Summary.

6 Information and Communication Management.

The Role of Communication Management.

Dissemination of Information.

Team Cohesion.

Historical Database.

Communication and Outsourcing.

The Communication Plan.

Audience.

Circumstances.

Nature of Information.

Content of the Plan.

Communication Channels.

One-on-One Communication.

Meetings.

Telephony and Teleconferences.

E-Mail.

Intranets and Project Portals.

Evaluation of the Communication Processes.

Measure of Communication Effectiveness.

Signs of Communication Problems.

Barriers to Successful Communications.

Summary.

7 Resources Management.

Formation of the Project Team.

Team Building.

Team Building and the Hierarchy of Human Needs.

Signs of a Jelled Team.

Enablers of Team Cohesiveness.

Impediments to Team Consolidation.

No Self-Actualization.

No Self-Esteem.

No Belongingness.

No Security.

Team Breakup (Adjourning).

Project Leadership.

Transactional Versus Transformational Leadership.

Project Manager’s Authority.

Manipulative Behavior.

MBTI Classification of Leadership Styles.

Time-Dependent Leadership.

Matching Leadership Style with the Project Phase.

Matching Leadership Style with Innovation Type.

Matching Leadership with Technology Maturity.

Conflict Resolution.

Conflicts Due to Contractual Structures.

Conflicts Due to Connectual Structures.

Types of Diversity.

Examples of Social Diversity.

Examples of Informational Diversity.

Examples of Value Diversity.

Conflicts and Diversity.

Effects of Conflict on Project Performance.

Dealing with Conflicts.

Problem Solving.

Coercion.

Compromise.

Accommodation.

Withdrawal or Avoidance.

Summary.

8 Quality Management.

Overview.

Quality and Innovation.

Service Release Management.

Quality Plan.

Categorization of the Defects: Urgency and Criticality.

Appraisal.

Schedule Compression.

Evaluation of Testing Progress.

When to Stop Testing?

Vendor Management During the Testing Program.

Summary.

Appendix.

Poisson Model.

The Basic Model.

The Jelinski–Moranda Model.

Deployability.

Learning Effect with the Yamada Model.

9 Vendor Management.

The Importance of Vendor Management.

Vendor Management Versus Procurement Management.

Acquisition Process.

Evaluation of the Formal Solicitation Process.

Vendor Selection.

Contract Type.

Vendor Types in Telecommunications Services.

Vendor Evaluation.

Additional Criteria for Equipment Vendors.

Additional Criteria for Connectivity Vendors.

Communications with Technology Vendors.

Statement of Work.

Vendor Tracking.

Partnerships and Virtual Organizations.

Metrics for Vendor Tracking During Acceptance Testing.

Vendor’s Handoff.

Metrics for Vendor Tracking for Problems in the Field.

Risks in the Management of Technology Vendors.

The Technology Life Cycle.

Vendor Type.

Risk of Supply Disruption.

Congruence of the Plans for the Vendor and the Service Provider.

Lack of Standards.

Intellectual Property and Knowledge Management.

Inadequate Field Support.

Risk Mitigation in the Management of Technology Vendor.

Connectivity Vendors.

Types of Agreements Among Network Operators.

Risks Management for Interconnectivity Vendors.

Summary.

10 Risk Management.

Risk Identification.

Risk Evaluation.

Risk Mitigation.

Risk Avoidance.

Risk Reduction.

Combined Risk Avoidance and Reduction.

Risk Deflection.

Risk Financing.

Risks Identification Telecommunications Services.

Project Characteristics.

Complexity.

Schedule.

Novelty.

Geography.

Internal Organization.

Technology.

Supplier.

Customer.

Risk Mitigation in Telecommunications Services.

Risks Due to Project Characteristics.

Technological Risks.

Supplier’s Risks.

Customer’s Risks.

Standardization and Risk.

Innovation and Risk.

Incremental Innovation.

Architectural Innovation.

Platform Innovation.

Radical Innovation.

Risk Mitigation and Organizational Culture.

Risk Mitigation and the Project Manager’s Tolerance for Risk.

Summary.

11 Service Development.

Opportunity Analysis and Concept Definition.

Product Definition and Project Setup.

Design and Procurement.

Architecture Design.

Supplier Management.

Technical Definition of the Service.

Site Selection.

Service Operations Technical Plan (SOTP).

Support Processes.

Operations, Administration and Maintenance (OA&M).

Disaster Recovery.

Customer Network Management.

Development.

Equipment Handoff.

System and Integration Testing.

Network Operations Center (NOC).

Human Resources.

Return Maintenance Authorization (RMA).

Customer Care.

Service Turn-Up.

Installing the Equipment.

In-Field Tests.

Pilot Trials.

Controlled Introduction.

Management of the Controlled Introduction.

Marketing and Sales Plans for General Availability.

Commissioning and Life-Cycle Management.

Lessons Learned and Closeout.

Quality-of-Service Metrics.

Customer Care Performance.

Network Performance.

OA&M Quality.

Business and Network Evolution.

Summary.

Appendix.

12 Some Final Thoughts.

Continuity and Change.

Project Success or Service Success?

Competition and Government Policies.

Standardization.

Outsourcing.

References.

Index.
　

크리에이티브 커먼즈 라이선스

이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이선스에 따라 이용하실 수 있습니다.

저자명 : Richard W. Selby   
출판사 : Wiley  
정 가  : 52,000원  
ISBN : 978-0-470-14873-0  
출간년월 : 2007 년 6 월   
페이지 : 832 쪽   
크기 : 세로 : 245, 가로 : 198, 양장 

This is the most authoritative archive of Barry Boehm''s contributions to software engineering. Featuring 42 reprinted articles, along with an introduction and chapter summaries to provide context, it serves as a "how-to" reference manual for software engineering best practices. It provides convenient access to Boehm''s landmark work on product development and management processes. The book concludes with an insightful look to the future by Dr. Boehm.

From the Back Cover
Landmark findings and best practices from software engineering pioneer Barry W. Boehm based on forty years of research and experience

This book presents forty-two of Barry W. Boehm''s best articles on software engineering, organizes them into nine chapters with newly written summaries by nine of his colleagues, and concludes with a new chapter on Barry''s "thoughts for the future." The book chapters address:

- Software Architecture and Quality
- Software Economics
- Software Tools
- Software Process: Early Spiral Model
- Software Risk Management
- Software Process: Emerging Extensions
- Software and Systems Management
- Software Engineering State of the Art and Practice
- Value-Based Software Engineering
- A Software Engineer in the Software Century

This book is recommended as a guide and resource for software engineers, project managers, and technology executives as well as a textbook for advanced undergraduate and graduate courses.

"In my view, Barry Boehm is single-handedly responsible for turning software engineering from an anecdote-driven, opinion-laden art form into data-driven, fact-based engineering."
–Dr. William A. Wulf, President, National Academy of Engineering

"This book is a must-read for all software engineers."
–Dr. Yannis C. Yortsos, Dean, Viterbi School of Engineering, University of Southern California

"Barry Boehm has led the effort to put a sound footing under software engineering. His Software Engineering Economics provided fact-grounded models that first enabled us to move beyond speculation in budgeting and scheduling. His spiral development model and risk-management strategies each constitute major advances in our thinking."
–Dr. Frederick P. Brooks, Jr., Kenan Professor of Computer Science, University of North Carolina

"This book makes clear Barry Boehm''s enormous contributions to software engineering over several decades and provides a perspective no one else could have given."
–Dr. Victor R. Basili, Professor of Computer Science, University of Maryland

"This collection of articles illuminates why Barry Boehm is one of the software industry''s most trusted advisors."
–Walker E. Royce, Vice President, IBM Rational

"Barry Boehm has spent much of his adult life guiding us and our industry; I, for one, am full of gratitude."
–Tom DeMarco, Principal, The Atlantic Systems Guild

"Read Boehm''s hints that will make your software shop tick."
–Dr. Lawrence Bernstein, Professor of Software Engineering, Stevens Institute of Technology

"Barry Boehm''s insights into software engineering are one of a kind. For more than twenty-five years, Barry has been the leading figure in software cost models and software process. This book is a must-read for all software engineers."
–Dr. Arthur B. Pyster, Vice President, SAIC

"Barry Boehm stands as a model engineering researcher for having developed novel theories, methods, and tools that infuse economic and human values into software engineering. This book provides a valuable starting point and guide to researchers and practitioners alike who need to better understand state-of-the-art thinking in this area."
–Dr. Kevin J. Sullivan, Professor of Computer Science, University of Virginia

"Anyone who wishes to understand where software engineering has been, and is going, needs to read this collection of articles. They represent the perspectives of the man who has made so much of this happen in decades past, and whose work will undoubtedly provide direction to the community for decades to come."
–Dr. Leon J. Osterweil, Professor of Computer Science, University of Massachusetts

About the Author
Richard W. Selby, PhD, is the Head of Software Products at Northrop Grumman Space Technology and an Adjunct Professor of Computer Science at the University of Southern California. He cowrote the international bestselling book Microsoft Secrets: How the World''s Most Powerful Software Company Creates Technology, Shapes Markets, and Manages People.

***********************************************************

CONTENTS

Introduction.

Acknowledgements.

Chapter 1. Software Architecture and Quality.

Chapter 2. Software Economics.

Chapter 3. Software Tools.

Chapter 4. Software Process: Early Spiral Model.

Chapter 5. Software Risk Management.

Chapter 6. Software Process: Emerging Extensions.

Chapter 7. Software and Systems Management.

Chapter 8. Software Engineering State of the Art and Practice.

Chapter 9. Value-Based Software Engineering.

Chapter 10. Being a Software Engineer in the Software Century.

Index.

About the Editor.

크리에이티브 커먼즈 라이선스

이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이선스에 따라 이용하실 수 있습니다.