[...]... into the average citizen home From the enterprise perspective, information about customers, competitors, products and processes is a key issue for its success The increasing importance of information technology for production, providing and maintaining consistent security of this information on servers and across networks becomes one of the major enterprise business activities This means that it requires... constraint checking xiv Preface In the last decade information and computer security is mainly moving from the confines of academia to the enterprise concerns As populations become more and more comfortable with the extensive use of networks and the Internet, as our reliance on the knowledge-intensive technology grows, and as progress in the computer software and wireless telecommunication increases... browser setting, and digital signature Some of the commercially available and popular antiphishing products are also described in this chapter Chapter XII describes the threat of phishing in which attackers generally sent a fraudulent email to their victims in an attempt to trick them into revealing private information This chapter starts defining the phishing threat and its impact on the financial industry... its existing network with the following requirements: • • • • • • • • • As a consequence of highlighting those above services needs and constraints within a company, a personalized architecture may be designed in terms of systems and networks with specific security constraints, then resulting in an adapted security policy This defines security measures for each network element, leading to the introduction... organizational infrastructure and on the introduction of new ways of information usage In such a complex world, there is a strong need of security to ensure system protection in order to maintain the enterprise activities operational However, this book gathers some essays that will stimulate a greater awareness of the whole range of security issues facing the modern enterprise It mainly shows how important... specification languages to include some features of the attack languages We believe that extending certain types of software specification languages to express security aspects like attack descriptions is a major step towards unifying software and security engineering Chapter XVII Dynamic Management of Security Constraints in Advanced Enterprises/ R Manjunath 302 In this chapter, the security associated... return on security investment (ROSI) indicator (Sonnenreich, 2006) in order to help the decision makers selecting the security solution appropriate to the company The ROSI takes into account the risk exposure in terms of financial wastes, the capacity without the security solution to mitigate attacks and the cost of the security solution responding to different security policies, are explained Let’s... goal in mind Compilation of References 334 About the Contributors 355 Index 363 xii Foreword This excellent reference source offers a fascinating new insight into modern issues of security It brings together contributions from an international group of active researchers who, between them, are addressing a number of the current key challenges in providing enterprise- wide... stakes behind the positioning of elements within the architectures That includes system and network  elements, but also authentication tools, VPN and data security tools, and filtering elements When defining the overall network architecture within a company, the security constraints should be considered as well as the needs and services constraints of the company All those elements will be detailed in the... theft of information Note that in this context, “available” is used in a generic meaning which covers as much availability as confidentiality and integrity Of course, there is no interest in providing an operational service if nonauthorized users can read or modify data The first step for a company that wants to secure its network, prior to deploying any security equipment, is to define all existing services, . not indicate a claim of ownership by IGI Global of the trademark or registered trademark. Library of Congress Cataloging -in- Publication Data Advances in enterprise information technology security. step towards unifying software and security engineering. Chapter XVII Dynamic Management of Security Constraints in Advanced Enterprises/ R. Manjunath 302 In this chapter, the security associated. ad- dressing a number of the current key challenges in providing enterprise- wide information technology solutions. The general area of security has long been acknowledged as vitally important in enterprise