did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780131547292

Information Security Principles and Practices

by ;
  • ISBN13:

    9780131547292

  • ISBN10:

    0131547291

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2005-08-19
  • Publisher: Prentice Hall
  • View Upgraded Edition

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $150.80 Save up to $42.22
  • Buy Used
    $108.58
    Add to Cart Free Shipping Icon Free Shipping

    USUALLY SHIPS IN 24-48 HOURS

Supplemental Materials

What is included with this book?

Summary

For an introductory course in information security covering principles and practices. This text covers the ten domains in the Information Security Common Body of Knowledge, which are Security Management Practices, Security Architecture and Models, Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP), Law, Investigations, and Ethics, Physical Security, Operations Security, Access Control Systems and Methodology, Cryptography, Telecommunications, Network, and Internet Security.

Table of Contents

Security Series Walk-Through xviii
Preface xxi
About the Authors xxv
Acknowledgments xxvi
Quality Assurance xxvii
Why Study Information Security?
1(18)
Introduction
1(1)
Growing IT Security Importance and New Career Opportunities
2(2)
Increasing Demand by Government and Private Industry
3(1)
Becoming an Information Security Specialist
4(4)
Schools Are Responding to Demands
6(1)
Multidisciplinary Approach
7(1)
Contextualizing Information Security
8(11)
Information Security Careers Meet the Needs of Business
9(3)
Summary
12(1)
Test Your Skills
12(7)
Information Security Principles of Success
19(20)
Introduction
19(1)
Principle 1: There Is No Such Thing as Absolute Security
20(1)
Principle 2: The Three Security Goals Are Confidentiality, Integrity, and Availability
21(2)
Integrity Models
22(1)
Availability Models
22(1)
Principle 3: Defense in Depth as Strategy
23(1)
Principle 4: When Left on Their Own, People Tend to Make the Worst Security Decisions
23(3)
In Practice: Phishing for Dollars
24(2)
Principle 5: Computer Security Depends on Two Types of Requirements: Functional and Assurance
26(1)
Principle 6: Security Through Obscurity Is Not an Answer
26(1)
Principle 7: Security = Risk Management
27(2)
Principle 8: The Three Types of Security Controls Are Preventative, Detective, and Responsive
29(1)
Principle 9: Complexity Is the Enemy of Security
30(1)
Principle 10: Fear, Uncertainty, and Doubt Do Not Work in Selling Security
30(1)
Principle 11: People, Process, and Technology Are All Needed to Adequately Secure a System or Facility
30(2)
In Practice: How People, Process, and Technology Work in Harmony
32(1)
Principle 12: Open Disclosure of Vulnerabilities Is Good for Security!
32(1)
In Practice: To Disclose or Not to Disclose; That Is the Question!
32(7)
Summary
33(1)
Test Your Skills
34(5)
Certification Programs and the Common Body of Knowledge
39(20)
Introduction
39(1)
Certification and Information Security
40(2)
International Information Systems Security Certifications Consortium
41(1)
The Information Security Common Body of Knowledge
42(5)
Security Management Practices
43(1)
Security Architecture and Models
43(1)
Business Continuity Planning
44(1)
Law, Investigations, and Ethics
44(1)
Physical Security
44(1)
Operations Security
45(1)
Access Control Systems and Methodology
45(1)
Cryptography
46(1)
Telecommunications, Network, and Internet Security
46(1)
Application Development Security
46(1)
Other Certificate Programs in the IT Security Industry
47(12)
Certified Information Systems Auditor
47(1)
Certified Information Security Manager
47(1)
Global Information Assurance Certifications (GIAC)
48(1)
Comp TIA Security + Certification
48(1)
Vendor-Specific Certification Programs
48(3)
Summary
51(1)
Test Your Skills
51(8)
Security Management
59(30)
Introduction
59(1)
Security Policies Set the Stage for Success
60(1)
Four Types of Policies
61(5)
Programme-Level Policies
63(2)
Programme-Framework Policies
65(1)
Issue-Specific Policies
66(1)
In Practice: An Issue-Specific Policy Scenario
66(2)
System-Specific Policies
68(1)
Development and Management of Security Policies
68(2)
Security Objectives
69(1)
Operational Security
69(1)
Policy Implementation
70(1)
Policy Support Documents
70(1)
Regulations
71(1)
In Practice: HIPAA Privacy
71(3)
Standards and Baselines
73(1)
Guidelines
74(1)
Procedures
74(1)
Suggested Standards Taxonomy
74(6)
Asset Classification
74(1)
Separation of Duties
75(1)
Preemployment Hiring Practices
76(2)
Risk Analysis and Management
78(1)
Education, Training, and Awareness
79(1)
Who Is Responsible for Security?
80(9)
Summary
81(1)
Test Your Skills
82(7)
Security Architecture and Models
89(34)
Introduction
89(1)
Defining the Trusted Computing Base
90(3)
Rings of Trust
91(2)
Protection Mechanisms in a Trusted Computing Base
93(3)
System Security Assurance Concepts
96(1)
Goals of Security Testing
96(1)
Formal Security Testing Models
97(1)
Trusted Computer Security Evaluation Criteria
97(4)
Division D: Minimal Protection
98(1)
Division C: Discretionary Protection
98(1)
Division B: Mandatory Protection
99(1)
Division A: Verified Protection
100(1)
The Trusted Network Interpretation of the TCSEC
101(1)
Information Technology Security Evaluation Criteria
101(3)
Comparing ITSEC and TCSEC
102(1)
ITSEC Assurance Classes
102(2)
Canadian Trusted Computer Product Evaluation Criteria
104(1)
Federal Criteria for Information Technology Security
104(1)
The Common Criteria
104(9)
Protection Profile Organization
106(1)
Security Functional Requirements
107(3)
Evaluation Assurance Levels
110(2)
The Common Evaluation Methodology
112(1)
Confidentiality and Integrity Models
113(10)
Bell-LaPadula Model
113(1)
Biba Integrity Model
114(1)
Advanced Models
114(1)
Summary
115(1)
Test Your Skills
116(7)
Business Continuity Planning and Disaster Recovery Planning
123(18)
Introduction
123(1)
Overview of the Business Continuity Plan and Disaster Recovery Plan
124(5)
Why the BCP Is So Important
126(1)
Types of Disruptive Events
126(1)
Defining the Scope of the Business Continuity Plan
127(1)
Creating the Business Impact Analysis
128(1)
Disaster Recovery Planning
129(12)
Identifying Recovery Strategies
129(1)
Shared-Site Agreements
130(1)
Alternate Sites
130(1)
Additional Arrangements
131(1)
How to Test a Disaster Recovery Plan
132(1)
Without the Walls and Within
132(1)
Summary
133(1)
Test Your Skills
133(8)
Law, Investigations, and Ethics
141(24)
Introduction
141(1)
Types of Computer Crime
142(2)
How Cyber Criminals Commit Crimes
144(1)
The Computer and the Law
145(2)
Legislative Branch of the Legal System
146(1)
Administrative Branch of the Legal System
146(1)
Judicial Branch of the Legal System
146(1)
Intellectual Property Law
147(2)
Patent Law
148(1)
Trademarks
148(1)
Trade Secrets
149(1)
Privacy and the Law
149(3)
International Privacy Issues
150(1)
Privacy Laws in the United States
151(1)
Computer Forensics
152(1)
The Information Security Professional's Code of Ethics
153(1)
Other Ethics Standards
154(11)
Computer Ethics Institute
155(1)
Internet Activities Board: Ethics and the Internet
155(1)
Code of Fair Information Practices
156(1)
Summary
156(1)
Test Your Skills
157(8)
Physical Security Control
165(22)
Introduction
165(1)
Understanding the Physical Security Domain
166(1)
Physical Security Threats
167(1)
Providing Physical Security
168(19)
Educating Personnel
168(1)
Administrative Access Controls
169(2)
Physical Security Controls
171(2)
Technical Controls
173(5)
Environmental/Life-Safety Controls
178(2)
Summary
180(1)
Test Your Skills
180(7)
Operations Security
187(18)
Introduction
187(1)
Operations Security Principles
188(1)
Operations Security Process Controls
189(1)
In Practice: Controlling Privileged User IDs
190(2)
Operations Security Controls in Action
192(13)
Software Support
192(1)
Configuration and Change Management
193(1)
Backups
193(1)
Media Controls
194(2)
Documentation
196(1)
Maintenance
196(1)
Interdependencies
197(1)
Summary
198(1)
Test Your Skills
199(6)
Access Control Systems and Methodology
205(24)
Introduction
205(1)
Terms and Concepts
206(3)
Identification
206(1)
Authentication
206(1)
Least Privilege (Need-to-Know)
206(1)
Information Owner
207(1)
Discretionary Access Control
207(1)
Access Control Lists
207(1)
Mandatory Access Control
208(1)
Role-Based Access Control
208(1)
In Practice: Classification and Clearances in Military Security
209(1)
Principles of Authentication
210(1)
The Problems with Passwords
210(1)
In Practice: Password Cracking Tools
210(3)
Multifactor Authentication
211(2)
Biometrics
213(1)
Single Sign-On
214(5)
Kerberos
215(1)
Federated Identities
215(4)
Remote User Access and Authentication
219(10)
Remote Access Dial-In User Service
220(1)
Virtual Private Networks
220(1)
Summary
220(1)
Test Your Skills
221(8)
Cryptography
229(28)
Introduction
229(1)
Applying Cryptography to Information Systems
230(1)
Basic Terms and Concepts
231(2)
Strength of Cryptosystems
233(1)
In Practice: A Simple Transposition Encryption Example
234(3)
Cryptosystems Answer the Needs of Today's E-Commerce
236(1)
The Role of Keys in Cryptosystems
236(1)
In Practice: A Simple Substitution Example
237(1)
Putting the Pieces to Work
238(6)
Digesting Data
239(3)
Digital Certificates
242(2)
Examining Digital Cryptography
244(13)
Hashing Functions
244(1)
Block Ciphers
245(1)
Implementations of PPK Cryptography
246(3)
Summary
249(1)
Test Your Skills
250(7)
Telecommunications, Network, and Internet Security
257(38)
Introduction
257(1)
Network and Telecommunications Security From 20,000 Feet Up
258(1)
Network Security in Context
259(1)
The Open Systems Interconnection (OSI) Reference Model
259(8)
The Protocol Stack
259(3)
The OSI Reference Model and TCP/IP
262(3)
The OSI Model and Security
265(2)
Data Network Types
267(1)
Local Area Network
267(1)
Wide Area Network
267(1)
Internet
267(1)
Intranet
268(1)
Extranet
268(1)
Protecting TCP/IP Networks
268(1)
Basic Security Infrastructures
269(3)
Routers
269(1)
Packet Filtering
269(2)
Benefits of Packet-Filtering Routers
271(1)
Limitations of Packet-Filtering Routerst
271(1)
Firewalls
272(8)
Application-Level Gateway Firewall
272(2)
Bastion Hosts
274(1)
Benefits of Application-Level Gateways
275(1)
Limitations of Application-Level Gateways
275(1)
Firewall Implementation Examples
275(4)
Choose Wisely!
279(1)
Intrusion Detection Systems
280(3)
What Kind of Intrusions?
280(1)
Characteristics of Good Intrusion Detection Systems
281(1)
False Positives, False Negatives, and Subversion Attacks
282(1)
Virtual Private Networks
283(12)
IPSec
283(4)
Security Policies
287(1)
IPSec Key Management
287(1)
Summary
287(1)
Test Your Skills
288(7)
Application Development Security
295(22)
Introduction
295(1)
The Practice of Software Engineering
296(1)
Software Development Life Cycles
297(2)
Distributed Systems
299(5)
Software Agents
301(1)
Java
302(1)
Java Applets
302(1)
ActiveX Controls
302(1)
Distributed Objects
303(1)
Malware
304(1)
Antivirus Software
305(1)
Improving Security Across the SDLC
305(12)
Education Subgroup
306(1)
Software Process Subgroup
307(1)
Patch Management Subgroup
308(1)
Incentives Subgroup
309(1)
Summary
309(1)
Test Your Skills
310(7)
Securing the Future
317(16)
Introduction
317(1)
Continuous Monitoring and Constant Vigilance
318(1)
Operation Eligible Receiver
319(2)
Identity Theft and the U.S. Regulatory Environment
321(1)
Growing Threats
321(2)
Vendors Try to Silence Security Researchers
322(1)
Pharming Supplements Phishing Attacks
322(1)
Trends in Security Threats
323(1)
The Rosy Future for InfoSec Specialists
323(10)
Demand Outpaces Security Skills
324(1)
Summary
325(1)
Test Your Skills
325(8)
Appendix A: Common Body of Knowledge 333(28)
Appendix B: Security Policy and Standards Taxonomy 361(14)
Appendix C: Sample Policies 375(14)
Appendix D: An Insider's Look at a Security Policy and Standards Management System 389(8)
Appendix E: HIPAA Security Rule Standards 397(4)
Glossary 401(8)
References 409(6)
Index 415

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program