CART

(0) items

Principles of Information Security,9780619063184
This item qualifies for
FREE SHIPPING!
FREE SHIPPING OVER $59!

Your order must be $59 or more, you must select US Postal Service Shipping as your shipping preference, and the "Group my items into as few shipments as possible" option when you place your order.

Bulk sales, PO's, Marketplace Items, eBooks, Apparel, and DVDs not included.

Principles of Information Security

by
Edition:
1st
ISBN13:

9780619063184

ISBN10:
0619063181
Format:
Paperback
Pub. Date:
12/12/2002
Publisher(s):
ITP (Manual)

Related Products


  • Principles Of Information Security
    Principles Of Information Security
  • Principles of Information Security
    Principles of Information Security
  • Principles of Information Security
    Principles of Information Security
  • Principles of Information Security
    Principles of Information Security
  • Principles of Information Security, 4th Edition
    Principles of Information Security, 4th Edition





Summary

Principles of Information Security examines the field of information security to prepare information systems students for their future roles as business decision-makers. This textbook presents a balance of the managerial and the technical aspects of the discipline and addresses knowledge areas of the CISSP (Certified Information Systems Security Professional) certification throughout. The authors discuss information security within a real-world context, by including examples of issues faced by today?s professionals and by including tools, such as an opening vignette and ?Offline? boxes with interesting sidebar stories in each chapter. Principles of Information Security also offers extensive opportunities for hands-on work.

Table of Contents

Preface xi
Section I-Introduction
Introduction to Information Security
1(38)
Introduction
3(1)
The History of Information Security
4(5)
The 1960s
5(1)
The 1970s and 80s
6(2)
The 1990s
8(1)
The Present
9(1)
What Is Security?
9(1)
What Is Information Security?
9(1)
Critical Characteristics of Information
10(4)
Availability
10(1)
Accuracy
11(1)
Authenticity
11(1)
Confidentiality
11(2)
Integrity
13(1)
Utility
13(1)
Possession
14(1)
NSTISSC Security Model
14(1)
Components of an Information System
15(2)
Software
16(1)
Hardware
16(1)
Data
16(1)
People
17(1)
Procedures
17(1)
Securing the Components
17(1)
Balancing Security and Access
18(1)
Top-Down Approach to Security Implementation
19(2)
The Systems Development Life Cycle
21(3)
Methodology
21(1)
Phases
21(1)
Investigation
22(1)
Analysis
22(1)
Logical Design
22(1)
Physical Design
23(1)
Implementation
23(1)
Maintenance and Change
23(1)
The Security Systems Development Life Cycle
24(3)
Investigation
24(1)
Analysis
24(1)
Logical Design
24(1)
Physical Design
25(1)
Implementation
25(1)
Maintenance and Change
25(2)
Key Terms
27(2)
Security Professionals and the Organization
29(3)
Senior Management
29(2)
Security Project Team
31(1)
Data Ownership
32(1)
Communities of Interest
32(1)
Information Security Management and Professionals
32(1)
Information Technology Management and Professionals
32(1)
Organizational Management and Professionals
33(1)
Information Security: Is It an Art or a Science?
33(1)
Security as Art
33(1)
Security as Science
34(1)
Security as a Social Science
34(1)
Chapter Summary
34(1)
Review Questions
35(1)
Exercises
36(1)
Case Exercises
36(3)
Section II-Security Investigation Phase
The Need for Security
39(40)
Introduction
41(1)
Business Needs First, Technology Needs Last
41(2)
Protecting the Ability of the Organization to Function
41(1)
Enabling the Safe Operation of Applications
42(1)
Protecting Data that Organizations Collect and Use
42(1)
Safeguarding Technology Assets in Organizations
42(1)
Threats
43(21)
Threat Group 1: Inadvertent Acts
44(3)
Threat Group 2: Deliberate Acts
47(14)
Threat Group 3: Acts of God
61(2)
Threat Group 4: Technical Failures
63(1)
Threat Group 5: Management Failures
64(1)
Attacks
64(8)
Malicious Code
65(1)
Hoaxes
65(1)
Back Doors
66(1)
Password Crack
66(1)
Brute Force
66(1)
Dictionary
66(1)
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)
66(1)
Spoofing
67(1)
Man-in-the-Middle
68(1)
Spam
69(1)
Mail bombing
69(1)
Sniffers
69(1)
Social Engineering
69(1)
Buffer Overflow
70(1)
Timing Attack
71(1)
Chapter Summary
72(1)
Review Questions
72(1)
Exercises
73(1)
Case Exercises
74(5)
Legal, Ethical and Professional Issues in Information Security
79(38)
Introduction
80(1)
Law and Ethics in Information Security
81(1)
Types of Law
81(1)
Relevant U.S. Laws
81(9)
General Computer Crime Laws
82(1)
Privacy
82(5)
Export and Espionage Laws
87(1)
U.S. Copyright Law
88(2)
International Laws and Legal Bodies
90(3)
European Council Cyber-Crime Convention
90(2)
Digital Millennium Copyright Act (DMCA)
92(1)
United Nations Charter
92(1)
Policy Versus Law
93(1)
Ethical Concepts in Information Security
93(6)
Cultural Differences in Ethical Concepts
93(1)
Software License Infringement
94(1)
Illicit Use
95(1)
Misuse of Corporate Resources
95(2)
Ethics and Education
97(1)
Deterrence to Unethical and Illegal Behavior
98(1)
Codes of Ethics, Certifications, and Professional Organizations
99(11)
Other Security Organizations
105(2)
Key U.S. Federal Agencies
107(3)
Organizational Liability and the Need for Counsel
110(1)
Chapter Summary
111(1)
Review Questions
112(1)
Exercises
112(1)
Case Exercises
113(4)
Section III-Security Analysis
Risk Management: Identifying and Assessing Risk
117(36)
Introduction
118(2)
Chapter Organization
119(1)
Risk Management
120(3)
Know Yourself
121(1)
Know the Enemy
121(1)
All Communities of Interest are Accountable
121(1)
Integrating Risk Management into the SecSDLC
122(1)
Risk Identification
123(17)
Asset Identification and Valuation
123(3)
Automated Risk Management Tools
126(1)
Information Asset Classification
127(1)
Information Asset Valuation
127(2)
Listing Assets in Order of Importance
129(1)
Data Classification and Management
130(2)
Security Clearances
132(1)
Management of Classified Data
132(2)
Threat Identification
134(1)
Identify and Prioritize Threats and Threat Agents
134(4)
Vulnerability Identification
138(2)
Risk Assessment
140(5)
Introduction to Risk Assessment
140(1)
Likelihood
141(1)
Valuation of Information Assets
141(1)
Percentage of Risk Mitigated by Current Controls
142(1)
Risk Determination
142(1)
Identify Possible Controls
142(1)
Access Controls
143(2)
Documenting Results of Risk Assessment
145(2)
Chapter Summary
147(1)
Review Questions
148(1)
Exercises
148(1)
Case Exercises
149(4)
Risk Management: Assessing and Controlling Risk
153(38)
Introduction
154(1)
Risk Control Strategies
155(7)
Avoidance
156(2)
Transference
158(1)
Mitigation
159(2)
Acceptance
161(1)
Risk Mitigation Strategy Selection
162(2)
Evaluation, Assessment, and Maintenance of Risk Controls
163(1)
Categories of Controls
164(2)
Control Function
164(1)
Architectural Layer
165(1)
Strategy Layer
165(1)
Information Security Principles
165(1)
Feasibility Studies
166(13)
Cost Benefit Analysis (CBA)
166(11)
Other Feasibility Studies
177(2)
Risk Management Discussion Points
179(1)
Risk Appetite
179(1)
Residual Risk
179(1)
Documenting Results
180(1)
Recommended Practices in Controlling Risk
181(2)
Qualitative Measures
181(1)
Delphi Technique
182(1)
Risk Management and the SecSDLC
182(1)
Chapter Summary
183(1)
Review Questions
184(1)
Exercises
185(1)
Case Exercises
186(5)
Section IV-Logical Design
Blueprint For Security
191(44)
Introduction
192(1)
Information Security Policy, Standards, and Practices
192(14)
Definitions
194(2)
Security Program Policy (SPP)
196(1)
Issue-Specific Security Policy (ISSP)
196(4)
Systems-Specific Policy (SysSP)
200(4)
Policy Management
204(2)
Information Classification
206(1)
Systems Design
207(2)
Information Security Blueprints
209(1)
ISO 17799/BS 7799
209(2)
NIST Security Models
211(7)
NIST Special Publication SP 800-12
211(1)
NIST Special Publication 800-14
211(6)
IETF Security Architecture
217(1)
VISA International Security Model
218(4)
Hybrid Framework for a Blueprint of an Information Security System
219(3)
Security Education, Training, and Awareness Program
222(1)
Security Education
223(2)
Security Training
224(1)
Security Awareness
224(1)
Design of Security Architecture
225(1)
Defense in Depth
225(5)
Security Perimeter
226(1)
Key Technology Components
227(3)
Chapter Summary
230(1)
Review Questions
231(1)
Exercises
231(1)
Case Exercises
232(3)
Planning for Continuity
235(38)
Introduction
236(1)
Continuity Strategy
237(3)
Business Impact Analysis
240(3)
Threat Attack Identification and Prioritization
241(1)
Business Unit Analysis
241(1)
Attack Success Scenario Development
242(1)
Potential Damage Assessment
242(1)
Subordinate Plan Classification
242(1)
Incident Response Planning
243(6)
Incident Planning
244(2)
Incident Detection
246(3)
When Does an Incident Become a Disaster?
249(1)
Incident Reaction
249(2)
Notification of Key Personnel
249(1)
Documenting an Incident
250(1)
Incident Containment Strategies
250(1)
Incident Recovery
251(5)
Prioritization of Efforts
252(1)
Damage Assessment
252(1)
Recovery
252(3)
Backup Media
255(1)
Automated Response
256(1)
Disaster Recovery Planning
257(3)
The Disaster Recovery Plan
258(1)
Crisis Management
258(2)
Recovery Operations
260(1)
Business Continuity Planning
260(3)
Developing Continuity Programs (BCPs)
260(1)
Continuity Strategies
260(3)
Model for a Consolidated Contingency Plan
263(2)
The Planning Document
263(2)
Law Enforcement Involvement
265(2)
Local, State, or Federal Authorities
265(1)
Benefits and Drawbacks of Law Enforcement Involvement
266(1)
Chapter Summary
267(1)
Review Questions
268(1)
Exercises
269(1)
Case Exercises
269(4)
Section V-Physical Design
Security Technology
273(50)
Introduction
274(1)
Physical Design of the SecSDLC
274(2)
Firewalls
276(8)
Development of Firewalls
276(3)
Firewall Architectures
279(4)
Configuring and Managing Firewalls
283(1)
Dial-up Protection
284(2)
RADIUS and TACACS
285(1)
Intrusion Detection Systems (IDS)
286(4)
Host-based IDS
286(2)
Network-based IDS
288(1)
Signature-based IDS
289(1)
Statistical Anomaly-based IDS
289(1)
Scanning and Analysis Tools
290(5)
Port Scanners
292(1)
Vulnerability Scanners
293(1)
Packet Sniffers
294(1)
Content Filters
295(1)
Trap and Trace
296(1)
Cryptography and Encryption-based Solutions
296(16)
Encryption Definitions
297(1)
Encryption Operations
298(2)
Vernam Cipher
300(1)
Book or Running Key Cipher
300(2)
Symmetric Encryption
302(1)
Asymmetric Encryption
303(1)
Digital Signatures
304(1)
RSA
305(1)
PKI
305(1)
What are Digital Certificates and Certificate Authorities?
306(2)
Hybrid Systems
308(1)
Securing E-mail
308(1)
Securing the Web
309(2)
Securing Authentication
311(1)
Sesame
312(1)
Access Control Devices
312(4)
Authentication
312(3)
Effectiveness of Biometrics
315(1)
Acceptability of Biometrics
316(1)
Chapter Summary
316(1)
Review Questions
317(1)
Exercises
318(1)
Case Exercises
319(4)
Appendix Cryptography 323(172)
Introduction
324(1)
Definitions
324(5)
Types of Ciphers
329(7)
Polyalphabetic Substitution Ciphers
329(1)
Transposition Ciphers
330(2)
Cryptographic Algorithms
332(2)
Asymmetric Cyptography or Public Key Cryptography
334(1)
Hybrid Cryptosystems
335(1)
Popular Cryptographic Algoritms
336(12)
Data Encryption Standard (DES)
336(3)
Data Encryption Core Process
339(5)
Public Key Infrastructure (PKI)
344(1)
Digital Signatures
345(1)
Digital Certificates
345(2)
Pretty Good Privacy (PGP)
347(1)
PGP Suite of Security Solutions
347(1)
Protocols for Secure Communications
348(4)
S-HTTP and SSL
348(1)
Secure/Multipurpose Internet Mail Extension (S/MIME)
349(1)
Internet Protocol Security (IPSec)
350(2)
Attacks on Cryptosystems
352(3)
Man-in-the-Middle Attack
352(1)
Correlation Attacks
352(1)
Dictionary Attacks
353(1)
Timing Attacks
353(2)
Physical Security
355(36)
Introduction
357(1)
Access Controls
358(8)
Controls for Protecting the Secure Facility
359(7)
Fire Safety
366(6)
Fire Detection and Response
366(6)
Failure of Supporting Utilities and Structural Collapse
372(6)
Heating, Ventilation, and Air Conditioning
372(2)
Power Management and Conditioning
374(4)
Testing Facility Systems
378(1)
Interception of Data
378(1)
Mobile and Portable Systems
379(3)
Remote Computing Security
381(1)
Special Considerations for Physical Security Threats
382(2)
Inventory Management
383(1)
Chapter Summary
384(1)
Review Questions
385(1)
Exercises
386(1)
Case Exercises
387(4)
Section VI-Implementation
Implementing Security
391(26)
Introduction
393(1)
Project Management in the Implementation Phase
393(12)
Developing the Project Plan
395(1)
Project Planning Considerations
395(8)
The Need for Project Management
403(1)
Supervising Implementation
403(1)
Executing the Plan
403(1)
Wrap-up
404(1)
Technical Topics of Implementation
405(3)
Conversion Strategies
405(1)
The Bull's-eye Model for Information Security Project Planning
405(2)
To Outsource or Not
407(1)
Technology Governance and Change Control
407(1)
Nontechnical Aspects of Implementation
408(3)
The Culture of Change Management
408(2)
Considerations for Organizational Change
410(1)
Chapter Summary
411(1)
Review Questions
412(1)
Exercises
413(1)
Case Exercises
414(3)
Security and Personnel
417(34)
Introduction
419(1)
The Security Function Within an Organization's Structure
419(1)
Staffing the Security Function
420(7)
Qualifications and Requirements
420(1)
Entry into the Security Profession
421(1)
Information Security Positions
422(5)
Credentials of Information Security Professionals
427(8)
Certified Information Systems Security Professional (CISSP) and Systems Security Certified Practitioner (SSCP)
428(2)
Security Certified Professional
430(1)
TruSecure ICSA Certified Security Associate (T.I.C.S.A.) and TruSecure ICSA Certified Security Expert (T.I.C.S.E)
430(2)
Security+
432(1)
Certified Information Systems Auditor (CISA)
432(1)
Certified Information Systems Forensics Investigator
432(1)
Related Certifications
433(1)
Cost of Being Certified
433(1)
Advice for Information Security Professionals
434(1)
Employment Policies and Practices
435(5)
Hiring and Termination Issues
435(3)
Performance Evaluation
438(1)
Termination
438(2)
Security Considerations for Nonemployees
440(2)
Temporary Employees
440(1)
Contract Employees
441(1)
Consultants
441(1)
Business Partners
442(1)
Separation of Duties and Collusion
442(2)
Privacy and the Security of Personnel Data
444(1)
Chapter Summary
444(2)
Review Questions
446(1)
Exercises
447(1)
Case Exercises
447(4)
Section VII-Maintenance and Change
Information Security Maintenance
451(44)
Introduction
452(2)
Managing for Change
454(1)
Security Management Models
454(10)
The ISO Network Management Model
455(9)
The Maintenance Model
464(26)
Monitoring the External Environment
464(5)
Monitoring the Internal Environment
469(4)
Planning and Risk Assessment
473(7)
Vulnerability Assessment and Remediation
480(7)
Readiness and Review
487(3)
Chapter Summary
490(1)
Review Questions
491(1)
Exercises
491(1)
Case Exercises
492(3)
Glossary 495(18)
Index 513


Please wait while the item is added to your cart...