CART

(0) items

Principles Of Information Security,9780619216252
This item qualifies for
FREE SHIPPING!

FREE SHIPPING OVER $59!

Your order must be $59 or more, you must select US Postal Service Shipping as your shipping preference, and the "Group my items into as few shipments as possible" option when you place your order.

Bulk sales, PO's, Marketplace Items, eBooks, Apparel, and DVDs not included.

Principles Of Information Security

by ;
Edition:
2nd
ISBN13:

9780619216252

ISBN10:
0619216255
Format:
Paperback
Pub. Date:
11/23/2004
Publisher(s):
Cengage Learning
Includes 2-weeks free access to
step-by-step solutions for this book.
Step-by-Step solutions are actual worked out problems to the questions at the end of each chapter that help you understand your homework and study for your exams. Chegg and eCampus are providing you two weeks absolutely free. 81% of students said using Step-by-Step solutions prepared them for their exams.
List Price: $129.95
More New and Used
from Private Sellers
Starting at $0.01
See Prices

Rent Textbook

We're Sorry
Sold Out

Used Textbook

We're Sorry
Sold Out

eTextbook

We're Sorry
Not Available

New Textbook

We're Sorry
Sold Out

Related Products


  • Principles of Information Security
    Principles of Information Security
  • Principles of Information Security
    Principles of Information Security
  • Principles of Information Security
    Principles of Information Security
  • Principles of Information Security
    Principles of Information Security
  • Principles of Information Security, 4th Edition
    Principles of Information Security, 4th Edition




Summary

Principles of Information Security examines the field of information security to prepare information systems students for their future roles as business decision-makers. This textbook presents a balance of the managerial and the technical aspects of the discipline and addresses knowledge areas of the CISSP (Certified Information Systems Security Professional) certification throughout. The authors discuss information security within a real-world context, by including examples of issues faced by today?s professionals and by including tools, such as an opening vignette and ?Offline? boxes with interesting sidebar stories in each chapter. Principles of Information Security also offers extensive opportunities for hands-on work.

Table of Contents

Preface xv
Chapter 1 Introduction to Information Security 1(34)
Introduction
3(1)
The History of Information Security
3(5)
The 1960's
4(1)
The 1970's and 80's
5(2)
The 1990's
7(1)
The Present
8(1)
What Is Security?
8(1)
Critical Characteristics of Information
9(4)
Availability
10(1)
Accuracy
10(1)
Authenticity
10(1)
Confidentiality
10(2)
Integrity
12(1)
Utility
12(1)
Possession
12(1)
NSTISSC Security Model
13(1)
Components of an Information System
14(2)
Software
14(1)
Hardware
14(1)
Data
15(1)
People
15(1)
Procedures
16(1)
Networks
16(1)
Securing Components
16(1)
Balancing Information Security and Access
17(1)
Approaches to Information Security Implementation
18(2)
The Systems Development Life Cycle
20(3)
Methodology
20(1)
Phases
20(1)
Investigation
21(1)
Analysis
21(1)
Logical Design
21(1)
Physical Design
22(1)
Implementation
22(1)
Maintenance and Change
22(1)
The Security Systems Development Life Cycle
23(3)
Investigation
23(1)
Analysis
23(1)
Logical Design
23(1)
Physical Design
24(1)
Implementation
24(1)
Maintenance and Change
24(2)
Security Professionals and the Organization
26(1)
Senior Management
26(1)
Information Security Project Team
26(1)
Data Ownership
27(1)
Communities of Interest
27(1)
Information Security Management and Professionals
28(1)
Information Technology Management and Professionals
28(1)
Organizational Management and Professionals
28(1)
Information Security: Is it an Art or a Science?
28(2)
Security as Art
29(1)
Security as Science
29(1)
Security as a Social Science
29(1)
Information Security Terminology
30(2)
Chapter Summary
32(1)
Review Questions
32(1)
Exercises
33(1)
Case Exercises
33(2)
Chapter 2 The Need for Security 35(40)
Introduction
36(1)
Business Needs First
37(1)
Protecting the Functionality of an Organization
37(1)
Enabling the Safe Operation of Applications
37(1)
Protecting Data that Organizations Collect and Use
38(1)
Safeguarding Technology Assets in Organizations
38(1)
Threats
38(22)
Acts of Human Error or Failure
40(1)
Compromises to Intellectual Property
41(2)
Deliberate Acts of Espionage or Trespass
43(5)
Deliberate Acts of Information Extortion
48(1)
Deliberate Acts of Sabotage or Vandalism
49(2)
Deliberate Acts of Theft
51(1)
Deliberate Software Attacks
51(5)
Forces of Nature
56(1)
Deviations in Quality of Service
57(2)
Technical Hardware Failures or Errors
59(1)
Technical Software Failures or Errors
60(1)
Technological Obsolescence
60(1)
Attacks
60(8)
Malicious Code
60(1)
Hoaxes
61(1)
Back Doors
61(1)
Password Crack
62(1)
Brute Force
62(1)
Dictionary
62(1)
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)
62(1)
Spoofing
63(1)
Man-in-the-Middle
64(1)
Spam
65(1)
Mail Bombing
65(1)
Sniffers
66(1)
Social Engineering
66(1)
Buffer Overflow
67(1)
Timing Attack
68(1)
Chapter Summary
68(2)
Review Questions
70(1)
Exercises
71(1)
Case Exercises
71(4)
Chapter 3 Legal, Ethical, and Professional Issues in Information Security 75(34)
Introduction
76(1)
Law and Ethics in Information Security
76(1)
Types of Law
77(1)
Relevant U.S. Laws
77(8)
General Computer Crime Laws
77(1)
Privacy
78(4)
Export and Espionage Laws
82(1)
U.S. Copyright Law
83(1)
Financial Reporting
84(1)
Freedom of Information Act of 1966 (FOIA)
85(1)
State and Local Regulations
85(1)
International Laws and Legal Bodies
85(4)
European Council Cyber-Crime Convention
86(1)
Digital Millennium Copyright Act (DMCA)
87(1)
United Nations Charter
88(1)
Policy versus Law
89(1)
Ethics and Information Security
89(7)
Ethical Differences Across Cultures
90(1)
Software License Infringement
90(1)
Illicit Use
91(1)
Misuse of Corporate Resources
91(3)
Ethics and Education
94(1)
Deterrence to Unethical and Illegal Behavior
95(1)
Codes of Ethics and Professional Organizations
96(7)
Major Professional Organizations for IT
97(2)
Other Security Organizations
99(1)
Key U.S. Federal Agencies
99(4)
Organizational Liability and the Need for Counsel
103(1)
Chapter Summary
104(1)
Review Questions
105(1)
Exercises
105(1)
Case Exercises
106(3)
Chapter 4 Risk Management 109(62)
Introduction
110(2)
An Overview of Risk Management
112(2)
Know Yourself
112(1)
Know the Enemy
113(1)
The Roles of the Communities of Interest
113(1)
Risk Identification
114(18)
Asset Identification and Valuation
115(3)
Automated Risk Management Tools
118(1)
Information Asset Classification
118(1)
Information Asset Valuation
119(2)
Listing Assets in Order of Importance
121(1)
Data Classification and Management
122(2)
Security Clearances
124(1)
Management of Classified Data
124(2)
Threat Identification
126(1)
Identify and Prioritize Threats and Threat Agents
126(4)
Vulnerability Identification
130(2)
Risk Assessment
132(6)
Introduction to Risk Assessment
132(1)
Likelihood
133(1)
Valuation of Information Assets
133(1)
Risk Determination
134(1)
Identify Possible Controls
134(1)
Access Controls
135(2)
Documenting the Results of Risk Assessment
137(1)
Risk Control Strategies
138(7)
Avoidance
138(1)
Implementing Avoidance
139(2)
Transference
141(1)
Mitigation
142(1)
Disaster Recovery Plan
143(1)
Acceptance
144(1)
Selecting a Risk Control Strategy
145(16)
Evaluation, Assessment, and Maintenance of Risk Controls
146(1)
Categories of Controls
147(2)
Feasibility Studies
149(10)
Other Feasibility Studies
159(2)
Risk Management Discussion Points
161(2)
Risk Appetite
161(1)
Residual Risk
162(1)
Documenting Results
163(1)
Recommended Practices in Controlling Risk
164(1)
Qualitative Measures
164(1)
Delphi Technique
165(1)
Chapter Summary
165(1)
Review Questions
166(1)
Exercises
167(1)
Case Exercises
168(3)
Chapter 5 Planning for Security 171(68)
Introduction
172(1)
Information Security Policy, Standards, and Practices
172(14)
Definitions
174(1)
Enterprise Information Security Policy (EISP)
175(1)
Issue-Specific Security Policy (ISSP)
176(3)
Systems-Specific Policy (SysSP)
179(4)
Policy Management
183(2)
Information Classification
185(1)
The Information Security Blueprint
186(17)
ISO 17799/BS7799
187(2)
NIST Security Models
189(5)
IETF Security Architecture
194(1)
VISA International Security Model
195(1)
Baselining and Best Business Practices
195(1)
Hybrid Framework for a Blueprint of an Information Security System
196(3)
Design of Security Architecture
199(4)
Security Education, Training, and Awareness Program
203(3)
Security Education
204(1)
Security Training
205(1)
Security Awareness
205(1)
Continuity Strategies
206(28)
Business Impact Analysis
209(3)
Incident Response Planning
212(14)
Disaster Recovery Planning
226(2)
Business Continuity Planning
228(2)
Model for a Consolidated Contingency Plan
230(2)
Law Enforcement Involvement
232(2)
Chapter Summary
234(1)
Review Questions
235(1)
Exercises
236(1)
Case Exercises
237(2)
Chapter 6 Security Technology: Firewalls and VPNs 239(42)
Introduction
240(1)
Physical Design
241(1)
Firewalls
241(28)
Firewall Categorization Methods
241(15)
Firewall Architectures
256(4)
Selecting the Right Firewall
260(1)
Configuring and Managing Firewalls
260(8)
Content Filters
268(1)
Protecting Remote Connections
269(8)
Dial-Up
270(4)
Virtual Private Networks (VPNs)
274(3)
Chapter Summary
277(1)
Review Questions
278(1)
Exercises
279(1)
Case Exercises
279(2)
Chapter 7 Security Technology: Intrusion Detection, Access Control, and Other Security Tools 281(60)
Introduction
283(1)
Intrusion Detection Systems (IDSs)
284(30)
IDS Terminology
284(2)
Why Use an IDS?
286(2)
Types of IDSs and Detection Methods
288(9)
IDS Response Behavior
297(3)
Selecting IDS Approaches and Products
300(4)
Strengths and Limitations of IDSs
304(1)
Deployment and Implementation of an IDS
305(7)
Measuring the Effectiveness of IDSs
312(2)
Honey Pots, Honey Nets, and Padded Cell Systems
314(3)
Trap and Trace Systems
316(1)
Active Intrusion Prevention
317(1)
Scanning and Analysis Tools
317(15)
Port Scanners
320(1)
Firewall Analysis Tools
321(1)
Operating System Detection Tools
322(1)
Vulnerability Scanners
323(6)
Packet Sniffers
329(1)
Wireless Security Tools
330(2)
Access Control Devices
332(5)
Authentication
332(3)
Effectiveness of Biometrics
335(1)
Acceptability of Biometrics
336(1)
Chapter Summary
337(1)
Review Questions
337(1)
Exercises
338(1)
Case Exercises
338(3)
Chapter 8 Cryptography 341(48)
Introduction
342(1)
A Short History of Cryptology
343(3)
Principles of Cryptography
346(22)
Basic Encryption Definitions
346(1)
Cipher Methods
347(1)
Elements of Cryptosystems
347(19)
Encryption Key Size
366(2)
Conclusions Regarding the Principles of Cryptography
368(1)
Cryptography Tools
368(7)
Public Key Infrastructure (PKI)
368(2)
Digital Signatures
370(1)
Digital Certificates
371(2)
Hybrid Cryptography Systems
373(1)
Steganography
374(1)
Protocols for Secure Communications
375(7)
Securing Internet Communication with S-HTTP and SSL
376(1)
Securing E-mail with S/MIME, PEM, and PGP
377(1)
Securing Web Transactions with SET, SSL, and S-HTTP
378(1)
Securing TCP/IP with IPSec and PGP
378(4)
Attacks on Cryptosystems
382(3)
Man-in-the-Middle Attack
383(1)
Correlation Attacks
383(1)
Dictionary Attacks
383(1)
Timing Attacks
384(1)
Defending From Attacks
384(1)
Chapter Summary
385(1)
Review Questions
386(1)
Exercises
387(1)
Case Exercises
387(2)
Chapter 9 Physical Security 389(38)
Introduction
391(1)
Physical Access Controls
392(9)
Controls for Protecting the Secure Facility
393(8)
Fire Security and Safety
401(7)
Fire Detection and Response
401(7)
Failure of Supporting Utilities and Structural Collapse
408(7)
Heating, Ventilation, and Air Conditioning
408(2)
Power Management and Conditioning
410(4)
Water Problems
414(1)
Structural Collapse
415(1)
Maintenance of Facility Systems
415(1)
Interception of Data
415(2)
Mobile and Portable Systems
417(3)
Remote Computing Security
418(2)
Special Considerations for Physical Security Threats
420(1)
Inventory Management
421(1)
Chapter Summary
421(1)
Review Questions
422(1)
Exercises
423(1)
Case Exercises
424(3)
Chapter 10 Implementing Information Security 427(24)
Introduction
429(1)
Project Management for Information Security
430(11)
Developing the Project Plan
430(6)
Project Planning Considerations
436(2)
Scope Considerations
438(1)
The Need for Project Management
439(2)
Technical Topics of Implementation
441(4)
Conversion Strategies
441(1)
The Bull's-Eye Model for Information Security Project Planning
442(2)
To Outsource or Not
444(1)
Technology Governance and Change Control
444(1)
Nontechnical Aspects of Implementation
445(2)
The Culture of Change Management
445(1)
Considerations for Organizational Change
446(1)
Chapter Summary
447(1)
Review Questions
448(1)
Exercises
449(1)
Case Exercises
449(2)
Chapter 11 Security and Personnel 451(38)
Introduction
453(1)
Positioning and Staffing the Security Function
453(9)
Staffing the Information Security Function
455(7)
Credentials of Information Security Professionals
462(10)
Certified Information Systems Security Professional (CISSP) and Systems Security Certified Practitioner (SSCP)
463(2)
Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM)
465(1)
Global Information Assurance Certification (GIAC)
466(1)
Security Certified Professional (SCP)
467(1)
TruSecure ICSA Certified Security Associate (TICSA)
467(1)
Security+
468(1)
Certified Information Forensics Investigator
469(1)
Related Certifications
469(1)
Cost of Being Certified
470(1)
Advice for Information Security Professionals
471(1)
Employment Policies and Practices
472(6)
Job Descriptions
473(1)
Interviews
473(1)
Background Checks
473(1)
Employment Contracts
474(1)
New Hire Orientation
475(1)
On-the-Job Security Training
475(1)
Performance Evaluation
476(1)
Termination
476(2)
Security Considerations for Nonemployees
478(2)
Temporary Employees
478(1)
Contract Employees
479(1)
Consultants
479(1)
Business Partners
480(1)
Separation of Duties and Collusion
480(2)
Privacy and the Security of Personnel Data
482(1)
Chapter Summary
482(2)
Review Questions
484(1)
Exercises
485(1)
Case Exercises
485(4)
Chapter 12 Ilnformation Security Maintenance 489(42)
Introduction
490(2)
Security Management Models
492(8)
The ISO Network Management Model
492(8)
The Maintenance Model
500(27)
Monitoring the External Environment
501(6)
Monitoring the Internal Environment
507(4)
Planning and Risk Assessment
511(6)
Vulnerability Assessment and Remediation
517(8)
Readiness and Review
525(2)
Chapter Summary
527(1)
Review Questions
528(1)
Exercises
529(1)
Case Exercises
529(2)
Glossary 531(22)
Index 553


Please wait while the item is added to your cart...