A Practical Guide to Security Engineering and Information Assurance

by Herrmann; Debra S.

ISBN13:
9780849311635
ISBN10:
0849311632
Edition: 1st
Format: Hardcover
Copyright: 2001-10-18
Publisher: Auerbach Public
More Book Details

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

Free Shipping On Orders Over $35!

Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
Get Rewarded for Ordering Your Textbooks! Enroll Now
Customer Reviews Read Reviews
Write a Review
A Practical Guide to Security Engineering and Information Assurance > ISBN13: 9780849311635

List Price: ~~$140.00~~ Save up to $88.52

Rent Book

$94.50

More Prices

Rent Book $94.50

Add to Cart Free Shipping

TERM

PRICE

DUE

Semester

$105.00

Dec 12

Quarter

$99.75

Sep 5

Short Term

$94.50

Aug 13

USUALLY SHIPS IN 3-5 BUSINESS DAYS

*This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

Buy New

$139.86

Buy New
$139.86

Add to Cart Free Shipping

USUALLY SHIPS IN 3-5 BUSINESS DAYS

Digital

$51.48*

More Prices

Digital
$51.48*

Add to Cart

DURATION

PRICE

Online: 180 Days

Downloadable: 180 Days - VitalSource

$51.48*

Online: 365 Days

Downloadable: 365 Days - VitalSource

$60.84*

Online: 1825 Days

Downloadable: Lifetime Access - VitalSource

$93.59*

*To support the delivery of the digital material to you, a digital delivery fee of $3.99 will be charged on each digital item.

Marketplace

$29.57

More Prices

Summary

Today the vast majority of the world's information resides in, is derived from, and is exchanged among multiple automated systems. Critical decisions are made, and critical action is taken based on information from these systems. Therefore, the information must be accurate, correct, and timely, and be manipulated, stored, retrieved, and exchanged safely, reliably, and securely. In a time when information is considered the latest commodity, information security should be top priority.A Practical Guide to Security Engineering and Information Assurance gives you an engineering approach to information security and information assurance (IA). The book examines the impact of accidental and malicious intentional action and inaction on information security and IA. Innovative long-term vendor, technology, and application-independent strategies show you how to protect your critical systems and data from accidental and intentional action and inaction that could lead to system failure or compromise.The author presents step-by-step, in-depth processes for defining information security and assurance goals, performing vulnerability and threat analysis, implementing and verifying the effectiveness of threat control measures, and conducting accident and incident investigations. She explores real-world strategies applicable to all systems, from small systems supporting a home-based business to those of a multinational corporation, government agency, or critical infrastructure system.The information revolution has brought its share of risks. Exploring the synergy between security, safety, and reliability engineering, A Practical Guide to Security Engineering and Information Assurance consolidates and organizes current thinking about information security/IA techniques, approaches, and best practices. As this book will show you, there is considerably more to information security/IA than firewalls, encryption, and virus protection.

Introduction

(6)

Background

(1)

Purpose

(1)

Scope

(1)

Intended Audience

(2)

Organization

(2)

What Is Information Assurance, How Does It Relate To Information Security, and Why Are Both Needed?

(20)

Definition

(3)

Application Domains

(1)

Technology Domains

(2)

Importance

(2)

Stakeholders

(11)

Summary

(1)

Discussion Problems

(1)

Historical Approaches To Information Security and Information Assurance

(40)

Physical Security

(3)

Communications Security (COMSEC)

(6)

Computer Security (COMPUSEC)

(8)

Information Security (INFOSEC)

(8)

Operations Security (OPSEC)

(2)

System Safety

(4)

System Reliability

(3)

Summary

(3)

Discussion Problems

(2)

Define the System Boundaries

(16)

Determine What is Being Protected and Why

(1)

Identify the System

(3)

Characterize System Operation

(6)

Ascertain What One Does and Does Not Have Control Over

(1)

Summary

(4)

Discussion Problems

(1)

Perform Vulnerability and Threat Analyses

(44)

Definitions

(3)

Select/Use IA Analysis Techniques

(7)

Identify Vulnerabilities, Their Type, Source, and Severity

(9)

Identify Threats, Their Type, Source, and Likelihood

102

(5)

Evaluate Transaction Paths, Critical Threat Zones, and Risk Exposure

107

(16)

Summary

123

(2)

Discussion Problems

125

(2)

Implement Threat Control Measures

127

(80)

Determine How Much Protection Is Needed

129

(7)

Evaluate Controllability, Operational Procedures, and In-Service Considerations

136

(4)

Contingency Planning and Disaster Recovery

140

(4)

Perception Management

144

(1)

Select/Implement IA Design Features and Techniques

145

(54)

Summary

199

(6)

Discussion Problems

205

(2)

Verify Effectiveness of Threat Control Measures

207

(22)

Select/Employ IA Verification Techniques

208

(6)

Determine Residual Risk Exposure

214

(11)

Monitor Ongoing Risk Exposure, Responses, and Survivability

225

(1)

Summary

226

(2)

Discussion Problems

228

(1)

Conduct Accident/Incident Investigations

229

(46)

Analyze Cause, Extent, and Consequences of Failure/Compromise

231

(23)

Initiate Short-Term Recovery Mechanisms

254

(3)

Report Accident/Incident

257

(3)

Deploy Long-Term Remedial Measures

260

(4)

Evaluate Legal Issues

264

(4)

Summary

268

(4)

Discussion Problems

272

(3)

Annex A Glossary of Terms

275

(20)

Annex B Glossary of Techniques

295

(58)

B.1 IA Analysis Techniques

296

(17)

B.2 IA Design Techniques/Features

313

(20)

B.3 IA Verification Techniques

333

(15)

B.4 IA Accident/Incident Investigation Techniques

348

(5)

Annex C Additional Resources

353

(20)

C.1 Standards

353

(9)

C.2 Publications

362

(9)

C.3 Online Resources

371

(2)

Annex D Summary of Components, Activities, and Tasks of an Effective Information Security/IA Program

373

(6)

Index

379

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.