Fundamentals of Information Systems Security, 4th Edition
- Length: 1040 pages
- Edition: 4
- Language: English
- Publisher: Jones & Bartlett Learning
- Publication Date: 2021-11-15
- ISBN-10: 1284220737
- ISBN-13: 9781284220735
- Sales Rank: #0 (See Top 100 Books)
Fundamentals of Information Systems Security, Fourth Edition provides a comprehensive overview of the essential concepts readers must know as they pursue careers in information systems security.
Cover Title Page Copyright Page Dedication Page Contents Preface New to This Edition Acknowledgments The Authors CHAPTER 1 Information Systems Security Information Systems Security Risks, Threats, and Vulnerabilities What Is Information Systems Security? Compliance Laws and Regulations Drive the Need for Information Systems Security Tenets of Information Systems Security Confidentiality Integrity Availability The Seven Domains of a Typical IT Infrastructure User Domain Workstation Domain LAN Domain LAN-to-WAN Domain WAN Domain Remote Access Domain System/Application Domain Weakest Link in the Security of an IT Infrastructure Ethics and the Internet IT Security Policy Framework Definitions Foundational IT Security Policies Data Classification Standards Chapter Summary Key Concepts and Terms Chapter 1 Assessment CHAPTER 2 Emerging Technologies Are Changing How We Live Evolution of the Internet of Things Converting to a Tcp/Ip World IoT’s Impact on Human and Business Life How People Like to Communicate IoT Applications That Impact Our Lives Evolution from Brick and Mortar to E-Commerce Why Businesses Must Have an Internet and IoT Marketing Strategy IP Mobility Mobile Users and Bring Your Own Device Mobile Applications IP Mobile Communications New Challenges Created by the IoT Security Privacy Interoperability and Standards Legal and Regulatory Issues E-Commerce and Economic Development Issues Chapter Summary Key Concepts and Terms Chapter 2 Assessment CHAPTER 3 Risks, Threats, and Vulnerabilities Risk Management and Information Security Risk Terminology Elements of Risk Purpose of Risk Management The Risk Management Process Identify Risks Assess and Prioritize Risks Plan a Risk Response Strategy Implement the Risk Response Plan Monitor and Control Risk Response IT and Network Infrastructure Intellectual Property Finances and Financial Data Service Availability and Productivity Reputation Who Are the Perpetrators? Risks, Threats, and Vulnerabilities in an IT Infrastructure Threat Targets Threat Types What Is a Malicious Attack? Birthday Attacks Brute-Force Password Attacks Credential Harvesting and Stuffing Dictionary Password Attacks IP Address Spoofing Hijacking Replay Attacks Man-in-the-Middle Attacks Masquerading Eavesdropping Social Engineering Phreaking Phishing Pharming What Are Common Attack Vectors? Social Engineering Attacks Wireless Network Attacks Web Application Attacks The Importance of Countermeasures Chapter Summary Key Concepts and Terms Chapter 3 Assessment CHAPTER 4 Business Drivers of Information Security Risk Management’s Importance to the Organization Understanding the Relationship between a BIA, a BCP, and a DRP Business Impact Analysis (BIA) Business Continuity Plan (BCP) Disaster Recovery Plan (DRP) Assessing Risks, Threats, and Vulnerabilities Closing the Information Security Gap Adhering to Compliance Laws Keeping Private Data Confidential Mobile Workers and Use of Personally Owned Devices BYOD Concerns Endpoint and Device Security Chapter Summary Key Concepts and Terms Chapter 4 Assessment CHAPTER 5 Networks and Telecommunications The Open Systems Interconnection Reference Model The Main Types of Networks Wide Area Networks Local Area Networks TCP/IP and How It Works TCP/IP Overview IP Addressing Common Ports Common Protocols Internet Control Message Protocol Network Security Risks Categories of Risk Basic Network Security Defense Tools Firewalls Virtual Private Networks and Remote Access Network Access Control Voice and Video in an IP Network Wireless Networks Wireless Access Points Wireless Network Security Controls Chapter Summary Key Concepts and Terms Chapter 5 Assessment CHAPTER 6 Access Controls Four-Part Access Control Two Types of Access Controls Physical Access Control Logical Access Control Authorization Policies Methods and Guidelines for Identification Identification Methods Identification Guidelines Processes and Requirements for Authentication Authentication Types Single Sign-On Policies and Procedures for Accountability Log Files Monitoring and Reviewing Data Retention, Media Disposal, and Compliance Requirements Formal Models of Access Control Discretionary Access Control Operating Systems–Based DAC Mandatory Access Control Nondiscretionary Access Control Rule-Based Access Control Access Control Lists Role-Based Access Control Content-Dependent Access Control Constrained User Interface Other Access Control Models Effects of Breaches in Access Control Threats to Access Controls Effects of Access Control Violations Credential and Permissions Management Centralized and Decentralized Access Control Types of AAA Servers Decentralized Access Control Privacy Chapter Summary Key Concepts and Terms Chapter 6 Assessment CHAPTER 7 Cryptography What Is Cryptography? Basic Cryptographic Principles A Brief History of Cryptography Cryptography’s Role in Information Security Business and Security Requirements for Cryptography Internal Security Security in Business Relationships Security Measures That Benefit Everyone Cryptographic Principles, Concepts, and Terminology Cryptographic Functions and Ciphers Types of Ciphers Transposition Ciphers Substitution Ciphers Product and Exponentiation Ciphers Symmetric and Asymmetric Key Cryptography Symmetric Key Ciphers Asymmetric Key Ciphers Cryptanalysis and Public Versus Private Keys Keys, Keyspace, and Key Management Cryptographic Keys and Keyspace Key Management Key Distribution Key Distribution Centers Digital Signatures and Hash Functions Hash Functions Digital Signatures Cryptographic Applications and Uses in Information System Security Other Cryptographic Tools and Resources Symmetric Key Standards Asymmetric Key Solutions Hash Function and Integrity Digital Signatures and Nonrepudiation Principles of Certificates and Key Management Modern Key Management Techniques Chapter Summary Key Concepts and Terms Chapter 7 Assessment CHAPTER 8 Malicious Software and Attack Vectors Characteristics, Architecture, and Operations of Malicious Software The Main Types of Malware Viruses Spam Worms Trojan Horses Logic Bombs Active Content Vulnerabilities Malicious Add-Ons Injection Botnets Denial of Service Attacks Spyware Adware Phishing Keystroke Loggers Hoaxes and Myths Homepage Hijacking Webpage Defacements A Brief History of Malicious Code Threats 1970s and Early 1980s: Academic Research and UNIX 1980s: Early PC Viruses 1990s: Early LAN Viruses Mid-1990s: Smart Applications and the Internet 2000 to the Present Threats to Business Organizations Types of Threats Internal Threats from Employees Anatomy of an Attack What Motivates Attackers? The Purpose of an Attack Types of Attacks Phases of an Attack Attack Prevention Tools and Techniques Application Defenses Operating System Defenses Network Infrastructure Defenses Safe Recovery Techniques and Practices Implementing Effective Software Best Practices Intrusion Detection Tools and Techniques Antivirus Scanning Software Network Monitors and Analyzers Content/Context Filtering and Logging Software Honeypots and Honeynets Chapter Summary Key Concepts and Terms Chapter 8 Assessment CHAPTER 9 Security Operations and Administration Security Administration Controlling Access Documentation, Procedures, and Guidelines Disaster Assessment and Recovery Security Outsourcing Compliance Event Logs Compliance Liaison Remediation Professional Ethics Common Fallacies About Ethics Codes of Ethics Personnel Security Principles The Infrastructure for an IT Security Policy Policies Standards Procedures Baselines Guidelines Data Classification Standards Information Classification Objectives Examples of Classification Classification Procedures Assurance Configuration Management Hardware Inventory and Configuration Chart The Change Management Process Change Control Management Change Control Committees Change Control Procedures Change Control Issues Application Software Security The System Life Cycle Testing Application Software Software Development and Security Software Development Models Chapter Summary Key Concepts and Terms Chapter 9 Assessment CHAPTER 10 Auditing, Testing, and Monitoring Security Auditing and Analysis Security Controls Address Risk Determining What Is Acceptable Permission Levels Areas of Security Audits Purpose of Audits Customer Confidence Defining the Audit Plan Defining the Scope of the Plan Auditing Benchmarks Audit Data Collection Methods Areas of Security Audits Control Checks and Identity Management Post-Audit Activities Exit Interview Data Analysis Generation of Audit Report Presentation of Findings Security Monitoring Security Monitoring for Computer Systems Monitoring Issues Logging Anomalies Log Management Types of Log Information to Capture How to Verify Security Controls Intrusion Detection System Analysis Methods HIDS Layered Defense: Network Access Control Control Checks: Intrusion Detection Host Isolation System Hardening Monitoring and Testing Security Systems Monitoring Testing Chapter Summary Key Concepts and Terms Chapter 10 Assessment CHAPTER 11 Contingency Planning Business Continuity Management Emerging Threats Static Environments Terminology Assessing Maximum Tolerable Downtime Business Impact Analysis Plan Review Testing the Plan Backing Up Data and Applications Types of Backups Incident Handling Preparation Identification Notification Response Recovery Follow-Up Documentation and Reporting Recovery from a Disaster Activating the Disaster Recovery Plan Operating in a Reduced/Modified Environment Restoring Damaged Systems Disaster Recovery Issues Recovery Alternatives Interim or Alternate Processing Strategies Chapter Summary Key Concepts and Terms Chapter 11 Assessment CHAPTER 12 Digital Forensics Introduction to Digital Forensics Understanding Digital Forensics Knowledge That Is Needed for Forensic Analysis Overview of Computer Crime Types of Computer Crime The Impact of Computer Crime on Forensics Forensic Methods and Labs Forensic Methodologies Setting Up a Forensic Lab Collecting, Seizing, and Protecting Evidence The Importance of Proper Evidence Handling Imaging Original Evidence Recovering Data Undeleting Data Recovering Data from Damaged Media Operating System Forensics Internals and Storage Command-Line Interface and Scripting Mobile Forensics Mobile Device Evidence Seizing Evidence from a Mobile Device Chapter Summary Key Concepts and Terms Chapter 12 Assessment CHAPTER 13 Information Security Standards Standards Organizations National Institute of Standards and Technology International Organization for Standardization International Electrotechnical Commission World Wide Web Consortium Internet Engineering Task Force Institute of Electrical and Electronics Engineers International Telecommunication Union Telecommunication Sector American National Standards Institute European Telecommunications Standards Institute Cyber Security Technical Committee ISO 17799 (Withdrawn) ISO/IEC 27002 Payment Card Industry Data Security Standard Chapter Summary Key Concepts and Terms Chapter 13 Assessment CHAPTER 14 Information Security Certifications U.S. Department of Defense/Military Directive 8570.01 U.S. DoD/Military Directive 8140 U.S. DoD Training Framework Vendor-Neutral Professional Certifications International Information Systems Security Certification Consortium, Inc. Global Information Assurance Certification/SANS Institute Certified Internet Web Professional CompTIA ISACA® Other Information Systems Security Certifications Vendor-Specific Professional Certifications Cisco Systems Juniper Networks RSA Symantec Check Point Chapter Summary Key Concepts and Terms Chapter 14 Assessment CHAPTER 15 Compliance Laws Compliance Is the Law Federal Information Security The Federal Information Security Management Act of 2002 The Federal Information Security Modernization Act of 2014 The Role of the National Institute of Standards and Technology National Security Systems The Health Insurance Portability and Accountability Act (HIPAA) Purpose and Scope Main Requirements of the HIPAA Privacy Rule Main Requirements of the HIPAA Security Rule Oversight Omnibus Regulations The Gramm-Leach-Bliley Act Purpose and Scope Main Requirements of the GLBA Privacy Rule Main Requirements of the GLBA Safeguards Rule Oversight The Sarbanes-Oxley Act Purpose and Scope SOX Control Certification Requirements SOX Records Retention Requirements Oversight The Family Educational Rights and Privacy Act Purpose and Scope Main Requirements Oversight The Children’s Online Privacy Protection Act of 1998 The Children’s Internet Protection Act Purpose and Scope Main Requirements Oversight Payment Card Industry Data Security Standard Purpose and Scope Self-Assessment Questionnaire General Data Protection Regulation California Consumer Privacy Act Making Sense of Laws for Information Security Compliance Chapter Summary Key Concepts and Terms Chapter 15 Assessment APPENDIX A Answer Key APPENDIX B Standard Acronyms APPENDIX C Earning the CompTIA Security+ Certification Glossary of Key Terms References Index
Donate to keep this site alive
To access the Link, solve the captcha.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.