Information Security Management, 2nd Edition
- Length: 500 pages
- Edition: 2
- Language: English
- Publisher: Jones & Bartlett Learning
- Publication Date: 2021-10-29
- ISBN-10: 1284251470
- ISBN-13: 9781284251470
- Sales Rank: #0 (See Top 100 Books)
Print Textbook & Cloud Lab Access: 180-day subscription. The cybersecurity Cloud Labs for Information Security Management provide fully immersive mock IT infrastructures with live virtual machines and real software, where students will learn and practice the foundational information security skills they will need to excel in their future careers. Unlike simulations, these hands-on virtual labs reproduce the complex challenges of the real world, without putting an institution’s assets at risk. Available as a standalone lab solution or bundled with Jones & Bartlett Learning textbooks, these cybersecurity Cloud Labs are an essential tool for mastering key course concepts through hands-on training. Labs: Coming Soon!
Cover Title Page Copyright Page Dedication Page Contents Preface Acknowledgments About the Author CHAPTER 1 Introduction to Information and Cybersecurity 1.1 Introduction to Information and Cybersecurity 1.2 The Study of Information and Cybersecurity 1.2.1 Concentrating on the Discipline 1.2.2 Research and Practice in Cybersecurity 1.3 Information and Cybersecurity 1.3.1 Technology and Humans-in-the-Loop 1.3.2 Information and Cybersecurity Basic Concepts 1.4 Information and Cybersecurity Topics 1.4.1 Key Information and Cybersecurity Concepts CHAPTER SUMMARY IMPORTANT TERMS THINK ABOUT IT REFERENCES CHAPTER 2 Information Security Departments and Roles 2.1 Software Engineering and Development 2.1.1 DevOps and Software Development Life Cycle 2.1.2 DevSecOps 2.1.3 Information Security Management Life Cycle 2.1.4 The SDLC and Information Security 2.1.5 Planning: Failures Are a Rule, Not an Exception 2.2 Life-Cycle Processes 2.2.1 Life-Cycle Planning Stages 2.2.2 Life-Cycle Design and Implementation Stages 2.3 Operations 2.3.1 NOC/TOC 2.3.2 Monitoring Infrastructure with IDS 2.3.3 Maintaining Operational Capabilities 2.4 Compliance/Governance 2.4.1 Compliance and Professional Cybersecurity Training 2.4.2 Compliance and Behavioral Governance 2.4.3 Compliance Auditing of Systems and Networks 2.4.4 Compliance and Data Centers 2.5 Cybersecurity Incidents 2.5.1 Handling Inevitable Incidents 2.5.2 Reporting Security Incidents 2.5.3 Collecting and Preserving Evidence 2.5.4 Cyberstalking and Harassment Incidents CHAPTER SUMMARY IMPORTANT TERMS THINK ABOUT IT REFERENCES CHAPTER 3 Actors and Practices 3.1 Getting to Know Your Adversary 3.1.1 The Insider Threat 3.1.2 Hacktivist 3.1.3 State-Sponsored Actor 3.2 Attack Surface 3.2.1 Network Security Zones 3.2.2 Zero Trust Networks 3.3 Some Cybersecurity Attacks and Countermeasures 3.3.1 DDoS (Distributed Denial of Service) 3.3.2 Phishing, Vishing, and Smishing 3.3.3 Cryptojacking 3.3.4 Ransomware 3.3.5 Backdoors 3.4 Some Specific Attack Scenarios 3.4.1 ICMP Tunnel Attacks 3.4.2 ICMP Permutation Attacks 3.4.3 Network Packet, Frame, or Octet Attacks 3.4.4 DNS Hijacking CHAPTER SUMMARY IMPORTANT TERMS THINK ABOUT IT REFERENCES CHAPTER 4 Corporations: Laws, Regulations, and Policies 4.1 Business Law and Regulations 4.1.1 Accountability, Responsibility, and Law 4.1.2 Intellectual Property 4.2 Organizational Power Structures 4.2.1 The Management Discipline 4.2.2 Management Initiatives and Security 4.2.3 Information Security Management 4.2.4 Organizational Structure, Principals, and Agency 4.2.5 Delegation of Responsibilities and Power 4.2.6 Fiduciary Responsibilities 4.2.7 Ethics and Ethical Behavior 4.3 Law and Enforceable Security Policies 4.3.1 Enforced and Enforceable Security Policies 4.3.2 Policies and Controls CHAPTER SUMMARY IMPORTANT TERMS THINK ABOUT IT REFERENCES CHAPTER 5 Information Security Management 5.1 Managing Information Security 5.1.1 ISML and Strategy 5.1.2 ISML and Governance Frameworks 5.2 Technology Management and Governance 5.2.1 Governance and Security Programs 5.2.2 Enacting Security Programs 5.3 Control Frameworks 5.3.1 ITIL / ITSM 5.3.2 COBIT 5.3.3 ISO 27K IT Security Control Selection 5.3.4 NIST 800-53 CHAPTER SUMMARY IMPORTANT TERMS THINK ABOUT IT REFERENCES CHAPTER 6 Assessing Threats and Vulnerabilities 6.1 Threat Classifications and Infrastructure 6.1.1 Internet of Things (IoT) 6.1.2 Cloud Computing 6.1.3 Servers and Host Computers 6.1.4 Networking 6.1.5 Programming Languages and Resource Files 6.1.6 RDF and Ontology Markup 6.1.7 Active Semantic Systems 6.1.8 Agent Frameworks and Semantic Fusion 6.2 Threats and Vulnerabilities 6.2.1 Mobility and Threats 6.2.2 Interconnectivity and Insecurity 6.2.3 Security Countermeasures and Unintended Consequences 6.3 Broad Attack Classifications and Examples 6.3.1 Information System Attack Examples 6.3.2 Giving Attackers Information CHAPTER SUMMARY IMPORTANT TERMS THINK ABOUT IT REFERENCES CHAPTER 7 Risk Assessments and Risk Management 7.1 Assessing Risks 7.1.1 Identifying and Classifying Security Risks 7.1.2 Cybersecurity Response and Governance 7.2 Risks and Management 7.2.1 Risks and Countermeasures 7.2.2 Hoping for the Best, Planning for the Worst 7.3 Risk Assessment Overview 7.3.1 Risk Mitigation 7.3.2 Cybersecurity Hygiene 7.4 Risk Determination Frameworks 7.4.1 Risk Determination and Management Frameworks 7.4.2 OCTAVE 7.4.3 NIST 800-30 7.4.4 Using the Frameworks for Implementing Plans CHAPTER SUMMARY IMPORTANT TERMS THINK ABOUT IT REFERENCES CHAPTER 8 Computer Architecture and Security Models 8.1 Security Models versus Policies 8.1.1 Computer Architecture and Systems Security 8.1.2 Security Models and Systems Architecture 8.1.3 Security Models and Computer Architecture 8.2 Security Models and Countermeasures 8.2.1 Security Models, Clark–Wilson Example 8.2.2 Security Models and Stances 8.2.3 Countermeasures and Security Models 8.3 Extending Security with Defense-In-Depth 8.3.1 Trusted Computing Base (TCB) and Common Criteria 8.3.2 Evaluation and Certification 8.3.3 Computer Security Controls 8.3.4 Threats to Computer Security 8.4 Computer Security and Hardening Systems 8.4.1 Ensuring a Trusted Configuration 8.4.2 Password Protections 8.4.3 User Authentication 8.5 Biometrics 8.5.1 Biometric Uses 8.5.2 Biometric Security Process and Information Protection 8.5.3 Biometrics and Errors 8.5.4 Biometric Errors and Technology 8.5.5 Biometrics in Computer Security 8.6 Secure Software Development and DevSecOps 8.6.1 Secure Systems Development and Implementation 8.6.2 Computer Security and Configuration Management CHAPTER SUMMARY IMPORTANT TERMS THINK ABOUT IT REFERENCES CHAPTER 9 Security Policies and Managing Behaviors 9.1 Security and Policies 9.1.1 Security Policies and Employment Law 9.1.2 Security Policies and Corrective Action 9.2 Monitoring and Security Policies 9.2.1 Monitoring as a Policy 9.2.2 Information Collection and Storage 9.2.3 Monitoring and Organizational Justice 9.2.4 Surveillance and Trust 9.2.5 Virtual Work, Security, and Privacy 9.3 Managing Security Behaviors 9.3.1 Organizational Behavior 9.3.2 Behavior Modification 9.3.3 Organizational Security Behaviors 9.3.4 Management of Omission Behaviors 9.4 Contravention Behaviors, Theory, and Research 9.4.1 Attacker Motivation, Personality, and Behavior Theory 9.4.2 Entertainment and Status 9.4.3 Ideology and Social Acceptance 9.4.4 Neuroticism, Impulse, and Exploitation 9.5 Management of Contravention Behaviors 9.5.1 Responding to the Outside Attacker 9.5.2 Responding to the Inside Attacker 9.5.3 Ethics and Employee Attitudes Toward the Law CHAPTER SUMMARY IMPORTANT TERMS THINK ABOUT IT REFERENCES CHAPTER 10 Cryptography 10.1 Cryptography Essentials 10.1.1 Cryptographic Concepts 10.1.2 Generating a Simple Cipher Code 10.1.3 Breaking a Simple Cipher Code 10.1.4 Ciphertext Dissection and “S” Boxes 10.1.5 Cryptography and Security Goals 10.2 Symmetric Cryptography 10.2.1 Symmetric Ciphers and Keys 10.2.2 Substitution, Transposition, and Permutation 10.2.3 Modern Symmetric Ciphers 10.2.4 Key Issues with Symmetric Cryptography 10.3 Asymmetric Cryptography 10.3.1 Private Keys and Asymmetric Cryptography 10.3.2 Beyond Encrypting Messages 10.3.3 Key Distribution and PKI 10.3.4 Public Key Algorithms: RSA as an Example 10.4 Cryptographic Uses 10.4.1 IPSec Implementation 10.4.2 SSL/TLS 10.4.3 Virtual Private Networks (VPN) CHAPTER SUMMARY IMPORTANT TERMS THINK ABOUT IT REFERENCES CHAPTER 11 Network Security, Firewalls, IDS, and SeCM 11.1 Firewall Systems 11.1.1 Stateless Screening Filters 11.1.2 Stateful Packet Inspection 11.1.3 Circuit Gateway Firewalls 11.1.4 Application-Layer Firewall 11.1.5 Bastion Hosts 11.2 Firewall Architecture 11.2.1 Belt and Braces Architecture 11.2.2 Screened Subnet Architecture 11.2.3 Ontology Based Architecture 11.3 Cybermonitoring and Scanning Systems 11.3.1 IDS Detection Methods 11.3.2 IDSs and IPSs 11.3.3 Code and Application Scanning 11.4 Information and Cybersecurity Management 11.4.1 SeCM and CM 11.4.2 CM and Computer Security Procedures and Frameworks 11.4.3 Security Management Planning—System Level 11.4.4 Configuring to a Secure State 11.4.5 Managed Enterprises 11.4.6 Managed Legacy Systems 11.4.7 Extended Guidelines 11.4.8 Center for Internet Security Benchmarks 11.4.9 Maintaining the Secure State 11.4.10 Conducting a Security Impact Analysis 11.4.11 Certification and Accreditation CHAPTER SUMMARY IMPORTANT TERMS THINK ABOUT IT REFERENCES CHAPTER 12 Information Security Management 12.1 Cybersecurity Analytics and Machine Learning 12.1.1 Machine Learning and Models 12.1.2 Machine Learning and Natural Language Processing 12.1.3 Traffic Analysis 12.2 Game Theory and Predictive Models 12.2.1 Inductive Predictions 12.2.2 Deductive Predictions 12.2.3 Game Theory and Attack Modeling 12.3 Reasoning and Inference 12.3.1 Reasoning Systems 12.3.2 Ontology and Epistemology 12.3.3 Inference and the Ontological to Epistemic Transformation 12.4 Heuristics and AI Decision Systems 12.4.1 Reasoning: Discrete versus Equivocal Problems 12.4.2 Synthetic Heuristics 12.4.3 Issues with Synthetic Heuristic Systems 12.4.4 Combining Techniques 12.5 Heuristic Biases and Security Planning 12.5.1 AI Decisions, Naïve Theories, and Biases 12.5.2 Interactions of Biases and Framing Effects 12.5.3 Biases, Framing Effects, and Security Decisions 12.6 Biologically Inspired Security and Adaptive Systems 12.6.1 Self-Healing Adaptive Systems 12.6.2 Damage and Danger 12.6.3 Trusted Security Kernels 12.6.4 Social Systems 12.6.5 Social Systems and Security Adaptation 12.6.6 Collective Agency, Availability, and Integrity 12.7 Sociobiologically Inspired Systems—A Final Case 12.7.1 Novelty as Potential Danger 12.7.2 Sociobiological Behavior as Goal-Directed Behavior 12.7.3 Adaptive Synthetic Systems 12.7.4 Challenges for Ad Hoc Networks and Adaptive Systems CHAPTER SUMMARY IMPORTANT TERMS THINK ABOUT IT REFERENCES Appendix: Think About IT Answers Index
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.