Principles of Information Security

Author: Michael E. Whitman,Herbert J. Mattord

Publisher: Cengage Learning

ISBN: 1337102067

Category: Computers

Page: 656

View: 8545

Master the latest technology and developments from the field with the book specifically oriented to the needs of those learning information systems -- PRINCIPLES OF INFORMATION SECURITY, 6E. Taking a managerial approach, this bestseller emphasizes all aspects of information security, rather than just the technical control perspective. Readers gain a broad overview of the entire field of information security and related elements with the detail to ensure understanding. The book highlights terms used in the field and a history of the discipline as readers learn how to manage an information security program. This edition highlights the latest practices with fresh examples that explore the impact of emerging technologies, such as the Internet of Things, Cloud Computing, and DevOps. Updates address technical security controls, emerging legislative issues, digital forensics, and ethical issues in IS security, making this the ideal IS resource for business decision makers. Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.

Information Security Management Principles

Author: Andy Taylor

Publisher: BCS, The Chartered Institute for IT

ISBN: 9781780171784

Category: Business & Economics

Page: 208

View: 8217

In today's technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. The second edition includes the security of cloud-based resources and the contents have been revised to reflect the changes to the BCS Certification in Information Security Management Principles which the book supports.

Information Security

Principles and Practices

Author: Mark S. Merkow,Jim Breithaupt

Publisher: Pearson Education

ISBN: 0789753251

Category: COMPUTERS

Page: 349

View: 2039

Information Security: Principles and Practices, Second Edition Everything You Need to Know About Modern Computer Security, in One Book Clearly explains all facets of information security in all 10 domains of the latest Information Security Common Body of Knowledge [(ISC)² CBK]. Thoroughly updated for today's challenges, technologies, procedures, and best practices. The perfect resource for anyone pursuing an IT security career. Fully updated for the newest technologies and best practices, Information Security: Principles and Practices, Second Edition thoroughly covers all 10 domains of today's Information Security Common Body of Knowledge. Two highly experienced security practitioners have brought together all the foundational knowledge you need to succeed in today's IT and business environments. They offer easy-to-understand, practical coverage of topics ranging from security management and physical security to cryptography and application development security. This edition fully addresses new trends that are transforming security, from cloud services to mobile applications, “Bring Your Own Device” (BYOD) strategies to today's increasingly rigorous compliance requirements. Throughout, you'll find updated case studies, review questions, and exercises–all designed to reveal today's real-world IT security challenges and help you overcome them. Learn how to -- Recognize the evolving role of IT security -- Identify the best new opportunities in the field -- Discover today's core information security principles of success -- Understand certification programs and the CBK -- Master today's best practices for governance and risk management -- Architect and design systems to maximize security -- Plan for business continuity -- Understand the legal, investigatory, and ethical requirements associated with IT security -- Improve physical and operational security -- Implement effective access control systems -- Effectively utilize cryptography -- Improve network and Internet security -- Build more secure software -- Define more effective security policies and standards -- Preview the future of information security

Corporate Security Management

Challenges, Risks, and Strategies

Author: Marko Cabric

Publisher: Butterworth-Heinemann

ISBN: 0128029358

Category: Business & Economics

Page: 242

View: 4047

Corporate Security Management provides practical advice on efficiently and effectively protecting an organization's processes, tangible and intangible assets, and people. The book merges business and security perspectives to help transform this often conflicted relationship into a successful and sustainable partnership. It combines security doctrine, business priorities, and best practices to uniquely answer the Who, What, Where, Why, When and How of corporate security. Corporate Security Management explores the diverse structures of security organizations in different industries. It shows the crucial corporate security competencies needed and demonstrates how they blend with the competencies of the entire organization. This book shows how to identify, understand, evaluate and anticipate the specific risks that threaten enterprises and how to design successful protection strategies against them. It guides readers in developing a systematic approach to assessing, analyzing, planning, quantifying, administrating, and measuring the security function. Addresses the often opposing objectives between the security department and the rest of the business concerning risk, protection, outsourcing, and more Shows security managers how to develop business acumen in a corporate security environment Analyzes the management and communication skills needed for the corporate security manager Focuses on simplicity, logic and creativity instead of security technology Shows the true challenges of performing security in a profit-oriented environment, suggesting ways to successfully overcome them Illustrates the numerous security approaches and requirements in a wide variety of industries Includes case studies, glossary, chapter objectives, discussion questions and exercises

Information Security

Principles and Practice

Author: Mark Stamp

Publisher: John Wiley & Sons

ISBN: 9781118027967

Category: Computers

Page: 606

View: 9506

Now updated—your expert guide to twenty-first century information security Information security is a rapidly evolving field. As businesses and consumers become increasingly dependent on complex multinational information systems, it is more imperative than ever to protect the confidentiality and integrity of data. Featuring a wide array of new information on the most current security issues, this fully updated and revised edition of Information Security: Principles and Practice provides the skills and knowledge readers need to tackle any information security challenge. Taking a practical approach to information security by focusing on real-world examples, this book is organized around four major themes: Cryptography: classic cryptosystems, symmetric key cryptography, public key cryptography, hash functions, random numbers, information hiding, and cryptanalysis Access control: authentication and authorization, password-based security, ACLs and capabilities, multilevel security and compartments, covert channels and inference control, security models such as BLP and Biba's model, firewalls, and intrusion detection systems Protocols: simple authentication protocols, session keys, perfect forward secrecy, timestamps, SSH, SSL, IPSec, Kerberos, WEP, and GSM Software: flaws and malware, buffer overflows, viruses and worms, malware detection, software reverse engineering, digital rights management, secure software development, and operating systems security This Second Edition features new discussions of relevant security topics such as the SSH and WEP protocols, practical RSA timing attacks, botnets, and security certification. New background material has been added, including a section on the Enigma cipher and coverage of the classic "orange book" view of security. Also featured are a greatly expanded and upgraded set of homework problems and many new figures, tables, and graphs to illustrate and clarify complex topics and problems. A comprehensive solutions manual is available to assist in course development. Minimizing theory while providing clear, accessible content, Information Security remains the premier text for students and instructors in information technology, computer science, and engineering, as well as for professionals working in these fields.

Principles of Security Management

Author: Brian R. Johnson

Publisher: Prentice Hall

ISBN: N.A

Category: Business & Economics

Page: 474

View: 9325

This book makes an accessible introduction to contemporary management theories and concepts applied to private security. Incorporating the latest business and social science research, and illustrated throughout with case studies written by experienced security professionals, the book provides readers with a comprehensive understanding of what it takes to be an effective security manager in the 21st century. Detailed coverage includes the topics of leadership & supervision, planning and decision making, recruitment and selection, training, motivation, performance appraisal, discipline and discharge, labor relations, budgeting and scheduling. For managers and leaders in the private security industry, and for human resource personnel.

Contemporary Security Management

Author: David Patterson,John Fay

Publisher: Butterworth-Heinemann

ISBN: 0128092815

Category: Social Science

Page: 558

View: 5950

Contemporary Security Management, Fourth Edition, identifies and condenses into clear language the principal functions and responsibilities for security professionals in supervisory and managerial positions. Managers will learn to understand the mission of the corporate security department and how the mission intersects with the missions of other departments. The book assists managers with the critical interactions they will have with decision makers at all levels of an organization, keeping them aware of the many corporate rules, business laws, and protocols of the industry in which the corporation operates. Coverage includes the latest trends in ethics, interviewing, liability, and security-related standards. The book provides concise information on understanding budgeting, acquisition of capital equipment, employee performance rating, delegated authority, project management, counseling, and hiring. Productivity, protection of corporate assets, and monitoring of contract services and guard force operations are also detailed, as well as how to build quality relationships with leaders of external organizations, such as police, fire and emergency response agencies, and the Department of Homeland Security. Focuses on the evolving characteristics of major security threats confronting any organization Assists aspirants for senior security positions in matching their personal expertise and interests with particular areas of security management Includes updated information on the latest trends in ethics, interviewing, liability, and security-related standards

Principles and Practice of Information Security

Protecting Computers from Hackers and Lawyers

Author: Linda Volonino,Stephen R. Robinson

Publisher: Prentice Hall

ISBN: N.A

Category: Computers

Page: 232

View: 3453

This book provides professionals with the necessary managerial, technical, and legal background to support investment decisions in security technology. It discusses security from the perspective of hackers (i.e., technology issues and defenses) and lawyers (i.e., legal issues and defenses). This cross-disciplinary book is designed to help users quickly become current on what has become a fundamental business issue. This book covers the entire range of best security practices—obtaining senior management commitment, defining information security goals and policies, transforming those goals into a strategy for monitoring intrusions and compliance, and understanding legal implications. Topics also include computer crime, electronic evidence, cyber terrorism, and computer forensics. For professionals in information systems, financial accounting, human resources, health care, legal policy, and law. Because neither technical nor legal expertise is necessary to understand the concepts and issues presented, this book can be required reading for everyone as part of an enterprise-wide computer security awareness program.

The CISM Prep Guide

Mastering the Five Domains of Information Security Management

Author: Ronald L. Krutz,Russell Dean Vines

Publisher: John Wiley & Sons

ISBN: 0471455989

Category: Computers

Page: 433

View: 8374

* Prepares readers for the Certified Information Security Manager (CISM) exam, ISACA's new certification that launches in June 2003 * CISM is business-oriented and intended for the individual who must manage, design, oversee, and assess an enterprise's information security * Essential reading for those who are cramming for this new test and need an authoritative study guide * Many out-of-work IT professionals are seeking security management certification as a vehicle to re-employment * CD-ROM includes a Boson-powered test engine with all the questions and answers from the book

Computer and Information Security Handbook

Author: John R. Vacca

Publisher: Morgan Kaufmann

ISBN: 0128039299

Category: Computers

Page: 1280

View: 3996

Computer and Information Security Handbook, Third Edition, provides the most current and complete reference on computer security available in one volume. The book offers deep coverage of an extremely wide range of issues in computer and cybersecurity theory, applications, and best practices, offering the latest insights into established and emerging technologies and advancements. With new parts devoted to such current topics as Cloud Security, Cyber-Physical Security, and Critical Infrastructure Security, the book now has 100 chapters written by leading experts in their fields, as well as 12 updated appendices and an expanded glossary. It continues its successful format of offering problem-solving techniques that use real-life case studies, checklists, hands-on exercises, question and answers, and summaries. Chapters new to this edition include such timely topics as Cyber Warfare, Endpoint Security, Ethical Hacking, Internet of Things Security, Nanoscale Networking and Communications Security, Social Engineering, System Forensics, Wireless Sensor Network Security, Verifying User and Host Identity, Detecting System Intrusions, Insider Threats, Security Certification and Standards Implementation, Metadata Forensics, Hard Drive Imaging, Context-Aware Multi-Factor Authentication, Cloud Security, Protecting Virtual Infrastructure, Penetration Testing, and much more. Written by leaders in the field Comprehensive and up-to-date coverage of the latest security technologies, issues, and best practices Presents methods for analysis, along with problem-solving techniques for implementing practical solutions

Cyber Security Management

A Governance, Risk and Compliance Framework

Author: Peter Trim,Yang-Im Lee

Publisher: Routledge

ISBN: 1317155254

Category: Business & Economics

Page: 262

View: 3009

Cyber Security Management: A Governance, Risk and Compliance Framework by Peter Trim and Yang-Im Lee has been written for a wide audience. Derived from research, it places security management in a holistic context and outlines how the strategic marketing approach can be used to underpin cyber security in partnership arrangements. The book is unique because it integrates material that is of a highly specialized nature but which can be interpreted by those with a non-specialist background in the area. Indeed, those with a limited knowledge of cyber security will be able to develop a comprehensive understanding of the subject and will be guided into devising and implementing relevant policy, systems and procedures that make the organization better able to withstand the increasingly sophisticated forms of cyber attack. The book includes a sequence-of-events model; an organizational governance framework; a business continuity management planning framework; a multi-cultural communication model; a cyber security management model and strategic management framework; an integrated governance mechanism; an integrated resilience management model; an integrated management model and system; a communication risk management strategy; and recommendations for counteracting a range of cyber threats. Cyber Security Management: A Governance, Risk and Compliance Framework simplifies complex material and provides a multi-disciplinary perspective and an explanation and interpretation of how managers can manage cyber threats in a pro-active manner and work towards counteracting cyber threats both now and in the future.

Applied Information Security

A Hands-on Approach

Author: David Basin,Patrick Schaller,Michael Schläpfer

Publisher: Springer Science & Business Media

ISBN: 3642244742

Category: Computers

Page: 202

View: 6680

This book explores fundamental principles for securing IT systems and illustrates them with hands-on experiments that may be carried out by the reader using accompanying software. The experiments highlight key information security problems that arise in modern operating systems, networks, and web applications. The authors explain how to identify and exploit such problems and they show different countermeasures and their implementation. The reader thus gains a detailed understanding of how vulnerabilities arise and practical experience tackling them. After presenting the basics of security principles, virtual environments, and network services, the authors explain the core security principles of authentication and access control, logging and log analysis, web application security, certificates and public-key cryptography, and risk management. The book concludes with appendices on the design of related courses, report templates, and the basics of Linux as needed for the assignments. The authors have successfully taught IT security to students and professionals using the content of this book and the laboratory setting it describes. The book can be used in undergraduate or graduate laboratory courses, complementing more theoretically oriented courses, and it can also be used for self-study by IT professionals who want hands-on experience in applied information security. The authors' supporting software is freely available online and the text is supported throughout with exercises.

Information Risk Management

A Practitioner's Guide

Author: David Sutton

Publisher: BCS, The Chartered Institute for IT

ISBN: 9781780172682

Category: Business & Economics

Page: 208

View: 3439

Information risk management (IRM) is about identifying, assessing and prioritising risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It also includes a chapter on applying IRM in the public sector. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management.

Managing Information Security Risks

The OCTAVE Approach

Author: Christopher J. Alberts,Audrey J. Dorofee

Publisher: Addison-Wesley Professional

ISBN: 9780321118868

Category: Business & Economics

Page: 471

View: 8017

This is a descriptive and process-oriented book on a new security risk evaluation method, OCTAVE. OCTAVE stands for Operationally Critical Threat, Asset, and Vulnerability Evaluation "SM." An information security risk evaluation helps organizations evaluate organizational practice as well as the installed technology base and to make decisions based on potential impact.

Cyber Security

A Practitioner's Guide

Author: David Sutton

Publisher: BCS, The Chartered Institute for IT

ISBN: 9781780173405

Category: Computers

Page: 193

View: 9474

This book covers the various types of cyber threat and explains what you can do to mitigate these risks and keep your data secure. The book is crucial reading for businesses wanting to better understand security risks and ensure the safety of organisational and customer data.

Effective Security Management

Author: Charles A. Sennewald,Curtis Baillie

Publisher: Butterworth-Heinemann

ISBN: 0128027908

Category: Business & Economics

Page: 402

View: 9610

Effective Security Management, Sixth Edition teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. The author, Charles Sennewald, brings common sense, wisdom, and humor to this bestselling introduction to security management that is ideal for both new and experienced security managers. The sixth edition of this classic professional reference work on the topic includes newly updated and expanded coverage of topics such as the integration of security executive into the business, background checks and hiring procedures, involvement in labor disputes, organized crime, and the role of social media. Offers the most current picture of the role and duties of security managers Includes three new chapters on security ethics and conflicts of interest, convergence in security management, and ISO security standards, along with coverage of new security jobs titles and duties Contains updated contributions from leading security experts Colin Braziel, Karim Vellani, and James Broder Case studies and examples from around the world are included to facilitate further understanding

Principles of information systems security

text and cases

Author: Gurpreet Dhillon

Publisher: Wiley

ISBN: 9780471450566

Category: Computers

Page: 451

View: 1526

No one ever arrested a computer for computer crime. The real threat to information systems security comes from people, not computers. That's why students need to understand both the technical implementation of security controls, as well as the softer human behavioral and managerial factors that contribute to the theft and sabotage of proprietary data. Addressing both the technical and human side of information systems security, Dhillon's "Principles of Information Systems Security" helps future managers understand the broad range of technical, managerial, ethical, and legal issues related to IS security, and equips them with specific tools and techniques to support effective IS security management. Key Features Balanced coverage addresses the social and technical nature of IS security. Takes a managerial orientation, presenting key security challenges that information technology managers commonly face. Provides an analytical framework to conceptualize IS security problems. Draws on a range of disciplines, such as computer science, sociology, law, anthropology, and behavioral science. Cases put the theoretical material in real-life context. Gurpreet Dhillon is a Professor of Information Systems in the School of Business, Virginia Commonwealth University, Richmond, USA. He is the Editor-in-Chief of the "Journal of Information System Security," is the North American Regional Editor of the "International Journal of Information Management, " and sits on the editorial board of "MISQ Executive."

Network Security Bible

Author: Eric Cole,Ronald L. Krutz,James Conley

Publisher: John Wiley & Sons

ISBN: 0764589156

Category: Computers

Page: 694

View: 3202

A must for working network and security professionals as well as anyone in IS seeking to build competence in the increasingly important field of security Written by three high-profile experts, including Eric Cole, an ex-CIA security guru who appears regularly on CNN and elsewhere in the media, and Ronald Krutz, a security pioneer who cowrote The CISSP Prep Guide and other security bestsellers Covers everything from basic security principles and practices to the latest security threats and responses, including proven methods for diagnosing network vulnerabilities and insider secrets for boosting security effectiveness

Managing Risk and Information Security

Protect to Enable

Author: Malcolm W. Harkins

Publisher: Apress

ISBN: 1484214552

Category: Computers

Page: 187

View: 4339

Examine the evolving enterprise security landscape and discover how to manage and survive risk. While based primarily on the author’s experience and insights at major companies where he has served as CISO and CSPO, the book also includes many examples from other well-known companies and provides guidance for a management-level audience. Managing Risk and Information Security provides thought leadership in the increasingly important area of enterprise information risk and security. It describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology not only for internal operations but increasing as a part of product or service creation, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This edition discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities and offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies—such as social media and the huge proliferation of Internet-enabled devices—while minimizing risk. What You'll Learn Review how people perceive risk and the effects it has on information security See why different perceptions of risk within an organization matters Understand and reconcile these differing risk views Gain insights into how to safely enable the use of new technologies Who This Book Is For The primary audience is CIOs and other IT leaders, CISOs and other information security leaders, IT auditors, and other leaders of corporate governance and risk functions. The secondary audience is CEOs, board members, privacy professionals, and less senior-level information security and risk professionals. "Harkins’ logical, methodical approach as a CISO to solving the most complex cybersecurity problems is reflected in the lucid style of this book. His enlightened approach to intelligence-based security infrastructure and risk mitigation is our best path forward if we are ever to realize the vast potential of the innovative digital world we are creating while reducing the threats to manageable levels. The author shines a light on that path in a comprehensive yet very readable way." —Art Coviello, Former CEO and Executive Chairman, RSA

Healthcare Information Security and Privacy

Author: Sean Murphy

Publisher: McGraw Hill Professional

ISBN: 0071831827

Category: Computers

Page: 560

View: 6128

Secure and protect sensitive personal patient healthcare information Written by a healthcare information security and privacy expert, this definitive resource fully addresses security and privacy controls for patient healthcare information. Healthcare Information Security and Privacy introduces you to the realm of healthcare and patient health records with a complete overview of healthcare organization, technology, data, occupations, roles, and third parties. Learn best practices for healthcare information security and privacy with coverage of information governance, risk assessment and management, and incident response. Written for a global audience, this comprehensive guide covers U.S. laws and regulations as well as those within the European Union, Switzerland, and Canada. Healthcare Information and Security and Privacy covers: Healthcare industry Regulatory environment Privacy and security in healthcare Information governance Risk assessment and management