Master the latest technology and developments from the field with the book specifically oriented to the needs of those learning information systems -- PRINCIPLES OF INFORMATION SECURITY, 6E. Taking a managerial approach, this bestseller emphasizes all aspects of information security, rather than just the technical control perspective. Readers gain a broad overview of the entire field of information security and related elements with the detail to ensure understanding. The book highlights terms used in the field and a history of the discipline as readers learn how to manage an information security program. This edition highlights the latest practices with fresh examples that explore the impact of emerging technologies, such as the Internet of Things, Cloud Computing, and DevOps. Updates address technical security controls, emerging legislative issues, digital forensics, and ethical issues in IS security, making this the ideal IS resource for business decision makers. Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.
Master the latest technology and developments from the field with the book specifically oriented to the needs of information systems students like you -- PRINCIPLES OF INFORMATION SECURITY, 6E. Taking a managerial approach, this bestseller emphasizes all aspects of information security, rather than just a technical control perspective. You receive a broad overview of the entire field of information security and related elements with the detail to ensure understanding. You review terms used in the field and a history of the discipline as you learn how to manage an information security program. Current and relevant, this edition highlights the latest practices with fresh examples that explore the impact of emerging technologies, such as the Internet of Things, Cloud Computing, and DevOps. Updates address technical security controls, emerging legislative issues, digital forensics, and ethical issues in IS security, making this the ideal IS resource for business decision makers.
No one ever arrested a computer for computer crime. The real threat to information systems security comes from people, not computers. That's why students need to understand both the technical implementation of security controls, as well as the softer human behavioral and managerial factors that contribute to the theft and sabotage of proprietary data. Addressing both the technical and human side of information systems security, Dhillon's "Principles of Information Systems Security" helps future managers understand the broad range of technical, managerial, ethical, and legal issues related to IS security, and equips them with specific tools and techniques to support effective IS security management. Key Features Balanced coverage addresses the social and technical nature of IS security. Takes a managerial orientation, presenting key security challenges that information technology managers commonly face. Provides an analytical framework to conceptualize IS security problems. Draws on a range of disciplines, such as computer science, sociology, law, anthropology, and behavioral science. Cases put the theoretical material in real-life context. Gurpreet Dhillon is a Professor of Information Systems in the School of Business, Virginia Commonwealth University, Richmond, USA. He is the Editor-in-Chief of the "Journal of Information System Security," is the North American Regional Editor of the "International Journal of Information Management, " and sits on the editorial board of "MISQ Executive."
Now updated—your expert guide to twenty-first century information security Information security is a rapidly evolving field. As businesses and consumers become increasingly dependent on complex multinational information systems, it is more imperative than ever to protect the confidentiality and integrity of data. Featuring a wide array of new information on the most current security issues, this fully updated and revised edition of Information Security: Principles and Practice provides the skills and knowledge readers need to tackle any information security challenge. Taking a practical approach to information security by focusing on real-world examples, this book is organized around four major themes: Cryptography: classic cryptosystems, symmetric key cryptography, public key cryptography, hash functions, random numbers, information hiding, and cryptanalysis Access control: authentication and authorization, password-based security, ACLs and capabilities, multilevel security and compartments, covert channels and inference control, security models such as BLP and Biba's model, firewalls, and intrusion detection systems Protocols: simple authentication protocols, session keys, perfect forward secrecy, timestamps, SSH, SSL, IPSec, Kerberos, WEP, and GSM Software: flaws and malware, buffer overflows, viruses and worms, malware detection, software reverse engineering, digital rights management, secure software development, and operating systems security This Second Edition features new discussions of relevant security topics such as the SSH and WEP protocols, practical RSA timing attacks, botnets, and security certification. New background material has been added, including a section on the Enigma cipher and coverage of the classic "orange book" view of security. Also featured are a greatly expanded and upgraded set of homework problems and many new figures, tables, and graphs to illustrate and clarify complex topics and problems. A comprehensive solutions manual is available to assist in course development. Minimizing theory while providing clear, accessible content, Information Security remains the premier text for students and instructors in information technology, computer science, and engineering, as well as for professionals working in these fields.
Facts101 is your complete guide to Principles of Information Security. In this book, you will learn topics such as as those in your book plus much more. With key features such as key terms, people and places, Facts101 gives you all the information you need to prepare for your next exam. Our practice tests are specific to the textbook and we have designed tools to make the most of your limited study time.
Readers discover a managerially-focused overview of information security with a thorough treatment of how to most effectively administer it with MANAGEMENT OF INFORMATION SECURITY, 5E. Information throughout helps readers become information security management practitioners able to secure systems and networks in a world where continuously emerging threats, ever-present attacks, and the success of criminals illustrate the weaknesses in current information technologies. Current and future professional managers complete this book with the exceptional blend of skills and experiences to develop and manage the more secure computing environments that today’s organizations need. This edition offers a tightened focus on key executive and managerial aspects of information security while still emphasizing the important foundational material to reinforce key concepts. Updated content reflects the most recent developments in the field, including NIST, ISO, and security governance. Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.
This book provides professionals with the necessary managerial, technical, and legal background to support investment decisions in security technology. It discusses security from the perspective of hackers (i.e., technology issues and defenses) and lawyers (i.e., legal issues and defenses). This cross-disciplinary book is designed to help users quickly become current on what has become a fundamental business issue. This book covers the entire range of best security practices—obtaining senior management commitment, defining information security goals and policies, transforming those goals into a strategy for monitoring intrusions and compliance, and understanding legal implications. Topics also include computer crime, electronic evidence, cyber terrorism, and computer forensics. For professionals in information systems, financial accounting, human resources, health care, legal policy, and law. Because neither technical nor legal expertise is necessary to understand the concepts and issues presented, this book can be required reading for everyone as part of an enterprise-wide computer security awareness program.
ROADMAP TO INFORMATION SECURITY: FOR IT AND INFOSEC MANAGERS provides a solid overview of information security and its relationship to the information needs of an organization. Content is tailored to the unique needs of information systems professionals who find themselves brought in to the intricacies of information security responsibilities. The book is written for a wide variety of audiences looking to step up to emerging security challenges, ranging from students to experienced professionals. This book is designed to guide the information technology manager in dealing with the challenges associated with the security aspects of their role, providing concise guidance on assessing and improving an organization's security. The content helps IT managers to handle an assignment to an information security role in ways that conform to expectations and requirements, while supporting the goals of the manager in building and maintaining a solid information security program. Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.
Information Security: Principles and Practices, Second Edition Everything You Need to Know About Modern Computer Security, in One Book Clearly explains all facets of information security in all 10 domains of the latest Information Security Common Body of Knowledge [(ISC)² CBK]. Thoroughly updated for today’s challenges, technologies, procedures, and best practices. The perfect resource for anyone pursuing an IT security career. Fully updated for the newest technologies and best practices, Information Security: Principles and Practices, Second Edition thoroughly covers all 10 domains of today’s Information Security Common Body of Knowledge. Two highly experienced security practitioners have brought together all the foundational knowledge you need to succeed in today’s IT and business environments. They offer easy-to-understand, practical coverage of topics ranging from security management and physical security to cryptography and application development security. This edition fully addresses new trends that are transforming security, from cloud services to mobile applications, “Bring Your Own Device” (BYOD) strategies to today’s increasingly rigorous compliance requirements. Throughout, you’ll find updated case studies, review questions, and exercises–all designed to reveal today’s real-world IT security challenges and help you overcome them. Learn how to -- Recognize the evolving role of IT security -- Identify the best new opportunities in the field -- Discover today’s core information security principles of success -- Understand certification programs and the CBK -- Master today’s best practices for governance and risk management -- Architect and design systems to maximize security -- Plan for business continuity -- Understand the legal, investigatory, and ethical requirements associated with IT security -- Improve physical and operational security -- Implement effective access control systems -- Effectively utilize cryptography -- Improve network and Internet security -- Build more secure software -- Define more effective security policies and standards -- Preview the future of information security
Safeguarding the confidentiality, authenticity, integrity, and non-repudiation of information is paramount to organizational stability and success. This new book provides an understanding of information security, potential threats to our information, and effective countermeasures to proactively combat those threats. A comprehensive review of cryptographic techniques is presented and explained in simple mathematical terms. The text covers symmetrical and asymmetrical encryption, digital signatures, Kerberos, creation/deployment of strong keys and passwords, Virtual Private Networks, SET, SSL, SSH, IPSec, and authentication techniques. A detailed examination of Tiny Encryption Algorithm (TEA) exposes readers to the inner workings of encryption. CD-ROM experiments help solidify the learning experience. Emphasis throughout is on the application of the cryptographic methods and support structures needed to effectively apply the principles to create a secure business setting.
Readings and Cases in Information Security: Law and Ethics provides a depth of content and analytical viewpoint not found in many other books. Designed for use with any Cengage Learning security text, this resource offers readers a real-life view of information security management, including the ethical and legal issues associated with various on-the-job experiences. Included are a wide selection of foundational readings and scenarios from a variety of experts to give the reader the most realistic perspective of a career in information security. Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.
For professionals in information systems, financial accounting, human resources, health care, legal policy, and law. Because neither technical nor legal expertise is necessary to understand the concepts and issues presented, this book can be required reading for everyone as part of an enterprise-wide computer security awareness program.This book covers the entire range of best security practices obtaining senior management commitment, defining information security goals and policies, transforming those goals into a strategy for monitoring intrusions and compliance, and understanding legal implications. Topics also include computer crime, electronic evidence, cyber terrorism, and computer forensics.
Michael E. Whitman,Herbert J. Mattord,Andrew Green
Author: Michael E. Whitman,Herbert J. Mattord,Andrew Green
Publisher: Cengage Learning
HANDS-ON INFORMATION SECURITY LAB MANUAL, Fourth Edition, helps you hone essential information security skills by applying your knowledge to detailed, realistic exercises using Microsoft Windows 2000, Windows XP, Windows 7, and Linux. This wide-ranging, non-certification-based lab manual includes coverage of scanning, OS vulnerability analysis and resolution, firewalls, security maintenance, forensics, and more. The Fourth Edition includes new introductory labs focused on virtualization techniques and images, giving you valuable experience with some of the most important trends and practices in information security and networking today. All software necessary to complete the labs are available online as a free download. An ideal resource for introductory, technical, and managerial courses or self-study, this versatile manual is a perfect supplement to the PRINCIPLES OF INFORMATION SECURITY, SECURITY FUNDAMENTALS, and MANAGEMENT OF INFORMATION SECURITY books. Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.
This book offers a comprehensive introduction to the fundamental aspects of Information Security (including Web, Networked World, Systems, Applications, and Communication Channels). Security is also an essential part of e-business strategy (including protecting critical infrastructures that depend on information systems) and hence information security in the enterprise (Government, Industry, Academia, and Society) and over networks has become the primary concern. The book provides the readers with a thorough understanding of how information can be protected throughout computer networks. The concepts related to the main objectives of computer and information security systems, namely confidentiality, data integrity, authentication (entity and data origin), access control, and non-repudiation have been elucidated, providing a sound foundation in the principles of cryptography and network security. The book provides a detailed treatment of design principles of classical and modern cryptosystems through an elaborate study of cryptographic techniques, algorithms, and protocols. It covers all areas of security—using Symmetric key and Public key cryptography, hash functions, authentication techniques, biometric techniques, and stegano-graphy. Besides, techniques such as Secure Socket Layer (SSL), Firewalls, IPSec for Web security and network security are addressed as well to complete the security framework of the Internet. Finally, the author demons-trates how an online voting system can be built, showcasing information security techniques, for societal benefits. Information Security: Theory and Practice is intended as a textbook for a one-semester course in Information Security/Network Security and Crypto-graphy for B.E./B.Tech students of Computer Science and Engineering and Information Technology.
This thoroughly revised and well-organised book is in its second edition, continues to present the principles, techniques, design and implementation of cryptography and information security algorithms, with a perfect balance in the presentation of theoretical and practical aspects. To provide the mathematical background required to understand the principles of cryptography and information security, the text explains all the relevant theorems such as Fermat’s theorem and Euler’s theorem. The book gives a clear analysis of various encryption methods and cipher techniques. In addition, various security measures, for example, firewalls and virtual private network, and web security, are also discussed. This edition includes the topics with new innovations and improvements in the field of cryptography and information security in a substantial and comprehensive way. In this edition, the effort is taken to improve the pedagogy and user friendliness. It incorporates many solved numerical problems to clarify the various concepts and different algorithms and also includes MCQs with their answers in each chapter. The book is intended for the undergraduate and postgraduate students of computer science and engineering (B.Tech./M.Tech.), undergraduate and postgraduate students of computer science (B.Sc./M.Sc. Computer Science), and information technology (B.Sc./M.Sc. IT) and the students of Master of Computer Applications (MCA). KEY FEATURES Covers the latest topic of computer forensics and the areas in which they can be applied. Gives algorithms with numerical explanations. Provides a large number of solved problems.
This is the era of information. We can read up about everything on the internet. The data is freely available, thus the important data needs to be secured. Hence, the need for information security has risen in the past few years. This book includes specialised researches on topics related to information security, along with new concepts and theories in this field.