(Ebook) Principles of Information Security 5th Edition by Michael E Whitman, Herbert J Mattord ISBN 9781285448367 1285448367

(Ebook) Principles of Information Security 5th Edition by Michael E Whitman, Herbert J Mattord ISBN 9781285448367 1285448367

(Ebook) Principles of Information Security 5th Edition by Michael E Whitman, Herbert J Mattord - Ebook PDF Instant Download/Delivery: 9781285448367 ,1285448367
Full download (Ebook) Principles of Information Security 5th Edition after payment

Product details:

ISBN 10: 1285448367
ISBN 13: 9781285448367
Author: Michael E Whitman, Herbert J Mattord

(Ebook) Principles of Information Security 5th Edition Table of contents:

Chapter 1. Introduction to Information Security

The History of Information Security

The 1960s

The 1970s and 80s

The 1990s

2000 to Present

What Is Security?

Key Information Security Concepts

Critical Characteristics of Information

CNSS Security Model

Components of an Information System

Software

Hardware

Data

People

Procedures

Networks

Balancing Information Security and Access

Approaches to Information Security Implementation

Security in the Systems Life Cycle

The Systems Development Life Cycle

The Security Systems Development Life Cycle

Software Assurance—Security in the SDLC

Software Design Principles

The NIST Approach to Securing the SDLC

Security Professionals and the Organization

Senior Management

Information Security Project Team

Data Responsibilities

Communities of Interest

Information Security Management and Professionals

Information Technology Management and Professionals

Organizational Management and Professionals

Information Security: Is It an Art or a Science?

Security as Art

Security as Science

Security as a Social Science

Selected Readings

Chapter Summary

Review Questions

Exercises

Case Exercises

Chapter 2. The Need for Security

Threats and Attacks

2.5 Billion Potential Hackers

Other Studies of Threats

Common Attack Pattern Enumeration and Classification (CAPEC)

The 12 Categories of Threats

Compromises to Intellectual Property

Software Piracy

Copyright Protection and User Registration

Deviations in Quality of Service

Internet Service Issues

Communications and Other Service Provider Issues

Power Irregularities

Espionage or Trespass

Hackers

Hacker Variants

Password Attacks

Forces of Nature

Fire

Floods

Earthquakes

Lightning

Landslides or Mudslides

Tornados or Severe Windstorms

Hurricanes, Typhoons, and Tropical Depressions

Tsunamis

Electrostatic Discharge

Dust Contamination

Human Error or Failure

Social Engineering

Information Extortion

Sabotage or Vandalism

Online Activism

Software Attacks

Malware

Back Doors

Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks

E-mail Attacks

Communications Interception Attacks

Technical Hardware Failures or Errors

The Intel Pentium CPU Failure

Mean Time Between Failure

Technical Software Failures or Errors

The OWASP Top 10

The Deadly Sins in Software Security

Technological Obsolescence

Theft

Selected Readings

Chapter Summary

Review Questions

Exercises

Case Exercises

Chapter 3. Legal, Ethical, and Professional Issues in Information Security

Law and Ethics in Information Security

Organizational Liability and the Need for Counsel

Policy Versus Law

Types of Law

Relevant U.S. Laws

General Computer Crime Laws

Export and Espionage Laws

U.S. Copyright Law

Financial Reporting

Freedom of Information Act of 1966

Payment Card Industry Data Security Standards (PCI DSS)

State and Local Regulations

International Laws and Legal Bodies

U.K. Computer Security Laws

Australian Computer Security Laws

Council of Europe Convention on Cybercrime

World Trade Organization and the Agreement on Trade-Related Aspects of Intellectual Property Rights

Digital Millennium Copyright Act

Ethics and Information Security

Ethical Differences Across Cultures

Ethics and Education

Deterring Unethical and Illegal behavior

Codes of Ethics at Professional Organizations

Major Information Security Professional Organizations

Key U.S. Federal Agencies

Department of Homeland Security

U.S. Secret Service

Federal Bureau of Investigation (FBI)

National Security Agency (NSA)

Selected Readings

Chapter Summary

Review Questions

Exercises

Case Exercises

Chapter 4. Planning for Security

Information Security Planning and Governance

Planning Levels

Planning and the CISO

Information Security Governance

Information Security Governance Outcomes

Information Security Policy, Standards, and Practices

Policy as the Foundation for Planning

Enterprise Information Security Policy

Issue-Specific Security Policy

Systems-Specific Security Policy (SysSP)

Policy Management

The Information Security Blueprint

The ISO 27000 Series

NIST Security Models

Other Sources of Security Frameworks

Design of Security Architecture

Security Education, Training, and Awareness Program

Security Education

Security Training

Security Awareness

Continuity Strategies

The CP Policy

Business Impact Analysis

Incident Response Planning

Disaster Recovery Planning

Business Continuity Planning

Crisis Management

The Consolidated Contingency Plan

Law Enforcement Involvement

Selected Readings

Chapter Summary

Review Questions

Exercises

Case Exercises

Chapter 5. Risk Management

An Overview of Risk Management

Know Yourself

Know the Enemy

The Roles of the Communities of Interest

Risk Appetite and Residual Risk

Risk Identification

Planning and Organizing the Process

Identifying, Inventorying, and Categorizing Assets

Classifying, Valuing, and Prioritizing Information Assets

Security Clearances

Management of Classified Data

Information Asset Valuation

Identifying and Prioritizing Threats

Specifying Asset Vulnerabilities

The TVA Worksheet

Risk Assessment

Planning and Organizing Risk Assessment

Determining the Loss Frequency

Evaluating Loss Magnitude

Calculating Risk

Assessing Risk Acceptability

The FAIR Approach to Risk Assessment

Risk Control

Selecting Control Strategies

Defense

Transfer

Mitigation

Acceptance

Termination

Justifying Controls

Implementation, Monitoring, and Assessment of Risk Controls

Quantitative Versus Qualitative Risk Management Practices

Benchmarking and Best Practices

Baselining

Other Feasibility Studies

Recommended Risk Control Practices

Documenting Results

The NIST Risk Management Framework

Selected Readings

Chapter Summary

Review Questions

Exercises

Case Exercises

Chapter 6. Security Technology: Firewalls and VPNs

Access Control

Access Control Mechanisms

Biometrics

Access Control Architecture Models

Bell-LaPadula Confidentiality Model

Firewalls

Firewall Processing Modes

Firewall Architectures

Selecting the Right Firewall

Configuring and Managing Firewalls

Content Filters

Protecting Remote Connections

Remote Access

Virtual Private Networks (VPNs)

Selected Readings

Chapter Summary

Review Questions

Exercises

Case Exercises

Chapter 7. Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools

Intrusion Detection and Prevention Systems

IDPS Terminology

Why Use an IDPS?

Types of IDPSs

IDPS Detection Methods

IDPS Response Behavior

Selecting IDPS Approaches and Products

Strengths and Limitations of IDPSs

Deployment and Implementation of an IDPS

Measuring the Effectiveness of IDPSs

Honeypots, Honeynets, and Padded Cell Systems

Trap-and-Trace Systems

Active Intrusion Prevention

Scanning and Analysis Tools

Port Scanners

Firewall Analysis Tools

Operating System Detection Tools

Vulnerability Scanners

Packet Sniffers

Wireless Security Tools

Selected Readings

Chapter Summary

Review Questions

Exercises

Case Exercises

Chapter 8. Cryptography

Foundations of Cryptology

Terminology

Cipher Methods

Substitution Cipher

Transposition Cipher

Exclusive OR

Vernam Cipher

Book-Based Ciphers

Hash Functions

Cryptographic Algorithms

Symmetric Encryption

Asymmetric Encryption

Encryption Key Size

Cryptographic Tools

Public Key Infrastructure (PKI)

Digital Signatures

Digital Certificates

Hybrid Cryptography Systems

Steganography

Protocols for Secure Communications

Securing Internet Communication with S-HTTP and SSL

Securing E-mail with S/MIME, PEM, and PGP

Securing Web Transactions with SET, SSL, and S-HTTP

Securing Wireless Networks with WEP and WPA

Securing TCP/IP with IPSec and PGP

Selected Readings

Chapter Summary

Review Questions

Exercises

Case Exercises

Chapter 9. Physical Security

Physical Access Controls

Physical Security Controls

Fire Security and Safety

Fire Detection and Response

Failure of Supporting Utilities and Structural Collapse

Heating, Ventilation, and Air Conditioning

Power Management and Conditioning

Water Problems

Structural Collapse

Maintenance of Facility Systems

Interception of Data

Securing Mobile and Portable Systems

Remote Computing Security

Special Considerations for Physical Security

Selected Readings

Chapter Summary

Review Questions

Exercises

Case Exercises

Chapter 10. Implementing Information Security

Information Security Project Management

Developing the Project Plan

Project Planning Considerations

The Need for Project Management

Security Project Management Certifications

Technical Aspects of Implementation

Conversion Strategies

The Bull’s-Eye Model

To Outsource or Not

Technology Governance and Change Control

The SANS Top 20 Critical Security Controls

Nontechnical Aspects of Implementation

The Culture of Change Management

Considerations for Organizational Change

Information Systems Security Certification and Accreditation

Certification Versus Accreditation

The NIST Security Life Cycle Approach

NSTISS Certification and Accreditation

ISO 27001/27002 Systems Certification and Accreditation

Selected Readings

Chapter Summary

Review Questions

Exercises

Case Exercises

Chapter 11. Security and Personnel

Positioning and Staffing the Security Function

Staffing the Information Security Function

Credentials for Information Security Professionals

( ISC ) 2 Certifications

ISACA Certifications

SANS Certifications

EC Council Certifications

CompTIA Certifications

ISFCE Certifications

Certification Costs

Advice for Information Security Professionals

Employment Policies and Practices

Job Descriptions

Interviews

Background Checks

Employment Contracts

New Hire Orientation

On-the-Job Security Training

Evaluating Performance

Termination

Security Considerations for Temporary Employees, Consultants, and Other Workers

Temporary Employees

Contract Employees

Consultants

Business Partners

Internal Control Strategies

Privacy and the Security of Personnel Data

Selected Readings

Chapter Summary

Review Questions

Exercises

Case Exercises

Chapter 12. Information Security Maintenance

Security Management Maintenance Models

NIST SP 800-100, Information Security Handbook: A Guide for Managers

The Security Maintenance Model

Digital Forensics

The Digital Forensics Team

Affidavits and Search Warrants

Digital Forensics Methodology

Evidentiary Procedures

Selected Readings

Chapter Summary

Review Questions

Exercises

People also search for (Ebook) Principles of Information Security 5th Edition:

    
principles of computer security pdf
    
principles of cyber security pdf
    
principles of information security ppt
    
principles of information security pdf
    
principles of computer networks and information security

Tags: Michael E Whitman, Herbert J Mattord, Information Security