Information Security: Principles and Practices (Certification/Training) 2nd Edition, Kindle Edition

About This eBook
Title Page
Copyright Page
Contents at a Glance
Table of Contents
Preface
About the Authors
Acknowledgments
We Want to Hear from You!
Reader Services
Chapter 1. Why Study Information Security?
Introduction
The Growing Importance of IT Security and New Career Opportunities
Becoming an Information Security Specialist
Contextualizing Information Security
Summary
Test Your Skills
Chapter 2. Information Security Principles of Success
Introduction
Principle 1: There Is No Such Thing As Absolute Security
Principle 2: The Three Security Goals Are Confidentiality, Integrity, and Availability
Principle 3: Defense in Depth as Strategy
Principle 4: When Left on Their Own, People Tend to Make the Worst Security Decisions
Principle 5: Computer Security Depends on Two Types of Requirements: Functional and Assurance
Principle 6: Security Through Obscurity Is Not an Answer
Principle 7: Security = Risk Management
Principle 8: The Three Types of Security Controls Are Preventative, Detective, and Responsive
Principle 9: Complexity Is the Enemy of Security
Principle 10: Fear, Uncertainty, and Doubt Do Not Work in Selling Security
Principle 11: People, Process, and Technology Are All Needed to Adequately Secure a System or Facility
Principle 12: Open Disclosure of Vulnerabilities Is Good for Security!
Summary
Test Your Skills
Chapter 3. Certification Programs and the Common Body of Knowledge
Introduction
Certification and Information Security
International Information Systems Security Certifications Consortium (ISC)2
The Information Security Common Body of Knowledge
Other Certificate Programs in the IT Security Industry
Summary
Test Your Skills
Chapter 4. Governance and Risk Management
Introduction
Security Policies Set the Stage for Success
Understanding the Four Types of Policies
Developing and Managing Security Policies
Providing Policy Support Documents
Suggested Standards Taxonomy
Who Is Responsible for Security?
Summary
Test Your Skills
Chapter 5. Security Architecture and Design
Introduction
Defining the Trusted Computing Base
Protection Mechanisms in a TCB
System Security Assurance Concepts
The Trusted Computer Security Evaluation Criteria
The Canadian Trusted Computer Product Evaluation Criteria
The Federal Criteria for Information Technology Security
The Common Criteria
The Common Evaluation Methodology
Confidentiality and Integrity Models
Summary
Test Your Skills
Chapter 6. Business Continuity Planning and Disaster Recovery Planning
Introduction
Overview of the Business Continuity Plan and Disaster Recovery Plan
Disaster Recovery Planning
Summary
Test Your Skills
Chapter 7. Law, Investigations, and Ethics
Introduction
Types of Computer Crime
How Cybercriminals Commit Crimes
The Computer and the Law
Intellectual Property Law
Privacy and the Law
Computer Forensics
The Information Security Professional’s Code of Ethics
Other Ethics Standards
Summary
Test Your Skills
Chapter 8. Physical Security Control
Introduction
Understanding the Physical Security Domain
Summary
Test Your Skills
Chapter 9. Operations Security
Introduction
Operations Security Principles
Operations Security Process Controls
Operations Security Controls in Action
Summary
Test Your Skills
Chapter 10. Access Control Systems and Methodology
Introduction
Terms and Concepts
Principles of Authentication
Biometrics
Single Sign-On
Remote User Access and Authentication
Summary
Test Your Skills
Chapter 11. Cryptography
Introduction
Applying Cryptography to Information Systems
Basic Terms and Concepts
Strength of Cryptosystems
Putting the Pieces to Work
Examining Digital Cryptography
Summary
Test Your Skills
Chapter 12. Telecommunications, Network, and Internet Security
Introduction
An Overview of Network and Telecommunications Security
Network Security in Context
The Open Systems Interconnection Reference Model
Data Network Types
Protecting TCP/IP Networks
Virtual Private Networks
IPSec
Cloud Computing
Summary
Test Your Skills
Chapter 13. Software Development Security
Introduction
The Practice of Software Engineering
Software Development Life Cycles
Don’t Bolt Security On—Build It In
Design Reviews
Measuring the Secure Development Program
Summary
Test Your Skills
Chapter 14. Securing the Future
Introduction
Operation Eligible Receiver
Carders, Account Takeover, and Identity Theft
The Rosy Future for InfoSec Specialists
Summary
Test Your Skills
Appendix A. Common Body of Knowledge
Access Control
Telecommunications and Network Security
Information Security Governance and Risk Management
Software Development Security
Cryptography
Security Architecture and Design
Operations Security
Business Continuity and Disaster Recovery Planning
Legal Regulations, Investigations, and Compliance
Physical (Environmental) Security
Appendix B. Security Policy and Standards Taxonomy
Appendix C. Sample Policies
Sample Computer Acceptable Use Policy
Sample Email Use Policy
Sample Password Policy
Sample Wireless (WiFi) Use Policy
Appendix D. HIPAA Security Rule Standards
HIPAA Security Standards
Administrative Procedures
Physical Safeguards
Technical Security Services
Technical Security Mechanisms
Index