Home Page Icon
Home Page
Table of Contents for
I List of Acronyms
Close
I List of Acronyms
by Steven Hernandez, Corey Schou
Information Assurance Handbook: Effective Computer Security and Risk Management Strategies
Cover
Title
Copyright Page
Dedication
Contents
Foreword
Acknowledgments
Introduction
Part I Information Assurance Basics
Chapter 1 Developing an Information Assurance Strategy
Comprehensive
Independent
Legal and Regulatory Requirements
Living Document
Long Life Span
Customizable and Pragmatic
Risk-Based Approach
Organizationally Significant
Strategic, Tactical, and Operational
Concise, Well-Structured, and Extensible
Critical Thinking Exercises
Chapter 2 The Need for Information Assurance
Protection of Critical and Sensitive Assets
Compliance to Regulations and Circulars/Laws
Meeting Audit and Compliance Requirements
Providing Competitive Advantage
Critical Thinking Exercises
Chapter 3 Information Assurance Principles
The MSR Model of Information Assurance
Information Assurance
Information Security
Information Protection
Cybersecurity
Information Assurance: Business Enabler
Information Assurance: Protects the Fabric of an Organization’s Systems
Information Assurance: Cost Effective and Cost Beneficial
Information Assurance: Shared Responsibilities
Information Assurance: Robust Approach
Information Assurance: Reassessed Periodically
Information Assurance: Restricted by Social Obligations
Implications from Lack of Information Assurance
Penalties from a Legal/Regulatory Authorities
Loss of Information Assets
Operational Losses and Operational Risk Management
Customer Losses
Loss of Image and Reputation
Further Reading
Critical Thinking Exercises
Chapter 4 Information Assurance Concepts
Defense in Depth
Confidentiality, Integrity, and Availability
Confidentiality
Integrity
Availability
CIA Balance
Nonrepudiation and Authentication
Nonrepudiation
Identification, Authentication, Authorization, and Accountability
Identification
Authentication
Authorization
Accountability
Privacy’s Relationship to Information Assurance
Assets, Threats, Vulnerabilities, Risks, and Controls
Common Threats
Vulnerabilities
Controls
Cryptology
Codes and Ciphers
Further Reading
Critical Thinking Exercises
Chapter 5 Organizations Providing Resources for Professionals
Organizations Providing Resources for Professionals
(ISC)2 International Information System Security Certification Consortium
Computing Technology Industry Association
Information System Audit and Control Association
Information System Security Association
SANS Institute
Disaster Recovery Institute, International
Business Continuity Institute
Deciding Among Certifications
Codes of Ethics
Further Reading
Critical Thinking Exercises
Chapter 6 Information Assurance Management System
Security Considerations for the Information Asset Life Cycle
Plan-Do-Check-Act Model
Plan
Do
Check
Act
Boyd’s OODA Loop
The Kill Chain
Further Reading
Critical Thinking Exercises
Chapter 7 Current Practices, Regulations, and Plans for Information Assurance Strategy
Due Care and Due Diligence
Due Care
Due Diligence
Specific Laws and Regulations
Computer Laws
Intellectual Property Law
Privacy Laws
International Laws and Acts
Standards and Best Practices
Further Reading
Critical Thinking Exercise
Part II Information Assurance Planning Process
Chapter 8 Approaches to Implementing Information Assurance
Key Components of Information Assurance Approaches
Levels of Controls in Managing Security
Top-Down Approach
Bottom-Up Approach
Outsourcing and the Cloud
Balancing Information Assurance and Associated Costs
Further Reading
Critical Thinking Exercises
Chapter 9 Organizational Structure for Managing Information Assurance
Importance of Managing Information Assurance as a Program
Structure of an Information Assurance Organization
Information Assurance Staffing
Roles and Responsibilities
Senior Management
Information Assurance Units
Technology and Service Providers
Users
Organizational Maturity
Information Technology Infrastructure Library
Capability Maturity Model
Organizational Change Maturity Model
Outsourcing and Cloud Computing
Further Reading
Critical Thinking Exercises
Chapter 10 Asset Management
Types of Assets
Responsibilities for Assets
Inventory of Assets
Ownership of Assets
Acceptable Use of Assets
Information Classification and Handling
Classification Guidelines
Information Labeling and Handling
Information Classification (Categorization) Example
Further Reading
Critical Thinking Exercises
Chapter 11 Information Assurance Risk Management
Benefits of Risk Management
Risk Management Process
Background Planning
Asset Analysis
Threat Analysis
Vulnerability Analysis
Risk Identification
Risk Analysis
Risk Treatment
Monitoring Risk
Integration with Other Management Practices
Further Reading
Critical Thinking Exercises
Chapter 12 Information Assurance Policy
Importance of Policy
Policy and Other Governance Functions
Policy in Relation to Standards
Policy in Relation to Guidelines
Policy in Relation to Procedures
Policy Development Steps
Information Gathering
Policy Framework Definition
Policy Development
Review and Approval
Enforcement
Policy Layout
Further Reading
Critical Thinking Exercises
Chapter 13 Human Resource Assurance
Recruitment
Include Security in Job Scope/Description
Defined Level of Confidentiality or Sensitivity
Filling the Position
Use of Legal Documents to Protect Information
Employment
Supervisory Controls
Rotation of Duties
Monitoring and Privacy Expectations
Periodic Monitoring
Employee Training and Awareness
Disciplinary Process
Termination or Change of Employment
Further Reading
Critical Thinking Exercises
Chapter 14 Advantages of Certification, Accreditation, and Assurance
Concepts and Definitions
Purpose of Certification and Accreditation
Primary Roles for Supporting Certification and Accreditation
Certification and Accreditation Process
Certification Baselines
Considerations for Product Evaluation, Certification, and Accreditation
Further Reading
Critical Thinking Exercises
Part III Risk Mitigation Process
Chapter 15 Information Assurance in System Development and Acquisition
Benefits of Incorporating Security Considerations
Overview of the System Development Life Cycle
Information Assurance in the System Development Life Cycle
Information Assurance in the System or Service Acquisition Life Cycle
System Development
System Acquisition
Change Management
Configuration Management
Further Reading
Critical Thinking Exercises
Chapter 16 Physical and Environmental Security Controls
Benefits
Physical and Environmental Security Controls
Physical Security of Premises and Offices
Handling of Media
Management of Removable Media
Disposal of Media
Further Reading
Critical Thinking Exercises
Chapter 17 Information Assurance Awareness, Training, and Education (AT&E)
Purpose of the AT&E Program
Benefits of the AT&E Program
Design, Development, and Assessment of Programs
Types of Learning Programs
Information Assurance Awareness
Information Assurance Training
Information Assurance Education
Further Reading
Critical Thinking Exercises
Chapter 18 Preventive Information Assurance Tools
Preventive Information Assurance Tools
Content Filters
Cryptographic Protocols and Tools
Firewalls
Network Intrusion Prevention System
Proxy Servers
Public Key Infrastructure
Virtual Private Networks
Preventive Information Assurance Controls
Backups
Change Management and Configuration Management
IT Support
Media Controls and Documentation
Patch Management
Further Reading
Critical Thinking Exercises
Chapter 19 Access Control
Access Control: The Benefits
Access Control Types
Access Control Models
Access Control Techniques
Rule-Based Access Control
Access Control Matrix
Access Control Lists
Capability Tables
Constrained User Interfaces
Content-Dependent Access Control
Context-Dependent Access Control
Access Control Administration
Centralized Access Control Administration
Decentralized Access Control Administration
Further Reading
Critical Thinking Exercises
Part IV Information Assurance Detection and Recovery Processes
Chapter 20 Information Assurance Monitoring Tools and Methods
Intrusion Detection Systems
Host Intrusion Detection System
Network Intrusion Detection System
Log Management Tools
Security Information and Event Management (SIEM)
Honeypot/Honeynet
Malware Detection
Signature Detection
Change Detection
State Detection
Vulnerability Scanners
Vulnerability Scanner Standards
Host-Based Scanner
Network-Based Scanner
Database Vulnerability Scanner
Distributed Network Scanner
Penetration Test
External Penetration Test
Internal Penetration Test
Wireless Penetration Test
Physical Controls
Personnel Monitoring Tools
Network Surveillance
The Concept of Continuous Monitoring and Authorization
Further Reading
Critical Thinking Exercises
Chapter 21 Information Assurance Measurements and Metrics
Importance of Information Assurance Measurement
Information Assurance Measurement Process
Develop Measurements
Collect Data
Analyze and Report
Integrate Measurement Output
Improve Measurement Process
Importance of Information Assurance Metrics
Information Assurance Metrics Program
Data Collection Preparation
Data Collection and Analysis
Corrective Action Identification
Business Case Development
Corrective Action Applications
Further Reading
Critical Thinking Exercises
Chapter 22 Incident Handling
Importance of Incident Handling
Incident Reporting
Incident Handling Process
Phase 1: Preparation
Phase 2: Detection/Identification
Phase 3: Containment
Phase 4: Eradication
Phase 5: Recovery
Phase 6: Review
Further Reading
Critical Thinking Exercises
Chapter 23 Computer Forensics
Importance of Computer Forensics
Prerequisites of a Computer Forensic Examiner
Forensic Skills
Supplemental Forensic Skills
Rules of Computer Forensics
Chain of Custody
Computer Forensic Steps
Rules of Evidence
Computer Forensics Teams
Establishing a Computer Forensics Team
Further Reading
Critical Thinking Exercises
Chapter 24 Business Continuity Management
Importance of Business Continuity Management
Critical Success Factors for BCM Implementation
Business Continuity Management Processes
Stage 1: Recognize BCP Is Essential
Stage 2: Identify the Business Needs
Stage 3: Develop BCM Strategies
Stage 4: Developing and Implementing a BCM Response
Stage 5: Developing a BCM Culture
Stage 6: Execute, Test, Maintain, and Audit
Business Continuity in the Cloud
Further Reading
Critical Thinking Exercises
Chapter 25 Backup and Restoration
Importance of Backup
Backup Considerations
Backup Solutions
Media
Backup Infrastructure
Backup Software
Types of Backup
Scheduling
Retention
Tape Media
Administration
Restoration of Data
BYOD and Cloud Backups
Further Reading
Critical Thinking Exercises
Part V Application of Information Assurance to Select Industries
Chapter 26 Healthcare
Overview of Information Assurance Approach
Healthcare-Specific Terminology
Information Assurance Management
Personnel
Management Approach
Regulations and Legal Requirements
Information Assurance Risk Management
Assets
Threats
Vulnerabilities
Risk Assessment
Risk Mitigation
Policy, Procedures, Standards, and Guidance
Human Resources
Certification, Accreditation, and Assurance
Information Assurance in System Development and Acquisition
Physical and Environmental Security Controls
Awareness, Training, and Education
Access Control
Continuous Monitoring, Incident Response, and Forensics
Business Continuity and Backups
Further Reading
Critical Thinking Exercises
Chapter 27 Retail
Overview of the Information Assurance Approach
Information Assurance Management
Personnel
Management Approach
Regulations and Legal Requirements
Information Assurance Risk Management
Assets
Threats
Vulnerabilities
Risk Assessment
Risk Mitigation
Policy, Procedures, Standards, and Guidance
Human Resources
Certification, Accreditation, and Assurance
Information Assurance: System Development and Acquisition
Physical and Environmental Security Controls
Awareness, Training, and Education
Access Control
Continuous Monitoring, Incident Response, and Forensics
Business Continuity and Backups
Further Reading
Critical Thinking Exercises
Chapter 28 Industrial Control Systems
Overview of the Information Assurance Approach
Industrial Control–Specific Language
Information Assurance Management
Personnel
Management Approach
Regulations and Legal Requirements
Information Assurance Risk Management
Assets
Threats
Vulnerabilities
Risk Assessment
Risk Mitigation
Policy, Procedures, Standards, and Guidance
Certification, Accreditation, and Assurance
Human Resources
Information Assurance in System Development and Acquisition
Physical and Environmental Security Controls
Awareness, Training, and Education
Access Control
Continuous Monitoring, Incident Response, and Forensics
Business Continuity and Backups
Further Reading
Critical Thinking Exercises
Part VI Appendixes
A Suggestions for Critical Thinking Exercises
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
Chapter 17
Chapter 18
Chapter 19
Chapter 20
Chapter 21
Chapter 22
Chapter 23
Chapter 24
Chapter 25
Chapter 26
Chapter 27
Chapter 28
B Common Threats
Threat: Force Majeure
Threat: Deliberate Acts
Threat: Human Failure
Threat: Technical Failure
C Common Vulnerabilities
Vulnerability: Organizational Shortcomings
Vulnerability: Technical Shortcomings
Vulnerability: Procedural Shortcomings
D Sample Information Assurance Policy for Passwords
Password Policy
Password Expiration
Choosing an Effective Password
Other Common Precautions to Protect a Password
E Sample Risk Analysis Table
F Select Privacy Laws and Regulations by Country/Economy or State
G Information System Security Checklist
H References and Sources of Information
I List of Acronyms
Glossary
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
H References and Sources of Information
Next
Next Chapter
Glossary
APPENDIX
I
List of Acronyms
The following are common computer security and information assurance acronyms.
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset