Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by Michael Workman, John N Gathegi, Daniel C Phelps
Information Security for Managers
Cover
Title Page
Copyright
Contents
Preface
Section One What Should Managers Know About Security Policies and Procedures?
Chapter 1 Introduction to Information Security
Technological and Behavioral Security Issues
Organizational Governance
Security, Cyber Crime, and Costs
Management Duties, Responsibilities, and Threats
Assessing and Planning
Financial Evaluations
Attacks, Monitoring, and Recovery
Reasons Why “They” Attack “Us”
Chapter 2 Corporations and the Rule of Law
Legal Organizational Structure
Accountability, Responsibility, and Law
Roles of Corporate Trust and Regulation
Formal Project Undertakings
Power and Organizational Structure
Fiduciary Responsibilities
Fiduciary Duties and Legal Ethics
Law and Ethics Intersection
Legal and Ethical Consciousness
Law and Enforceable Security Policies
Enforceable Security Policies
People and Policies—The Weakest Link
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 3 Management, Security Law, and Policies
The Management Discipline
Management Initiatives and Security
Information Security Management
Information Security Management Life Cycle
Security Law and Cyber Knowledge Work
Security, Employment Law, and Policies
Virtual Work, Security, and Privacy
Intellectual Property Law
Trade Secrets
Patents
Copyrights
Employee Surveillance and Privacy
Video Surveillance
Privacy and Policy
Surveillance and Organizational Justice
Cyber Law and Cyber Crime
International, Federal, and State Cyber Law
Employee Behavior and Cyber Law
Corporate Espionage
Forensics
What Constitutes Evidence?
Cyber Crime Evidence
Cyber Law and Cyber Crime Issues
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 4 Security Regulations and Governance
Governance and U.S. Regulations
Gramm-Leach-Bliley Act (GLBA)
U.S. Fair and Accurate Credit Transactions Act (FACTA)
U.S. Sarbanes–Oxley Act (SOX)
OMB Circular A-123 (Revised)
Government Information Security Reform Act of 2000
HIPAA and Health Insurance Reform
Non-U.S. and International Governance
U.K. Combined Code on Corporate Governance
CCCG and Turnbull Guidance
Basel II
U.K. Data Protection Act
European Union and Other Privacy Protections
Canadian PIPEDA
Asian APEC Data Privacy Subgroup
Management and Governance
Governance and Security Programs
Enactment of Security Programs
Analyzing the Problem and Managing IT
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 5 Security Programs: Risk Assessment and Management
Risk Assessment and Management Overview
Security Program Overview
Risk Assessment Overview
Risk Mitigation Overview
Risk Determination and Control Frameworks
ITIL / ITSM
COBIT
ISO 27K IT Security Control Selection
NIST 800-53
Risk Management Frameworks
Octave
NIST 800-30
Using Frameworks for Implementing Plans
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 6 Managing Organizations Securely
Security Management Overview
Information and Systems Security Infrastructure
Information Assets: Classification and Architecture
Security Policies and Models
Stances and Countermeasures
Risk Assessment and Management
Risks and Countermeasures
Hoping for the Best, Planning for the Worst
Trusted Computing Base Versus Common Criteria
Evaluation and Certification
Monitoring and Security Policies
Monitoring as a Policy
Information Collection and Storage
Monitoring and Organizational Justice
Surveillance and Trust
Chapter Summary
Think About It
Key Concepts and Terms
Section Two Technology Orientation for Managers
Chapter 7 Data, Information, and Systems
Information Systems
The Nature of Data and Information
IS Operations, Tactics, and Strategies
Information Integration and Exchange
Databases
Relational Databases
Relational Databases and Maintaining Data Integrity
Data Warehouses
Extract-Transform-Load (ETL)
Distributed Systems and Information
Globalization and Information Exchange
Distributed Systems Architecture
Markup: HTML and XML
Parsing Markup
RDF and Ontology Markup
Active Semantic Systems
Agent Frameworks and Semantic Fusion
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 8 Programming Concepts
Program Creation
Programming Logic and Syntax
Operations, Expressions, and Tasks
Software Construction
Code-Level Design: Coupling
Code-Level Design: Cohesion
Rapid Application Development Tools
IDE, Wizards, and Toolkits
Native Programming Environments
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 9 Applications Programming
Object-Oriented Software
Objects and Object Features
The Nature of Software Objects
Abstractions and Complex Data Types
Object Composition
OOP and Applications
Database Interaction
SQL Overview
Software and RDBMS Concurrency
Distributed Systems
Web Applications
Web Application Processing
JAVA Servlets
Distributed Web-Based Systems
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 10 Computer Operating Systems
Operating Systems: An Introduction
Systems and Software
What Do OS Do?
Windows and UNIX (Linux)
Digital Architecture
Hardware Components
Binary Logic and Computer Hardware
Hardware Logic and Software Instructions
UNIX-Based Operating System Functions
OS Features
UNIX-Based (Including Linux and MAC/OS) Processes
The UNIX-Based File System
Disk Memory Management
UNIX System Input–Output (I/O) and Device Drivers
Microsoft Windows Operating System
Windows as a Reference Example
Windows Microkernel, Memory, and I/O Management
Windows Processes and Security Management
Microsoft Registry
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 11 Networks and Addressing
The ISO/OSI and TCP/IP
Layered Architecture
Inter-Networking
Packet and Circuit Switching
Network Topologies
Devices and Addressing
IP Addressing
Subnetworks
IPv4 Versus IPv6
IPv6 Address Groupings and Uses
IPv6 Address Configuration
Network Connections Summarized
Data Link Layer Connectivity
Communications Facilities
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 12 Protocols and Routing
Link-Point Networking
Physical Connections
Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
Transiting Data: Egress and Ingress
Internet Control Message Protocol (ICMP)
Encapsulation and the TCP/IP Protocol Stack
Headers and Name Resolution
Address Resolution Protocol (ARP)
End-Point Networking
Services and Sockets
Transport and Sessions
Applications Layer Protocols
Routing Data
Routes and Route Tables
Routing Protocols
Chapter Summary
Think About It
Key Concepts and Terms
Section Three Computer and Network Security
Chapter 13 Information Systems Security
Social Interactions and Security Implications
Mobility and Threats
Distributed Work and Threats
Interconnectivity and Threats
Security Countermeasures and Complications
Broad Attack Classifications and Examples
Information System Attack Examples
Social Engineering Attack Examples
Mobile Device Attack Examples
Infosec
Threat Awareness and Risk Management
Administrative, Technical, and Physical Controls
Managing Organization Members Securely
Perceptions of Control and Security
Sins of Omission
Sins of Commission
Social Influences and Legalistic Perceptions
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 14 Computer Security
Hosts and Security—A Windows Example
Microsoft Active Directory
Windows Security Access Controls
Windows Service and Process Security
Access Management Framework in Windows
Windows Version Security Differences
Getting Past OS Security Features
Circumventing Security (in Windows and Other OS)
Host Attack Classifications and Examples
Monitoring Attacks—Tools of the Trade
Monitoring Host Attacks
Intrusion Detection Systems
Assessing Systems Security
Assessing the Information and System
Vulnerability Testing
Test Reports and Recommendations
Hardening Systems
Ensuring a Trusted Configuration
Password Protections
User Authentication
Biometrics
Biometrics Acceptance
Biometric Security Process and Information Protection
Biometrics and Errors
Biometric Errors and Technology
Biometric Frontiers in Computer Security
Secure Software and Systems SDLC
Secure Systems Development
Configuration Management
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 15 Network Security
Protecting Networks from Being Undermined
Threats and Network Security
Attacks and Tools
Some Attack Classifications and Examples
Know Thy Enemy’s Modus Operandi
Reconnaissance and Attack Preparations
Enumeration
Sorting Out the Targets and Gaining a Foothold
Target Exploitation
Network Security Issues—Link to Link
Connection Layer Security Issues
Link Layer Security Issues
ARP, Neighbor Discovery, and Poisoning
Internet Layer Security Issues
Network Security Issues—End to End
ICMP Security Issues
Layer 4 (TCP/UDP) Security Issues
Port Attacks and SYN Floods
Network Countermeasures
Limiting and Controlling Information Releases
Protecting Zone Transfers and Thwarting DNS Spoofing
Using Proxies and VPNs
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 16 Cryptography Uses and Firewalls
Cryptography in Use
Who Knows Whom: X.509 Certificates
IPSec Implementation
IPSec Example
SSL/TLS
Virtual Private Networks (VPNs)
Firewall Systems
Stateless Screening Filters
Stateful Packet Inspection
Circuit Gateway Firewalls
Application-Layer Firewall
Bastion Hosts
Firewall Architecture
“Belt and Braces” Architecture
Screened Subnet Architecture
Ontology-Based Architecture
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 17 Cryptography—And How IT Works
Cryptography Overview
Cryptographic Concepts
Generating a Simple Cipher Code
Breaking a Simple Cipher Code
Ciphertext Dissection and “S” Boxes
Cryptography and Security Goals
Symmetric Cryptography
Symmetric Ciphers and Keys
Substitution, Transposition, and Permutation
Modern Symmetric Ciphers
Key Issues with Symmetric Cryptography
Asymmetric Cryptography
Public Keys and Asymmetric Cryptography
Beyond Encrypting Messages
Key Distribution and PKI
Public Key Algorithms: RSA as an Example
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 18 Web Applications Security
Web-Based Versus Web-Enabled Applications
A Definition of Web Applications
Client-Server Web Applications and Security
Web Services and Cloud Computing
Securing Web Servers
Web Application Threats
Protections for Web Servers
Authentication
Password Protections
Authorization
Input Validation
Session Management
Web Services and Security
Protecting Web Content
Chapter Summary
Think About It
Key Concepts and Terms
Section Four Managing Organizations Securely
Chapter 19 Configuration Management
CM and Computer Security Procedures
CM and Management Frameworks
Managing Configurations
Security Configuration Management
Security Management
Security Management Planning—System Level
Configuring to a Secure State
Managed Enterprises
Checklist Groups
Extended Guidelines
DISA STIGs
Private Industry Baseline Security
Center for Internet Security Benchmarks
Maintaining the Secure State
Controlling Changes
Conducting a Security Impact Analysis
Certification and Accreditation
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 20 Operations
Maintaining Operations
The SDLC and Security
Planning: Failures Are a Rule, Not an Exception
Maintaining Operational Capabilities
Operational Continuity
Monitoring Systems and Networks
Auditing Systems and Networks
Operations Centers and Contingencies
Cloud Computing
Security Incidents
Handling Inevitable Incidents
Reporting Security Incidents
Collecting and Preserving Evidence
Computer Forensics and the Law
Cyber Stalking and Harassment Incidents
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 21 Managing Security Behavior
Organizational Behavior
Behavior and Control
Behavior Modification
Organizational Security Behaviors
Malicious Outsiders
Malicious Insiders
Non-malicious Unintentional Insider Omission
Non-malicious Intentional Insider Omission
Management of Omission Behaviors
Responding to the Unintentional Omission
Responding to the Intentional Omission
Leading by Example
Contravention Behaviors, Theory, and Research
Attacker Motivation, Personality, and Behavior Theory
Entertainment and Status
Ideology and Social Acceptance
Neuroticism, Impulse, and Exploitation
Management of Contravention Behaviors
Responding to the Outside Attacker
Responding to the Inside Attacker
Ethics and Employee Attitudes Toward the Law
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 22 Modeling and Predicting Attacks
Game Theory and Predictive Models
Inductive Predictions
Deductive Predictions
Game Theory and Attack Modeling
Reasoning and Inference
Reasoning Systems
Ontology and Epistemology
Inference and the Ontological to Epistemic Transformation
Heuristics and Decision Systems
Reasoning: Discrete Versus Equivocal Problems
Synthetic Heuristics
Issues with Synthetic Heuristic Systems
Combining Techniques
Heuristic Biases and Security Planning
Decisions, Naïve Theories, and Biases
Interactions of Biases and Framing Effects
Biases, Framing Effects, and Security Decisions
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 23 Adaptive Systems Security
Biologically Inspired Security
Self-Healing Systems
Damage and Danger
Trusted Security Kernels
Social Systems
Socially Inspired Security
Social Systems and Security Adaptation
Collective Agency, Availability, and Integrity
Socio-Biologically Inspired Security Systems
Novelty as Potential Danger
Socio-Biological Behavior as Goal-Directed Behavior
Adaptive Synthetic Systems
Challenges for Mobile Networks and Adaptive Systems
Chapter Summary
Think About It
Key Concepts and Terms
Chapter 24 Security Horizons: Issues for Managers
Localized Security Issues
The Changing Technology, Security, and Attack Landscape
Advanced Technologies, Threats, and Attacks
Security, Processes, and Priorities
Security, Situations, and Behavior
Biometric Trends
Political and Behavioral Issues in Security
Legislation and Global Security
Globalization and Information Exposure
Security and Ethical Governing
Chapter Summary
Think About It
Key Concepts and Terms
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Title Page
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset