Book description
PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES!
Access control protects resources against unauthorized viewing, tampering, or destruction. They serve as a primary means of ensuring privacy, confidentiality, and prevention of unauthorized disclosure. The first part of Access Control, Authentication, and Public Key Infrastructure defines the components of access control, provides a business framework for implementation, and discusses legal requirements that impact access contol programs. It then looks at the risks, threats, and vulnerabilities prevalent in information systems and IT infrastructures and how to handle them. The final part is a resource for students and professionals which disucsses putting access control systems to work as well as testing and managing them.
Table of contents
- Copyright
- Preface
- Acknowledgments
-
ONE. The Need for Access Control Systems
- 1. Access Control Framework
-
2. Assessing Risk and Its Impact on Access Control
- Definitions and Concepts
- Threats and Vulnerabilities
- Value, Situation, and Liability
- Case Studies and Examples
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 2 ASSESSMENT
-
3. Business Drivers for Access Controls
- Business Requirements for Asset Protection
- Classification of Information
- Competitive Use of Information
- Business Drivers
- Controlling Access and Protecting Value
- Examples of Access Control Successes and Failures in Business
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 3 ASSESSMENT
- ENDNOTES
-
4. Access Control Policies, Standards, Procedures, and Guidelines
-
U.S. Compliance Laws and Regulations
- Gramm-Leach-Bliley Act (GLBA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Sarbanes-Oxley (SOX) Act
- Family Educational Rights and Privacy Act (FERPA)
- Children's Internet Protection Act (CIPA)
- 21 CFR Part 11
- North American Electric Reliability Council (NERC)
- Homeland Security Presidential Directive 12 (HSPD 12)
- Access Control Security Policy Best Practices
- IT Security Policy Framework
- Examples of Access Control Policies, Standards Procedures, and Guidelines
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 4 ASSESSMENT
- ENDNOTE
-
U.S. Compliance Laws and Regulations
-
5. Unauthorized Access and Security Breaches
- Deterring Information Theft
- Cost of Inadequate Front-Door and First-Layer Access Controls
- Access Control Failures
- Security Breaches
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 5 ASSESSMENT
-
TWO. Mitigating Risk with Access Control Systems, Authentication, and PKI
-
6. Mapping Business Challenges to Access Control Types
- Mapping Business Challenges to Types of Control
- Solving Business Challenges with Access Control Strategies
- Case Studies and Examples of Access Control Systems That Uniquely Solve Business Challenges
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 6 ASSESSMENT
-
7. Human Nature and Organizational Behavior
- The Human Element
- Organizational Structure
- Job Rotation and Position Sensitivity
- Requirement for Periodic Vacation
- Separation of Duties
- Responsibilities of Access Owners
- Training Employees
- Ethics
- Best Practices for Handling Human Nature and Organizational Behavior
- Case Studies and Examples of Access Control Systems That Uniquely Solve Business Challenges
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 7 ASSESSMENT
-
8. Access Control for Information Systems
- Access Control for Data
- Access Control for File Systems
- Access Control for Executables
- Microsoft Windows Workstations and Servers
- UNIX and Linux
- Supervisory Control and Data Acquisition (SCADA) and Process Control Systems
- Best Practices for Access Controls for Information Systems
- Case Studies and Examples of Access Control Solutions That Uniquely Solve Business Challenges
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 8 ASSESSMENT
-
9. Physical Security and Access Control
- Physical Security
- Designing a Comprehensive Plan
- Biometric Access Control Systems
- Technology-Related Access Control Solutions
- Outsourcing Physical Security—Pros and Cons
- Best Practices for Physical Access Controls
- Case Studies and Examples of Physical Security and Access Control Systems That Uniquely Solve Business Challenges
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 9 ASSESSMENT
-
10. Access Control in the Enterprise
- Access Control Lists (ACLs) and Access Control Entries (ACEs)
- Access Control Models
- Authentication Factors
- Kerberos
- Network Access Control
- Wireless IEEE 802.11 LANs
- Single Sign-On (SSO)
- Best Practices for Handling Access Controls in an Enterprise Organization
- Case Studies and Examples of Enterprise Access Control Solutions That Uniquely Solve Business Challenges
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 10 ASSESSMENT
- ENDNOTES
-
6. Mapping Business Challenges to Access Control Types
-
THREE. Implementing, Testing, and Managing Access Control Systems
-
11. Access Control System Implementations
- Transforming Access Control Policies and Standards into Procedures and Guidelines
- Identity Management and Access Control
- Size and Distribution of Staff and Assets
- Multilayered Access Control Implementations
-
Access Controls for Employees, Remote Employees, Customers, and Business Partners
- Remote Virtual Private Network (VPN) Access—Remote Employees and Workers
- Intranets—Internal Business Operations and Communications
- Extranets—External Supply Chains, Business Partners, Distributors, and Resellers
- Secure E-commerce Portals with Minimum SSL 128-Bit Encryption Web Portals
- Secure Online Banking Access Control Implementations
- Encryption—Minimum SSL 128-Bit Encryption Web Portal
- Logon/Password Access
- Identification Imaging and Authorization
- Best Practices for Access Control Implementations
- Case Studies and Examples of Access Control Implementations That Uniquely Solve Business Challenges
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 11 ASSESSMENT
- ENDNOTES
-
12. Access Control Solutions for Remote Workers
- Growth in Mobile Work Force
- Remote Access Methods and Techniques
- Access Protocols to Minimize Risk
- Remote Authentication Protocols
- Virtual Private Networks (VPNs)
- Web Authentication
- Best Practices for Remote Access Controls to Support Remote Workers
- Case Studies and Examples of Remote Access Control Solutions That Uniquely Solve Business Challenges
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 12 ASSESSMENT
-
13. Public Key Infrastructure and Encryption
- Public Key Infrastructure (PKI)
- Ensuring Integrity, Confidentiality, Authentication, and Non-Repudiation
- What PKI Is and What It Is Not
- What Are the Potential Risks Associated with PKI?
- Implementations of Business Cryptography
- Certificate Authorities (CA)
- Best Practices for PKI Use Within Large Enterprises and Organizations
- Case Studies and Examples of PKI Use Within Large Organizations to Uniquely Solve Business Challenges
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 13 ASSESSMENT
-
14. Testing Access Control Systems
- Purpose of Testing Access Control Systems
- Software Development Life Cycle and the Need for Testing Software
- Security Development Life Cycle and the Need for Testing Security Systems
-
Information Security Activities
- Requirements Definition—Testing the Functionality of the Original Design
- Development of Test Plan and Scope
- Selection of Penetration Testing Teams
- Performing the Access Control System Penetration Test
- Preparing the Final Test Report
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 14 ASSESSMENT
-
15. Access Control Assurance
- What Is Information Assurance?
- How Can Information Assurance Be Applied to Access Control Systems?
- What Are the Goals of Access Control System Monitoring and Reporting?
- What Checks and Balances Can Be Implemented?
- Audit Trail and Audit Log Management and Parsing
- Audit Trail and Audit Log Reporting Issues and Concerns
- Security Information and Event Management (SIEM)
- Best Practices for Performing Ongoing Access Control System Assurance
- Case Studies and Examples of Access Control System Assurance Strategies to Solve Business Challenges
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 15 ASSESSMENT
- ENDNOTES
-
11. Access Control System Implementations
- A. Answer Key
- B. Standard Acronyms
- Glossary of Key Terms
- References
Product information
- Title: Access Control, Authentication, and Public Key Infrastructure
- Author(s):
- Release date: October 2010
- Publisher(s): Jones & Bartlett Learning
- ISBN: 9780763791292
You might also like
book
Access Control, Authentication, and Public Key Infrastructure, 2nd Edition
PART OF THE JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES Series meets all …
book
Network Security, Firewalls, and VPNs
PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES! Network Security, …
book
PKI Uncovered: Certificate-Based Security Solutions for Next-Generation Networks
The only complete guide to designing, implementing, and supporting state-of-the-art certificate-based identity solutions with PKI Layered …
book
Securing the Perimeter: Deploying Identity and Access Management with Free Open Source Software
Leverage existing free open source software to build an identity and access management (IAM) platform that …