book

Foundations of Information Security

by Jason Andress

October 2019

Beginner

248 pages

7h 7m

English

No Starch Press

Read now

Unlock full access

Who Should Read This Book?About This Book
Defining Information SecurityWhen Are You Secure?Models for Discussing Security IssuesAttacksDefense in DepthSummaryExercises

IdentificationAuthenticationCommon Identification and Authentication MethodsSummaryExercises
What Are Access Controls?Implementing Access ControlsAccess Control ModelsPhysical Access ControlsSummaryExercises
AccountabilitySecurity Benefits of AccountabilityAuditingSummaryExercises
The History of CryptographyModern Cryptographic ToolsProtecting Data at Rest, in Motion, and in UseSummaryExercises
What Is Compliance?Achieving Compliance with ControlsMaintaining ComplianceLaws and Information SecurityAdopting Frameworks for ComplianceCompliance amid Technological ChangesSummaryExercises
The Operations Security ProcessLaws of Operations SecurityOperations Security in Our Personal LivesOrigins of Operations SecuritySummaryExercises
Gathering Information for Social Engineering AttacksTypes of Social Engineering AttacksBuilding Security Awareness with Security Training ProgramsSummaryExercises
Identifying Physical ThreatsPhysical Security ControlsProtecting PeopleProtecting DataProtecting EquipmentSummaryExercises
Protecting NetworksProtecting Network TrafficNetwork Security ToolsSummaryExercises
Operating System HardeningProtecting Against MalwareOperating System Security ToolsSummaryExercises
Mobile SecurityEmbedded SecurityInternet of Things SecuritySummaryExercises
Software Development VulnerabilitiesWeb SecurityDatabase SecurityApplication Security ToolsSummaryExercises
Vulnerability AssessmentPenetration TestingDoes This Really Mean You’re Secure?SummaryExercises

Content preview from Foundations of Information Security

4AUDITING AND ACCOUNTABILITY

When you’ve successfully gone through the identification, authentication, and authorization processes (or even while you’re still completing them), you need to keep track of the activities taking place in your organization. Even after you’ve allowed a party access to your resources, you still need to ensure that they behave in accordance with your rules, particularly those relating to security, business conduct, and ethics. Essentially, you need to make sure you can hold users of your systems accountable (Figure 4-1).

Figure 4-1: You should always hold users accountable.

Holding someone accountable means making sure ...