Book description
PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES!
Fundamentals of Information System Security provides a comprehensive overview of the essential concepts readers must know as they pursue careers in information systems security. The text opens with a discussion of the new risks, threats, and vulnerabilities associated with the transformation to a digital world, including a look at how business, government, and individuals operate today. Part 2 is adapted from the Official (ISC)2 SSCP Certified Body of Knowledge and presents a high-level overview of each of the seven domains within the System Security Certified Practitioner certification. The book closes with a resource for readers who desire additional material on information security standards, education, professional certifications, and compliance laws. With its practical, conversational writing style and step-by-step examples, this text is a must-have resource for those entering the world of information systems security.
Instructor Materials for Fundamentals of Information System Security include:
PowerPoint Lecture Slides
Exam Questions
Case Scenarios/Handouts
.
Table of contents
- Copyright
- Letter from (ISC)2 Executive Director W. Hord Tipton
- Preface
- Acknowledgments
- About the Authors
-
ONE. The Need for Information Security
-
1. Information Systems Security
- Information Systems Security
- Tenets of Information Systems Security
- The Seven Domains of a Typical IT Infrastructure
- Weakest Link in the Security of an IT Infrastructure
- IT Security Policy Framework
- Data Classification Standards
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 1 ASSESSMENT
-
2. Changing How People and Businesses Communicate
- Evolution of Voice Communications
- VoIP and SIP Risks, Threats, and Vulnerabilities
- Converting to a TCP/IP World
- Multimodal Communications
- Evolution from Brick-and-Mortar to e-Commerce
- Why Businesses Today Need an Internet Marketing Strategy
- The Web Effect on People, Businesses, and Other Organizations
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 2 ASSESSMENT
-
3. Malicious Attacks, Threats, and Vulnerabilities
- Malicious Activity on the Rise
- What Are You Trying to Protect?
- Whom Are You Trying to Catch?
- Attack Tools
- What Is a Security Breach?
- What Are Vulnerabilities and Threats?
- What Is a Malicious Attack?
- What Is Malicious Software?
- What Are Countermeasures?
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 3 ASSESSMENT
- 4. The Drivers of the Information Security Business
-
1. Information Systems Security
-
TWO. The Systems Security Certifies Practitioner (SSCP®) Professional Certification from (ISC)2
-
5. Access Controls
- The Four Parts of Access Control
- The Two Types of Access Control
- Defining an Authorization Policy
- Identification Methods and Guidelines
- Authentication Processes and Requirements
- Accountability Policies and Procedures
-
Formal Models of Access Control
- Discretionary Access Control (DAC)
- Mandatory Access Control (MAC)
- Non-Discretionary Access Control
- Rule-Based Access Control
- Access Control Lists (ACLs)
- Role Based Access Control (RBAC)
- Content-Dependent Access Control
- Constrained User Interface
- Other Access Control Models
- Effects of Breaches in Access Control
- Threats to Access Controls
- Effects of Access Control Violations
- Centralized and Decentralized Access Control
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 5 ASSESSMENT
-
6. Security Operations and Administration
- Security Administration
- Compliance
- Professional Ethics
- The Infrastructure for an IT Security Policy
- Data Classification Standards
- Configuration Management
- The Change Management Process
- The System Life Cycle (SLC) and System Development Life Cycle (SDLC)
- Software Development and Security
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 6 ASSESSMENT
-
7. Auditing, Testing, and Monitoring
- Security Auditing and Analysis
- Defining Your Audit Plan
- Auditing Benchmarks
- Audit Data–Collection Methods
- Post-Audit Activities
- Security Monitoring
- Types of Log Information to Capture
- How to Verify Security Controls
- Monitoring and Testing Security Systems
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 7 ASSESSMENT
-
8. Risk, Response, and Recovery
- Risk Management and Information Security
- The Process of Risk Management
- Risk Analysis
- Two Approaches: Quantitative and Qualitative
- Developing a Strategy for Dealing with Risk
- Evaluating Countermeasures
- Controls and Their Place in the Security Life Cycle
- Planning to Survive
- Backing Up Data and Applications
- Steps to Take in Handling an Incident
- Recovery from a Disaster
- Primary Steps to Disaster Recovery
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 8 ASSESSMENT
-
9. Cryptography
- What Is Cryptography?
- Business and Security Requirements for Cryptography
- Cryptographic Applications and Uses in Information System Security
- Cryptographic Principles, Concepts, and Terminology
- Cryptographic Applications, Tools, and Resources
- Principles of Certificates and Key Management
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 9 ASSESSMENT
- 10. Networks and Telecommunications
-
11. Malicious Code and Activity
- Characteristics, Architecture, and Operations of Malicious Software
- The Main Types of Malware
- A Brief History of Malicious Code Threats
- Threats to Business Organizations
- Anatomy of an Attack
- Attack Prevention Tools and Techniques
- Incident Detection Tools and Techniques
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 11 ASSESSMENT
-
5. Access Controls
-
THREE. Information Security Standards, Education, Certifications, and Laws
-
12. Information Security Standards
- Standards Organizations
- ISO 17799
- ISO/IEC 27002
- PCI DSS
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 12 ASSESSMENT
- 13. Information Security Education and Training
- 14. Information Security Professional Certifications
-
15. U.S. Compliance Laws
- Compliance and the Law
- The Federal Information Security Management Act
- The Health Insurance Portability and Accountability Act
- The Gramm-Leach-Bliley Act
- The Sarbanes-Oxley Act
- The Family Educational Rights and Privacy Act
- The Children's Internet Protection Act
- Making Sense of Laws for Information Security Compliance
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 15 ASSESSMENT
- ENDNOTES
-
12. Information Security Standards
- A. Answer Key
- B. Standard Acronyms
- C. Become an SSCP®
- D. SSCP® Practice Exam
- Glossary of Key Terms
- References
Product information
- Title: Fundamentals of Information Systems Security
- Author(s):
- Release date: November 2010
- Publisher(s): Jones & Bartlett Learning
- ISBN: 9781449629465
You might also like
book
Fundamentals of Information Systems Security, 3rd Edition
Revised and updated with the latest data in the field, Fundamentals of Information Systems Security, Third …
book
Fundamentals of Information Systems Security, 4th Edition
Fundamentals of Information Systems Security, Fourth Edition provides a comprehensive overview of the essential concepts readers …
book
Information Security Handbook
Implement information security effectively as per your organization's needs. About This Book Learn to build your …
book
The Basics of Information Security, 2nd Edition
As part of the Syngress Basics series, The Basics of Information Security provides you with fundamental …