Book description
Fundamentals of Information Systems Security, Fourth Edition provides a comprehensive overview of the essential concepts readers must know as they pursue careers in information systems security.
Table of contents
- Cover
- Title Page
- Copyright Page
- Dedication Page
- Contents
- Preface
- New to This Edition
- Acknowledgments
- The Authors
- CHAPTER 1 Information Systems Security
-
CHAPTER 2 Emerging Technologies Are Changing How We Live
- Evolution of the Internet of Things
- Converting to a Tcp/Ip World
- IoT’s Impact on Human and Business Life
- Evolution from Brick and Mortar to E-Commerce
- Why Businesses Must Have an Internet and IoT Marketing Strategy
- IP Mobility
- Mobile Applications
- New Challenges Created by the IoT
- Chapter Summary
- Key Concepts and Terms
- Chapter 2 Assessment
-
CHAPTER 3 Risks, Threats, and Vulnerabilities
- Risk Management and Information Security
- The Risk Management Process
- IT and Network Infrastructure
- Who Are the Perpetrators?
- Risks, Threats, and Vulnerabilities in an IT Infrastructure
- What Is a Malicious Attack?
- What Are Common Attack Vectors?
- The Importance of Countermeasures
- Chapter Summary
- Key Concepts and Terms
- Chapter 3 Assessment
-
CHAPTER 4 Business Drivers of Information Security
- Risk Management’s Importance to the Organization
- Understanding the Relationship between a BIA, a BCP, and a DRP
- Assessing Risks, Threats, and Vulnerabilities
- Closing the Information Security Gap
- Adhering to Compliance Laws
- Keeping Private Data Confidential
- Mobile Workers and Use of Personally Owned Devices
- Chapter Summary
- Key Concepts and Terms
- Chapter 4 Assessment
- CHAPTER 5 Networks and Telecommunications
-
CHAPTER 6 Access Controls
- Four-Part Access Control
- Two Types of Access Controls
- Authorization Policies
- Methods and Guidelines for Identification
- Processes and Requirements for Authentication
- Policies and Procedures for Accountability
- Formal Models of Access Control
- Effects of Breaches in Access Control
- Threats to Access Controls
- Effects of Access Control Violations
- Credential and Permissions Management
- Centralized and Decentralized Access Control
- Chapter Summary
- Key Concepts and Terms
- Chapter 6 Assessment
-
CHAPTER 7 Cryptography
- What Is Cryptography?
- Business and Security Requirements for Cryptography
- Cryptographic Principles, Concepts, and Terminology
- Types of Ciphers
- Symmetric and Asymmetric Key Cryptography
- Keys, Keyspace, and Key Management
- Digital Signatures and Hash Functions
- Cryptographic Applications and Uses in Information System Security
- Principles of Certificates and Key Management
- Chapter Summary
- Key Concepts and Terms
- Chapter 7 Assessment
-
CHAPTER 8 Malicious Software and Attack Vectors
- Characteristics, Architecture, and Operations of Malicious Software
- The Main Types of Malware
- A Brief History of Malicious Code Threats
- Threats to Business Organizations
- Anatomy of an Attack
- Attack Prevention Tools and Techniques
- Intrusion Detection Tools and Techniques
- Chapter Summary
- Key Concepts and Terms
- Chapter 8 Assessment
-
CHAPTER 9 Security Operations and Administration
- Security Administration
- Compliance
- Professional Ethics
- The Infrastructure for an IT Security Policy
- Data Classification Standards
- Configuration Management
- The Change Management Process
- Application Software Security
- Software Development and Security
- Chapter Summary
- Key Concepts and Terms
- Chapter 9 Assessment
-
CHAPTER 10 Auditing, Testing, and Monitoring
- Security Auditing and Analysis
- Defining the Audit Plan
- Auditing Benchmarks
- Audit Data Collection Methods
- Post-Audit Activities
- Security Monitoring
- Types of Log Information to Capture
- How to Verify Security Controls
- Monitoring and Testing Security Systems
- Chapter Summary
- Key Concepts and Terms
- Chapter 10 Assessment
- CHAPTER 11 Contingency Planning
- CHAPTER 12 Digital Forensics
-
CHAPTER 13 Information Security Standards
-
Standards Organizations
- National Institute of Standards and Technology
- International Organization for Standardization
- International Electrotechnical Commission
- World Wide Web Consortium
- Internet Engineering Task Force
- Institute of Electrical and Electronics Engineers
- International Telecommunication Union Telecommunication Sector
- American National Standards Institute
- European Telecommunications Standards Institute Cyber Security Technical Committee
- ISO 17799 (Withdrawn)
- Chapter Summary
- Key Concepts and Terms
- Chapter 13 Assessment
-
Standards Organizations
- CHAPTER 14 Information Security Certifications
-
CHAPTER 15 Compliance Laws
- Compliance Is the Law
- Federal Information Security
- The Health Insurance Portability and Accountability Act (HIPAA)
- The Gramm-Leach-Bliley Act
- The Sarbanes-Oxley Act
- The Family Educational Rights and Privacy Act
- The Children’s Online Privacy Protection Act of 1998
- The Children’s Internet Protection Act
- Payment Card Industry Data Security Standard
- General Data Protection Regulation
- California Consumer Privacy Act
- Making Sense of Laws for Information Security Compliance
- Chapter Summary
- Key Concepts and Terms
- Chapter 15 Assessment
- APPENDIX A Answer Key
- APPENDIX B Standard Acronyms
- APPENDIX C Earning the CompTIA Security+ Certification
- Glossary of Key Terms
- References
- Index
Product information
- Title: Fundamentals of Information Systems Security, 4th Edition
- Author(s):
- Release date: December 2021
- Publisher(s): Jones & Bartlett Learning
- ISBN: 9781284220742
You might also like
book
Fundamentals of Information Systems Security, 3rd Edition
Revised and updated with the latest data in the field, Fundamentals of Information Systems Security, Third …
book
Computer and Information Security Handbook, 3rd Edition
Computer and Information Security Handbook, Third Edition, provides the most current and complete reference on computer …
book
Cyber Security, 2nd Edition
Cyber security has never been more essential than it is today, it’s not a case of …
book
Computer Security Fundamentals, 5th Edition
ONE-VOLUME INTRODUCTION TO COMPUTER SECURITY Clearly explains core concepts, terminology, challenges, technologies, and skills Covers today's …