Book description
This new text provides students the knowledge and skills they will need to compete for and succeed in the information security roles they will encounter straight out of college. This is accomplished by providing a hands-on immersion in essential system administration, service and application installation and configuration, security tool use, TIG implementation and reporting.
It is designed for an introductory course on IS Security offered usually as an elective in IS departments in 2 and 4 year schools. It is not designed for security certification courses.
Table of contents
- Cover Page
- Wiley's Digital Advantage
- Title Page
- Copyright
- Table of Contents
- List of Figures
- Preface
-
CHAPTER 1: Introduction
- Overview
- Professional utility of information security knowledge
- Brief history
- Definition of information security
- SUMMARY
- EXAMPLE CASE–WIKILEAKS, CABLEGATE, AND FREE REIGN OVER CLASSIFIED NETWORKS
- REFERENCES
- CHAPTER REVIEW QUESTIONS
- EXAMPLE CASE QUESTIONS
- HANDS-ON ACTIVITY–SOFTWARE INSPECTOR, STEGANOGRAPHY
- CRITICAL THINKING EXERCISE: IDENTIFYING CIA AREA(S) AFFECTED BY SAMPLE REAL-LIFE HACKING INCIDENTS
- DESIGN CASE
-
CHAPTER 2: System Administration (Part 1)
- Overview
- Introduction
- What is system administration?
- System administration and information security
- Common system administration tasks
- System administration utilities
- SUMMARY
- EXAMPLE CASE–T.J. MAXX
- REFERENCES
- CHAPTER REVIEW QUESTIONS
- EXAMPLE CASE QUESTIONS
- HANDS-ON ACTIVITY–LINUX SYSTEM INSTALLATION
- CRITICAL THINKING EXERCISE–GOOGLE EXECUTIVES SENTENCED TO PRISON OVER VIDEO
- REFERENCES
- CRITICAL THINKING QUESTIONS
- DESIGN CASE
- SECURITY DESIGN CASE QUESTIONS
-
CHAPTER 3: System Administration (Part 2)
- Overview
- Operating system structure
- The command-line interface
- Files and directories
- Moving around the filesystem–pwd, cd
- Listing files and directories
- Shell expansions
- File management
- Viewing files
- Searching for files
- Access control and user management
- Access control lists
- File ownership
- Editing files
- Software installation and updates
- Account management
- Command-line user administration
- Example case–Northwest Florida State College
- REFERENCES
- SUMMARY
- CHAPTER REVIEW QUESTIONS
- EXAMPLE CASE QUESTIONS
- HANDS-ON ACTIVITY–BASIC LINUX SYSTEM ADMINISTRATION
- CRITICAL THINKING EXERCISE–OFFENSIVE CYBER EFFECTS OPERATIONS (OCEO)
- REFERENCES
- CRITICAL THINKING QUESTIONS
- DESIGN CASE
-
CHAPTER 4: The Basic Information Security Model
- Overview
- Introduction
- Components of the basic information security model
- Common vulnerabilities, threats, and controls
- Example case–ILOVEYOU virus
- REFERENCES
- SUMMARY
- CHAPTER REVIEW QUESTIONS
- EXAMPLE CASE QUESTIONS
- HANDS-ON ACTIVITY–WEB SERVER SECURITY
- QUESTIONS
- CRITICAL THINKING EXERCISE–THE INTERNET, “AMERICAN VALUES,” AND SECURITY
- CRITICAL THINKING QUESTIONS
- DESIGN CASE
-
CHAPTER 5: Asset Identification and Characterization
- Overview
- Assets overview
- Determining assets that are important to the organization
- Asset types
- Asset characterization
- IT asset life cycle and asset identification
- System profiling
- Asset ownership and operational responsibilities
- Example case–Stuxnet
- REFERENCES
- SUMMARY
- CHAPTER REVIEW QUESTIONS
- EXAMPLE CASE QUESTIONS
- HANDS-ON ACTIVITY–COURSE ASSET IDENTIFICATION
- CRITICAL THINKING EXERCISE–USES OF A HACKED PC
- DESIGN CASE
- DESIGN CASE QUESTIONS
- CHAPTER 6: Threats and Vulnerabilities
-
CHAPTER 7: Encryption Controls
- Overview
- Introduction
- Encryption basics
- Encryption types overview
- Encryption types details
- Encryption in use
- Example case–Nation technologies
- SUMMARY
- CHAPTER REVIEW QUESTIONS
- EXAMPLE CASE QUESTIONS
- HANDS-ON ACTIVITY–ENCRYPTION
- CRITICAL THINKING EXERCISE–ENCRYPTION KEYS EMBED BUSINESS MODELS
- REFERENCES
- CRITICAL THINKING EXERCISE QUESTIONS
- DESIGN CASE
-
CHAPTER 8: Identity and Access Management
- Overview
- Identity management
- Access management
- Authentication
- Single sign-on
- Federation
- Example case–Markus Hess
- REFERENCES
- SUMMARY
- CHAPTER REVIEW QUESTIONS
- EXAMPLE CASE QUESTIONS
- HANDS-ON ACTIVITY–IDENTITY MATCH AND MERGE
- CRITICAL THINKING EXERCISE–FEUDALISM THE SECURITY SOLUTION FOR THE INTERNET?
- REFERENCES
- CRITICAL THINKING EXERCISE QUESTIONS
- DESIGN CASE
-
CHAPTER 9: Hardware and Software Controls
- Overview
- Password management
- Access control
- Firewalls
- Intrusion detection/prevention systems
- Patch management for operating systems and applications
- End-point protection
- Example case–AirTight networks
- REFERENCES
- CHAPTER REVIEW QUESTIONS
- EXAMPLE CASE QUESTIONS
- HANDS-ON ACTIVITY–HOST-BASED IDS (OSSEC)
- CRITICAL THINKING EXERCISE–EXTRA-HUMAN SECURITY CONTROLS
- REFERENCES
- CRITICAL THINKING EXERCISE QUESTIONS
- DESIGN CASE
-
CHAPTER 10: Shell Scripting
- Overview
- Introduction
- Output redirection
- Text manipulation
- Variables
- Conditionals
- User input
- Loops
- Putting it all together
- Example case–Max Butler
- REFERENCES
- SUMMARY
- CHAPTER REVIEW QUESTIONS
- EXAMPLE CASE QUESTIONS
- HANDS-ON ACTIVITY–BASIC SCRIPTING
- CRITICAL THINKING EXERCISE–SCRIPT SECURITY
- REFERENCE
- SHELL SCRIPTING QUESTIONS
- DESIGN CASE
- CHAPTER 11: Incident Handling
-
CHAPTER 12: Incident Analysis
- Introduction
- Log analysis
- Event criticality
- General log configuration and maintenance
- Live incident response
- Timelines
- Other forensics topics
- Example case–backup server compromise
- CHAPTER REVIEW QUESTIONS
- EXAMPLE CASE QUESTIONS
- HANDS-ON ACTIVITY–SERVER LOG ANALYSIS
- CRITICAL THINKING EXERCISE–DESTRUCTION AT THE EDA (CONTD.)
- DESIGN CASE
- QUESTIONS
-
CHAPTER 13: Policies, Standards, and Guidelines
- Introduction
- Guiding principles
- Writing a policy
- Impact assessment and vetting
- Policy review
- Compliance
- Key policy issues
- Example case–HB Gary
- REFERENCES
- SUMMARY
- REFERENCE
- CHAPTER REVIEW QUESTIONS
- EXAMPLE CASE QUESTIONS
- HANDS-ON ACTIVITY–CREATE AN AUP
- CRITICAL THINKING EXERCISE–AARON SWARTZ
- REFERENCES
- CRITICAL THINKING QUESTIONS
- DESIGN CASE
-
CHAPTER 14: IT Risk Analysis and Risk Management
- Overview
- Introduction
- Risk management as a component of organizational management
- Risk-management framework
- The NIST 800-39 framework
- Risk assessment
- Other risk-management frameworks
- IT general controls for Sarbanes–Oxley compliance
- Compliance versus risk management
- Selling security
- Example case–online marketplace purchases
- REFERENCE
- SUMMARY
- CHAPTER REVIEW QUESTIONS
- EXAMPLE CASE QUESTIONS
- HANDS-ON ACTIVITY–RISK ASSESSMENT USING LSOF
- QUESTIONS
- CRITICAL THINKING EXERCISE–RISK ESTIMATION BIASES
- REFERENCES
- CRITICAL THINKING QUESTIONS
- DESIGN CASE
- APPENDIX A: Password List for the Linux Virtual Machine
- Glossary
- Index
Product information
- Title: Information Security and IT Risk Management
- Author(s):
- Release date: April 2014
- Publisher(s): Wiley
- ISBN: 9781118335895
You might also like
video
Risk Management for Cybersecurity and IT Managers
Have you ever wondered why your organization's executives or your manager made a decision to fund …
book
Information Assurance Handbook: Effective Computer Security and Risk Management Strategies
Best practices for protecting critical data and systems Information Assurance Handbook: Effective Computer Security and Risk …
book
IT Security Risk Control Management: An Audit Preparation Plan
Follow step-by-step guidance to craft a successful security program. You will identify with the paradoxes of …
book
Cybersecurity Risk Management
Cybersecurity Risk Management In Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework, veteran …