book

Information Security: Principles and Practices, Second Edition

by Mark S. Merkow, Jim Breithaupt

June 2014

Intermediate to advanced

368 pages

9h 44m

English

Pearson IT Certification

Read now

Unlock full access

IntroductionThe Growing Importance of IT Security and New Career OpportunitiesBecoming an Information Security SpecialistContextualizing Information SecuritySummaryTest Your Skills
IntroductionPrinciple 1: There Is No Such Thing As Absolute SecurityPrinciple 2: The Three Security Goals Are Confidentiality, Integrity, and AvailabilityPrinciple 3: Defense in Depth as StrategyPrinciple 4: When Left on Their Own, People Tend to Make the Worst Security DecisionsPrinciple 5: Computer Security Depends on Two Types of Requirements: Functional and AssurancePrinciple 6: Security Through Obscurity Is Not an AnswerPrinciple 7: Security = Risk ManagementPrinciple 8: The Three Types of Security Controls Are Preventative, Detective, and ResponsivePrinciple 9: Complexity Is the Enemy of SecurityPrinciple 10: Fear, Uncertainty, and Doubt Do Not Work in Selling SecurityPrinciple 11: People, Process, and Technology Are All Needed to Adequately Secure a System or FacilityPrinciple 12: Open Disclosure of Vulnerabilities Is Good for Security!SummaryTest Your Skills
IntroductionCertification and Information SecurityInternational Information Systems Security Certifications Consortium (ISC)2The Information Security Common Body of KnowledgeOther Certificate Programs in the IT Security IndustrySummaryTest Your Skills
IntroductionSecurity Policies Set the Stage for SuccessUnderstanding the Four Types of PoliciesDeveloping and Managing Security PoliciesProviding Policy Support DocumentsSuggested Standards TaxonomyWho Is Responsible for Security?SummaryTest Your Skills
IntroductionDefining the Trusted Computing BaseProtection Mechanisms in a TCBSystem Security Assurance ConceptsThe Trusted Computer Security Evaluation CriteriaThe Canadian Trusted Computer Product Evaluation CriteriaThe Federal Criteria for Information Technology SecurityThe Common CriteriaThe Common Evaluation MethodologyConfidentiality and Integrity ModelsSummaryTest Your Skills
IntroductionOverview of the Business Continuity Plan and Disaster Recovery PlanDisaster Recovery PlanningSummaryTest Your Skills
IntroductionTypes of Computer CrimeHow Cybercriminals Commit CrimesThe Computer and the LawIntellectual Property LawPrivacy and the LawComputer ForensicsThe Information Security Professional’s Code of EthicsOther Ethics StandardsSummaryTest Your Skills
IntroductionUnderstanding the Physical Security DomainSummaryTest Your Skills
IntroductionOperations Security PrinciplesOperations Security Process ControlsOperations Security Controls in ActionSummaryTest Your Skills
IntroductionTerms and ConceptsPrinciples of AuthenticationBiometricsSingle Sign-OnRemote User Access and AuthenticationSummaryTest Your Skills
IntroductionApplying Cryptography to Information SystemsBasic Terms and ConceptsStrength of CryptosystemsPutting the Pieces to WorkExamining Digital CryptographySummaryTest Your Skills
IntroductionAn Overview of Network and Telecommunications SecurityNetwork Security in ContextThe Open Systems Interconnection Reference ModelData Network TypesProtecting TCP/IP NetworksVirtual Private NetworksIPSecCloud ComputingSummaryTest Your Skills
IntroductionThe Practice of Software EngineeringSoftware Development Life CyclesDon’t Bolt Security On—Build It InDesign ReviewsMeasuring the Secure Development ProgramSummaryTest Your Skills
IntroductionOperation Eligible ReceiverCarders, Account Takeover, and Identity TheftThe Rosy Future for InfoSec SpecialistsSummaryTest Your Skills
Access ControlTelecommunications and Network SecurityInformation Security Governance and Risk ManagementSoftware Development SecurityCryptographySecurity Architecture and DesignOperations SecurityBusiness Continuity and Disaster Recovery PlanningLegal Regulations, Investigations, and CompliancePhysical (Environmental) Security
Sample Computer Acceptable Use PolicySample Email Use PolicySample Password PolicySample Wireless (WiFi) Use Policy
HIPAA Security StandardsAdministrative ProceduresPhysical SafeguardsTechnical Security ServicesTechnical Security Mechanisms

Overview

Information Security: Principles and Practices, Second Edition

Everything You Need to Know About Modern Computer Security, in One Book

Clearly explains all facets of information security in all 10 domains of the latest Information Security Common Body of Knowledge [(ISC)² CBK].

Thoroughly updated for today’s challenges, technologies, procedures, and best practices.

The perfect resource for anyone pursuing an IT security career.

Fully updated for the newest technologies and best practices, Information Security: Principles and Practices, Second Edition thoroughly covers all 10 domains of today’s Information Security Common Body of Knowledge.

Two highly experienced security practitioners have brought together all the foundational knowledge you need to succeed in today’s IT and business environments. They offer easy-to-understand, practical coverage of topics ranging from security management and physical security to cryptography and application development security.

This edition fully addresses new trends that are transforming security, from cloud services to mobile applications, “Bring Your Own Device” (BYOD) strategies to today’s increasingly rigorous compliance requirements. Throughout, you’ll find updated case studies, review questions, and exercises–all designed to reveal today’s real-world IT security challenges and help you overcome them.

Learn how to

-- Recognize the evolving role of IT security

-- Identify the best new opportunities in the field

-- Discover today’s core information security principles of success

-- Understand certification programs and the CBK

-- Master today’s best practices for governance and risk management

-- Architect and design systems to maximize security

-- Plan for business continuity

-- Understand the legal, investigatory, and ethical requirements associated with IT security

-- Improve physical and operational security

-- Implement effective access control systems

-- Effectively utilize cryptography

-- Improve network and Internet security

-- Build more secure software

-- Define more effective security policies and standards

-- Preview the future of information security

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Network Defense and Countermeasures: Principles and Practices, Second Edition

Publisher Resources

ISBN: 9780133589412Purchase book

Information Security: Principles and Practices, Second Edition

by Mark S. Merkow, Jim Breithaupt

Overview

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Network Defense and Countermeasures: Principles and Practices, Second Edition

Information Security Handbook - Second Edition

Fundamentals of Information Systems Security, 4th Edition

The Basics of Information Security, 2nd Edition

Publisher Resources

Overview

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Network Defense and Countermeasures: Principles and Practices, Second Edition

Information Security Handbook - Second Edition

Fundamentals of Information Systems Security, 4th Edition

The Basics of Information Security, 2nd Edition

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.