Information Security: Principles and Practices, Second Edition

Information Security: Principles and Practices, Second Edition

by Mark S. Merkow, Jim Breithaupt
Released June 2014
Publisher(s): Pearson IT Certification
ISBN: 9780133589412

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to live online training experiences, plus books, videos, and digital content from O’Reilly and nearly 200 trusted publishing partners.

Start your free trial

Book description

Information Security: Principles and Practices, Second Edition

Everything You Need to Know About Modern Computer Security, in One Book

Clearly explains all facets of information security in all 10 domains of the latest Information Security Common Body of Knowledge [(ISC)² CBK].

Thoroughly updated for today’s challenges, technologies, procedures, and best practices.

The perfect resource for anyone pursuing an IT security career.

Fully updated for the newest technologies and best practices, Information Security: Principles and Practices, Second Edition thoroughly covers all 10 domains of today’s Information Security Common Body of Knowledge.

Two highly experienced security practitioners have brought together all the foundational knowledge you need to succeed in today’s IT and business environments. They offer easy-to-understand, practical coverage of topics ranging from security management and physical security to cryptography and application development security.

This edition fully addresses new trends that are transforming security, from cloud services to mobile applications, “Bring Your Own Device” (BYOD) strategies to today’s increasingly rigorous compliance requirements. Throughout, you’ll find updated case studies, review questions, and exercises–all designed to reveal today’s real-world IT security challenges and help you overcome them.

Learn how to

-- Recognize the evolving role of IT security

-- Identify the best new opportunities in the field

-- Discover today’s core information security principles of success

-- Understand certification programs and the CBK

-- Master today’s best practices for governance and risk management

-- Architect and design systems to maximize security

-- Plan for business continuity

-- Understand the legal, investigatory, and ethical requirements associated with IT security

-- Improve physical and operational security

-- Implement effective access control systems

-- Effectively utilize cryptography

-- Improve network and Internet security

-- Build more secure software

-- Define more effective security policies and standards

-- Preview the future of information security

Table of contents

  1. About This eBook
  2. Title Page
  3. Copyright Page
  4. Contents at a Glance
  5. Table of Contents
  6. Preface
  7. About the Authors
  8. Acknowledgments
  9. We Want to Hear from You!
  10. Reader Services
  11. Chapter 1. Why Study Information Security?
    1. Introduction
    2. The Growing Importance of IT Security and New Career Opportunities
    3. Becoming an Information Security Specialist
    4. Contextualizing Information Security
    5. Summary
    6. Test Your Skills
  12. Chapter 2. Information Security Principles of Success
    1. Introduction
    2. Principle 1: There Is No Such Thing As Absolute Security
    3. Principle 2: The Three Security Goals Are Confidentiality, Integrity, and Availability
    4. Principle 3: Defense in Depth as Strategy
    5. Principle 4: When Left on Their Own, People Tend to Make the Worst Security Decisions
    6. Principle 5: Computer Security Depends on Two Types of Requirements: Functional and Assurance
    7. Principle 6: Security Through Obscurity Is Not an Answer
    8. Principle 7: Security = Risk Management
    9. Principle 8: The Three Types of Security Controls Are Preventative, Detective, and Responsive
    10. Principle 9: Complexity Is the Enemy of Security
    11. Principle 10: Fear, Uncertainty, and Doubt Do Not Work in Selling Security
    12. Principle 11: People, Process, and Technology Are All Needed to Adequately Secure a System or Facility
    13. Principle 12: Open Disclosure of Vulnerabilities Is Good for Security!
    14. Summary
    15. Test Your Skills
  13. Chapter 3. Certification Programs and the Common Body of Knowledge
    1. Introduction
    2. Certification and Information Security
    3. International Information Systems Security Certifications Consortium (ISC)2
    4. The Information Security Common Body of Knowledge
    5. Other Certificate Programs in the IT Security Industry
    6. Summary
    7. Test Your Skills
  14. Chapter 4. Governance and Risk Management
    1. Introduction
    2. Security Policies Set the Stage for Success
    3. Understanding the Four Types of Policies
    4. Developing and Managing Security Policies
    5. Providing Policy Support Documents
    6. Suggested Standards Taxonomy
    7. Who Is Responsible for Security?
    8. Summary
    9. Test Your Skills
  15. Chapter 5. Security Architecture and Design
    1. Introduction
    2. Defining the Trusted Computing Base
    3. Protection Mechanisms in a TCB
    4. System Security Assurance Concepts
    5. The Trusted Computer Security Evaluation Criteria
    6. The Canadian Trusted Computer Product Evaluation Criteria
    7. The Federal Criteria for Information Technology Security
    8. The Common Criteria
    9. The Common Evaluation Methodology
    10. Confidentiality and Integrity Models
    11. Summary
    12. Test Your Skills
  16. Chapter 6. Business Continuity Planning and Disaster Recovery Planning
    1. Introduction
    2. Overview of the Business Continuity Plan and Disaster Recovery Plan
    3. Disaster Recovery Planning
    4. Summary
    5. Test Your Skills
  17. Chapter 7. Law, Investigations, and Ethics
    1. Introduction
    2. Types of Computer Crime
    3. How Cybercriminals Commit Crimes
    4. The Computer and the Law
    5. Intellectual Property Law
    6. Privacy and the Law
    7. Computer Forensics
    8. The Information Security Professional’s Code of Ethics
    9. Other Ethics Standards
    10. Summary
    11. Test Your Skills
  18. Chapter 8. Physical Security Control
    1. Introduction
    2. Understanding the Physical Security Domain
    3. Summary
    4. Test Your Skills
  19. Chapter 9. Operations Security
    1. Introduction
    2. Operations Security Principles
    3. Operations Security Process Controls
    4. Operations Security Controls in Action
    5. Summary
    6. Test Your Skills
  20. Chapter 10. Access Control Systems and Methodology
    1. Introduction
    2. Terms and Concepts
    3. Principles of Authentication
    4. Biometrics
    5. Single Sign-On
    6. Remote User Access and Authentication
    7. Summary
    8. Test Your Skills
  21. Chapter 11. Cryptography
    1. Introduction
    2. Applying Cryptography to Information Systems
    3. Basic Terms and Concepts
    4. Strength of Cryptosystems
    5. Putting the Pieces to Work
    6. Examining Digital Cryptography
    7. Summary
    8. Test Your Skills
  22. Chapter 12. Telecommunications, Network, and Internet Security
    1. Introduction
    2. An Overview of Network and Telecommunications Security
    3. Network Security in Context
    4. The Open Systems Interconnection Reference Model
    5. Data Network Types
    6. Protecting TCP/IP Networks
    7. Virtual Private Networks
    8. IPSec
    9. Cloud Computing
    10. Summary
    11. Test Your Skills
  23. Chapter 13. Software Development Security
    1. Introduction
    2. The Practice of Software Engineering
    3. Software Development Life Cycles
    4. Don’t Bolt Security On—Build It In
    5. Design Reviews
    6. Measuring the Secure Development Program
    7. Summary
    8. Test Your Skills
  24. Chapter 14. Securing the Future
    1. Introduction
    2. Operation Eligible Receiver
    3. Carders, Account Takeover, and Identity Theft
    4. The Rosy Future for InfoSec Specialists
    5. Summary
    6. Test Your Skills
  25. Appendix A. Common Body of Knowledge
    1. Access Control
    2. Telecommunications and Network Security
    3. Information Security Governance and Risk Management
    4. Software Development Security
    5. Cryptography
    6. Security Architecture and Design
    7. Operations Security
    8. Business Continuity and Disaster Recovery Planning
    9. Legal Regulations, Investigations, and Compliance
    10. Physical (Environmental) Security
  26. Appendix B. Security Policy and Standards Taxonomy
  27. Appendix C. Sample Policies
    1. Sample Computer Acceptable Use Policy
    2. Sample Email Use Policy
    3. Sample Password Policy
    4. Sample Wireless (WiFi) Use Policy
  28. Appendix D. HIPAA Security Rule Standards
    1. HIPAA Security Standards
    2. Administrative Procedures
    3. Physical Safeguards
    4. Technical Security Services
    5. Technical Security Mechanisms
  29. Index

Product information

  • Title: Information Security: Principles and Practices, Second Edition
  • Author(s): Mark S. Merkow, Jim Breithaupt
  • Release date: June 2014
  • Publisher(s): Pearson IT Certification
  • ISBN: 9780133589412