Book description
Information Security: Principles and Practices, Second Edition
Everything You Need to Know About Modern Computer Security, in One Book
Clearly explains all facets of information security in all 10 domains of the latest Information Security Common Body of Knowledge [(ISC)² CBK].
Thoroughly updated for today’s challenges, technologies, procedures, and best practices.
The perfect resource for anyone pursuing an IT security career.
Fully updated for the newest technologies and best practices, Information Security: Principles and Practices, Second Edition thoroughly covers all 10 domains of today’s Information Security Common Body of Knowledge.
Two highly experienced security practitioners have brought together all the foundational knowledge you need to succeed in today’s IT and business environments. They offer easy-to-understand, practical coverage of topics ranging from security management and physical security to cryptography and application development security.
This edition fully addresses new trends that are transforming security, from cloud services to mobile applications, “Bring Your Own Device” (BYOD) strategies to today’s increasingly rigorous compliance requirements. Throughout, you’ll find updated case studies, review questions, and exercises–all designed to reveal today’s real-world IT security challenges and help you overcome them.
Learn how to
-- Recognize the evolving role of IT security
-- Identify the best new opportunities in the field
-- Discover today’s core information security principles of success
-- Understand certification programs and the CBK
-- Master today’s best practices for governance and risk management
-- Architect and design systems to maximize security
-- Plan for business continuity
-- Understand the legal, investigatory, and ethical requirements associated with IT security
-- Improve physical and operational security
-- Implement effective access control systems
-- Effectively utilize cryptography
-- Improve network and Internet security
-- Build more secure software
-- Define more effective security policies and standards
-- Preview the future of information security
Table of contents
- About This eBook
- Title Page
- Copyright Page
- Contents at a Glance
- Table of Contents
- Preface
- About the Authors
- Acknowledgments
- We Want to Hear from You!
- Reader Services
- Chapter 1. Why Study Information Security?
-
Chapter 2. Information Security Principles of Success
- Introduction
- Principle 1: There Is No Such Thing As Absolute Security
- Principle 2: The Three Security Goals Are Confidentiality, Integrity, and Availability
- Principle 3: Defense in Depth as Strategy
- Principle 4: When Left on Their Own, People Tend to Make the Worst Security Decisions
- Principle 5: Computer Security Depends on Two Types of Requirements: Functional and Assurance
- Principle 6: Security Through Obscurity Is Not an Answer
- Principle 7: Security = Risk Management
- Principle 8: The Three Types of Security Controls Are Preventative, Detective, and Responsive
- Principle 9: Complexity Is the Enemy of Security
- Principle 10: Fear, Uncertainty, and Doubt Do Not Work in Selling Security
- Principle 11: People, Process, and Technology Are All Needed to Adequately Secure a System or Facility
- Principle 12: Open Disclosure of Vulnerabilities Is Good for Security!
- Summary
- Test Your Skills
- Chapter 3. Certification Programs and the Common Body of Knowledge
- Chapter 4. Governance and Risk Management
-
Chapter 5. Security Architecture and Design
- Introduction
- Defining the Trusted Computing Base
- Protection Mechanisms in a TCB
- System Security Assurance Concepts
- The Trusted Computer Security Evaluation Criteria
- The Canadian Trusted Computer Product Evaluation Criteria
- The Federal Criteria for Information Technology Security
- The Common Criteria
- The Common Evaluation Methodology
- Confidentiality and Integrity Models
- Summary
- Test Your Skills
- Chapter 6. Business Continuity Planning and Disaster Recovery Planning
- Chapter 7. Law, Investigations, and Ethics
- Chapter 8. Physical Security Control
- Chapter 9. Operations Security
- Chapter 10. Access Control Systems and Methodology
- Chapter 11. Cryptography
- Chapter 12. Telecommunications, Network, and Internet Security
- Chapter 13. Software Development Security
- Chapter 14. Securing the Future
-
Appendix A. Common Body of Knowledge
- Access Control
- Telecommunications and Network Security
- Information Security Governance and Risk Management
- Software Development Security
- Cryptography
- Security Architecture and Design
- Operations Security
- Business Continuity and Disaster Recovery Planning
- Legal Regulations, Investigations, and Compliance
- Physical (Environmental) Security
- Appendix B. Security Policy and Standards Taxonomy
- Appendix C. Sample Policies
- Appendix D. HIPAA Security Rule Standards
- Index
Product information
- Title: Information Security: Principles and Practices, Second Edition
- Author(s):
- Release date: June 2014
- Publisher(s): Pearson IT Certification
- ISBN: 9780133589412
You might also like
book
Networking Fundamentals
Become well-versed with basic networking concepts such as routing, switching, and subnetting, and prepare for the …
video
Python Fundamentals
51+ hours of video instruction. Overview The professional programmer’s Deitel® video guide to Python development with …
book
Official (ISC)2 Guide to the CISSP CBK, 4th Edition
As a result of a rigorous, methodical process that (ISC) follows to routinely update its credential …
book
Developing Cybersecurity Programs and Policies, Third Edition
All the Knowledge You Need to Build Cybersecurity Programs and Policies That Work Clearly presents best …