book

Information Security: Principles and Practices, Second Edition

by Mark S. Merkow, Jim Breithaupt

June 2014

Intermediate to advanced

368 pages

9h 44m

English

Pearson IT Certification

Read now

Unlock full access

IntroductionThe Growing Importance of IT Security and New Career OpportunitiesBecoming an Information Security SpecialistContextualizing Information SecuritySummaryTest Your Skills
IntroductionPrinciple 1: There Is No Such Thing As Absolute SecurityPrinciple 2: The Three Security Goals Are Confidentiality, Integrity, and AvailabilityPrinciple 3: Defense in Depth as StrategyPrinciple 4: When Left on Their Own, People Tend to Make the Worst Security DecisionsPrinciple 5: Computer Security Depends on Two Types of Requirements: Functional and AssurancePrinciple 6: Security Through Obscurity Is Not an AnswerPrinciple 7: Security = Risk ManagementPrinciple 8: The Three Types of Security Controls Are Preventative, Detective, and ResponsivePrinciple 9: Complexity Is the Enemy of SecurityPrinciple 10: Fear, Uncertainty, and Doubt Do Not Work in Selling SecurityPrinciple 11: People, Process, and Technology Are All Needed to Adequately Secure a System or FacilityPrinciple 12: Open Disclosure of Vulnerabilities Is Good for Security!SummaryTest Your Skills
IntroductionCertification and Information SecurityInternational Information Systems Security Certifications Consortium (ISC)2The Information Security Common Body of KnowledgeOther Certificate Programs in the IT Security IndustrySummaryTest Your Skills
IntroductionSecurity Policies Set the Stage for SuccessUnderstanding the Four Types of PoliciesDeveloping and Managing Security PoliciesProviding Policy Support DocumentsSuggested Standards TaxonomyWho Is Responsible for Security?SummaryTest Your Skills
IntroductionDefining the Trusted Computing BaseProtection Mechanisms in a TCBSystem Security Assurance ConceptsThe Trusted Computer Security Evaluation CriteriaThe Canadian Trusted Computer Product Evaluation CriteriaThe Federal Criteria for Information Technology SecurityThe Common CriteriaThe Common Evaluation MethodologyConfidentiality and Integrity ModelsSummaryTest Your Skills
IntroductionOverview of the Business Continuity Plan and Disaster Recovery PlanDisaster Recovery PlanningSummaryTest Your Skills
IntroductionTypes of Computer CrimeHow Cybercriminals Commit CrimesThe Computer and the LawIntellectual Property LawPrivacy and the LawComputer ForensicsThe Information Security Professional’s Code of EthicsOther Ethics StandardsSummaryTest Your Skills
IntroductionUnderstanding the Physical Security DomainSummaryTest Your Skills
IntroductionOperations Security PrinciplesOperations Security Process ControlsOperations Security Controls in ActionSummaryTest Your Skills
IntroductionTerms and ConceptsPrinciples of AuthenticationBiometricsSingle Sign-OnRemote User Access and AuthenticationSummaryTest Your Skills
IntroductionApplying Cryptography to Information SystemsBasic Terms and ConceptsStrength of CryptosystemsPutting the Pieces to WorkExamining Digital CryptographySummaryTest Your Skills
IntroductionAn Overview of Network and Telecommunications SecurityNetwork Security in ContextThe Open Systems Interconnection Reference ModelData Network TypesProtecting TCP/IP NetworksVirtual Private NetworksIPSecCloud ComputingSummaryTest Your Skills
IntroductionThe Practice of Software EngineeringSoftware Development Life CyclesDon’t Bolt Security On—Build It InDesign ReviewsMeasuring the Secure Development ProgramSummaryTest Your Skills
IntroductionOperation Eligible ReceiverCarders, Account Takeover, and Identity TheftThe Rosy Future for InfoSec SpecialistsSummaryTest Your Skills
Access ControlTelecommunications and Network SecurityInformation Security Governance and Risk ManagementSoftware Development SecurityCryptographySecurity Architecture and DesignOperations SecurityBusiness Continuity and Disaster Recovery PlanningLegal Regulations, Investigations, and CompliancePhysical (Environmental) Security
Sample Computer Acceptable Use PolicySample Email Use PolicySample Password PolicySample Wireless (WiFi) Use Policy
HIPAA Security StandardsAdministrative ProceduresPhysical SafeguardsTechnical Security ServicesTechnical Security Mechanisms