Principles of Information Security

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

Author(s): Michael E. Whitman, Herbert J. Mattord
Edition: 7
Publisher: Cengage
Year: 2022

Language: English
City: Boston, MA
Tags: Information Security, Risk Management

Cover
Brief Contents
Table of Contents
Preface
Module 1: Introduction to Information Security
Introduction To Information Security
What Is Security?
Components Of An Information System
Security And The Organization
Information Security: Is It An Art or A ­Science?
Module Summary
Review Questions
Exercises
References
Module 2: The Need for Information Security
Introduction To The Need For Information Security
Information Security Threats and Attacks
The 12 Categories of Threats
Module Summary
Review Questions
Exercises
References
Module 3: Information Security Management
Introduction To The Management of Information Security
Information Security Planning and Governance
Information Security Policy, Standards, and Practices
Security Education, Training, And Awareness Program
Information Security Blueprint, Models, and Frameworks
Module Summary
Review Questions
Exercises
References
Module 4: Risk Management
Introduction To Risk Management
The Risk Management Framework
The Risk Management Process
Risk Treatment/Risk Response
Managing Risk
Alternative Risk Management ­Methodologies
Module Summary
Review Questions
Exercises
References
Module 5: Incident Response and Contingency Planning
Introduction To Incident Response and Contingency Planning
Fundamentals of Contingency Planning
Incident Response
Digital Forensics
Disaster Recovery
Business Continuity
Crisis Management
Testing Contingency Plans
Module Summary
Review Questions
Exercises
References
Module 6: Legal, Ethical, and Professional Issues in Information Security
Introduction To Law and Ethics in Information Security
Relevant U.S. Laws
International Laws and Legal Bodies
Ethics and Information Security
Codes of Ethics of Professional ­Organizations
Key U.S. Federal Agencies
Module Summary
Review Questions
Exercises
References
Module 7: Security and Personnel
Introduction To Security and Personnel
Positioning The Security Function
Staffing The Information Security Function
Credentials For Information Security ­Professionals
Employment Policies and Practices
Personnel Control Strategies
Module Summary
Review Questions
Exercises
References
Module 8: Security Technology: Access Controls, Firewalls, and VPNs
Introduction To Access Controls
Firewall Technologies
Protecting Remote Connections
Final Thoughts on Remote Access and Access Controls
Module Summary
Review Questions
Exercises
References
Module 9: Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools
Introduction To Intrusion Detection and Prevention Systems
Honeypots, Honeynets, and Padded Cell Systems
Scanning and Analysis Tools
Module Summary
Review Questions
Exercises
References
Module 10: Cryptography
Introduction To Cryptography
Encryption Methods
Cryptographic Algorithms
Cryptographic Tools
Protocols For Secure Communications
Module Summary
Review Questions
Exercises
References
Module 11: Implementing Information Security
Introduction To Information Security ­Implementation
The Systems Development Life Cycle
Information Security Project Management
Technical Aspects of Implementation
Nontechnical Aspects of Implementation
Module Summary
Review Questions
Exercises
References
Module 12: Information Security Maintenance
Introduction To Information Security Maintenance
Security Management Maintenance Models
The Security Maintenance Model
Physical Security
Module Summary
Review Questions
Exercises
References
Glossary
Index