Description : Master the latest technology and developments from the field with the book specifically oriented to the needs of those learning information systems -- PRINCIPLES OF INFORMATION SECURITY, 6E. Taking a managerial approach, this bestseller emphasizes all aspects of information security, rather than just the technical control perspective. Readers gain a broad overview of the entire field of information security and related elements with the detail to ensure understanding. The book highlights terms used in the field and a history of the discipline as readers learn how to manage an information security program. This edition highlights the latest practices with fresh examples that explore the impact of emerging technologies, such as the Internet of Things, Cloud Computing, and DevOps. Updates address technical security controls, emerging legislative issues, digital forensics, and ethical issues in IS security, making this the ideal IS resource for business decision makers. Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.
Description : Management of Information Security, Third Edition focuses on the managerial aspects of information security and assurance. Topics covered include access control models, information security governance, and information security program assessment and metrics. Coverage on the foundational and technical components of information security is included to reinforce key concepts. This new edition includes up-to-date information on changes in the field such as revised sections on national and international laws and international standards like the ISO 27000 series. With these updates, Management of Information Security continues to offer a unique overview of information security from a management perspective while maintaining a finger on the pulse of industry changes and academic relevance. Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.
Description : This book constitutes the proceedings of the Second International Conference on Human Aspects of Information Security, Privacy, and Trust, HAS 2014, held as part of HCI International 2014 which took place in Heraklion, Crete, Greece, in June 2014 and incorporated 14 conferences which similar thematic areas. HCII 2014 received a total of 4766 submissions, of which 1476 papers and 220 posters were accepted for publication after a careful reviewing process. These papers address the latest research and development efforts and highlight the human aspects of design and use of computing systems. The papers thoroughly cover the entire field of Human-Computer Interaction, addressing major advances in knowledge and effective use of computers in a variety of application areas. The 38 papers presented in the HAS 2014 proceedings are organized in topical sections named: usable security; authentication and passwords; security policy and awareness; human behaviour in cyber security and privacy issues.
Description : Information security involves the protection of organizational assets from the disruption of business operations, modification of sensitive data, or disclosure of proprietary information. The protection of this data is usually described as maintaining the confidentiality, integrity, and availability (CIA) of the organization’s assets, operations, and information. As identified throughout this chapter, security goes beyond technical controls and encompasses people, technology, policy, and operations in a way that few other business objectives do.
Description : Economics of Information Security applies economics not to generate breakthroughs in theoretical economics, but rather breakthroughs in understanding the problems of security. Security, privacy and trusted computing are examined distinctly, using the tools of economics, and as elements of a larger dynamic system. Economics of Information Security is designed for researchers and managers struggling to understand the risks in organizations dependent on secure networks. This book is also suitable for students in computer science, policy and management.
Description : Security attacks (Interruption, interception, modification and fabrication), Security services (confidentiality, authentication, Integrity, Non-repudiation, Access control and availability) and mechanisms, A model for internetwork security, Internet standards and RFCs, Buffer overflow and format string vulnerabilities, TCP session hijacking, ARP attacks, Route table modification, UDP hijacking, and man-in-the-middle attacks.Conventional encryption principles, Conventional encryption algorithms, Cipher block modes of operation, Location of encryption devices, Key distribution approaches of message authentication, Secure hash functions and HMAC.Public key cryptography principles, Public key cryptography algorithms, Digital signatures, Digital certificates, Certificate authority and key management Kerberos, X.509 directory authentication service.Email privacy : Pretty Good Privacy (PGP) and S/MIME.IP security overview, IP security architecture, Authentication header, Encapsulating security payload, Combining security associations and key management.Web security requirements, Secure Socket Layer (SSL) and Transport Layer Security (TLS), Secure Electronic Transaction (SET).Basic concepts of SNMP, SNMPv1 community facility and SNMPv3.Intruders, Viruses and related threats.
Description : Now updated—your expert guide to twenty-first century information security Information security is a rapidly evolving field. As businesses and consumers become increasingly dependent on complex multinational information systems, it is more imperative than ever to protect the confidentiality and integrity of data. Featuring a wide array of new information on the most current security issues, this fully updated and revised edition of Information Security: Principles and Practice provides the skills and knowledge readers need to tackle any information security challenge. Taking a practical approach to information security by focusing on real-world examples, this book is organized around four major themes: Cryptography: classic cryptosystems, symmetric key cryptography, public key cryptography, hash functions, random numbers, information hiding, and cryptanalysis Access control: authentication and authorization, password-based security, ACLs and capabilities, multilevel security and compartments, covert channels and inference control, security models such as BLP and Biba's model, firewalls, and intrusion detection systems Protocols: simple authentication protocols, session keys, perfect forward secrecy, timestamps, SSH, SSL, IPSec, Kerberos, WEP, and GSM Software: flaws and malware, buffer overflows, viruses and worms, malware detection, software reverse engineering, digital rights management, secure software development, and operating systems security This Second Edition features new discussions of relevant security topics such as the SSH and WEP protocols, practical RSA timing attacks, botnets, and security certification. New background material has been added, including a section on the Enigma cipher and coverage of the classic "orange book" view of security. Also featured are a greatly expanded and upgraded set of homework problems and many new figures, tables, and graphs to illustrate and clarify complex topics and problems. A comprehensive solutions manual is available to assist in course development. Minimizing theory while providing clear, accessible content, Information Security remains the premier text for students and instructors in information technology, computer science, and engineering, as well as for professionals working in these fields.
Description : Information security cannot be effectively managed unless secure methods and standards are integrated into all phases of the information security life cycle. And, although the international community has been aggressively engaged in developing security standards for network and information security worldwide, there are few textbooks available that provide clear guidance on how to properly apply the new standards in conducting security audits and creating risk-driven information security programs. An authoritative and practical classroom resource, Information Security Management: Concepts and Practice provides a general overview of security auditing before examining the various elements of the information security life cycle. It explains the ISO 17799 standard and walks readers through the steps of conducting a nominal security audit that conforms to the standard. The text also provides detailed guidance for conducting an in-depth technical security audit leading to certification against the 27001 standard. Topics addressed include cyber security, security risk assessments, privacy rights, HIPAA, SOX, intrusion detection systems, security testing activities, cyber terrorism, and vulnerability assessments. This self-contained text is filled with review questions, workshops, and real-world examples that illustrate effective implementation and security auditing methodologies. It also includes a detailed security auditing methodology students can use to devise and implement effective risk-driven security programs that touch all phases of a computing environment—including the sequential stages needed to maintain virtually air-tight IS management systems that conform to the latest ISO standards.
Description : This volume in the Advances in Management Information Systems series covers the managerial landscape of information security.
Description : An information security professional offers a guide to Internet security for anyone who wants to ensure that he or she does not inadvertently compromise sensitive information and wants to know what concrete steps reduce cybercrimes.