Information Security and IT Risk Management

Häftad, Engelska, 2014

AvManish Agrawal,Alex Campoe,Eric Pierce

2 219 kr

Beställningsvara. Skickas inom 11-20 vardagar. Fri frakt för medlemmar vid köp för minst 249 kr.

This new text provides students the knowledge and skills they will need to compete for and succeed in the information security roles they will encounter straight out of college. This is accomplished by providing a hands-on immersion in essential system administration, service and application installation and configuration, security tool use, TIG implementation and reporting. It is designed for an introductory course on IS Security offered usually as an elective in IS departments in 2 and 4 year schools. It is not designed for security certification courses.

Produktinformation

Utgivningsdatum2014-03-14
Mått185 x 231 x 23 mm
Vikt680 g
FormatHäftad
SpråkEngelska
Antal sidor432
FörlagJohn Wiley & Sons Inc
ISBN9781118335895

Tillhör följande kategorier

IT-säkerhet inom Data och IT

Manish Agrawal recieved his PhD Information Systems from SUNY Buffalo in 2002 and?Bachelor and Master degrees in Electrical Engineering from the Indian Institute of Technology in Kanpur, India. He is an Associate Professor in the?Department of Information Systems and Decision Sciences at the University of South Florida. He currently teaches courses in business data communications, information security and web applications development.?He was the recipient of USF's university-wide award recognizing teaching excellence in 2006 and has published research in academic journals including Management Science, INFORMS Journal on Computing, Journal of Management Information Systems, IEEE Transactions on Software Engineering, Decision Support Systems and the Journal of Organizational Computing and Electronic Commerce. His research and teaching have been funded by the US National Science Foundation, the US Department of Justice, the Indo-US Science and Technology Forum and Sun Microsystems.

Chapter 1: IntroductionOverviewProfessional utility of information security knowledgeBrief historyDefinition of information securitySummaryExample case – wikileaks, cablegate, and free reign over classified networksChapter review questionsExample case questionsHands-on activity – software inspector, steganographyCritical thinking exercise: identifying CIA area(s) affected by sample real-life hacking incidentsDesign caseChapter 2: System Administration (Part 1)OverviewIntroductionWhat is system administration?System administration and information securityCommon system administration tasksSystem administration utilitiesSummaryExample case - T J MaxxChapter review questionsExample case questionsHands-on Activity – linux system installationCritical thinking exercise – Google executives sentenced toPrison over videoDesign caseChapter 3: System Administration (Part 2)OverviewOperating system structureThe command-line interfaceFiles and DirectoriesMoving around the filesystem – pwd, cdListing files and directoriesShell ExpansionsFile ManagementViewing FilesSearching for fi lesAccess control and user managementAccess control listsFile ownershipEditing fi lesSoftware installation and updatesAccount managementCommand-line user administrationExample case – Northwest Florida State CollegeSummaryChapter review questionsExample case questionsHands-on activity–basic linux system administrationCritical thinking exercise – offensive cyber effects operations (OCEO)Design CaseChapter 4: The basic Information security modelOverviewIntroductionComponents of the basic information security modelCommon vulnerabilities, threats and controlsExample case – ILOVEYOU virusSummaryChapter review questionsExample case questionsHands-on activity–web server securityCritical thinking exercise–the internet, "american values" and securityDesign CaseChapter 5: Asset Identification and CharacterizationOverviewAssets overviewDetermining assets that are important to the organizationAsset TypesAsset CharacterizationIT asset lifecycle and asset identificationSystem profilingAsset ownership and operational responsibilitiesExample case–StuxnetSummaryChapter review questionsExample case questionsHands–on activity–course asset identificationCritical thinking exercise – uses of a hacked PCDesign caseChapter 6: Threats and VulnerabilitiesOverviewIntroductionThreat modelsThreat AgentThreat ActionVulnerabilitiesExample case–GoziSummaryChapter Review QuestionsExample case questionsHands-on activity–Vulnerability scanningCritical thinking exercise–Iraq cyber war plans in 2003Design caseChapter 7: Encryption ControlsOverviewIntroductionEncryption basicsEncryption types overviewEncryption types detailsEncryption in useExample case – Nation technologiesSummaryChapter review questionsExample case questionsHands-on activity–encryptionCritical thinking exercise–encryption keys embed business modelsDesign caseChapter 8: Identity and Access ManagementOverviewIdentity managementAccess ManagementAuthenticationSingle sign-onFederationExample case – markus hessSummaryChapter review questionsExample case questionsHands-on activity – identity match and mergeCritical thinking exercise – feudalism the security solution for the internet?Design caseChapter 9: Hardware and Software ControlsOverviewPassword managementAccess controlFirewallsIntrusion detection/prevention systemsPatch management for operating systems and applicationsEnd point protectionExample case – AirTight NetworksChapter review questionsExample case questionsHands-on activity – host-based IDS (OSSEC)Critical thinking exercise – extra-human security controlsDesign caseChapter 10: Shell ScriptingOverviewIntroductionOutput redirectionText manipulationVariablesConditionalsUser inputLoopsPutting it all togetherExample case–Max ButlerSummaryChapter review questionsExample case questionsHands-on Activity – basic scriptingCritical thinking exercise–script securityDesign caseChapter 11: Incident HandlingIntroductionIncidents overviewIncident handlingThe disasterExample case – on-campus piracySummaryChapter review questionsExample case questionsHands-on activity – incident timeline using OSSECCritical thinking exercise – destruction at the EDADesign caseChapter 12: Incident AnalysisIntroductionLog analysisEvent criticalityGeneral log configuration and maintenanceLive Incident responseTimelinesOther forensics topicsExample case - backup server compromiseChapter review questionsExample case questionsHands-on activity – server log analysisCritical thinking exercise – destruction at the EDA (contd.)Design caseChapter 13: Policies, Standards, and GuidelinesIntroductionGuiding principlesWriting a policyImpact assessment and vettingPolicy reviewComplianceKey Policy IssuesExample case – H B GarySummaryReferenceChapter review questionsExample case questionsHands-on activity – create an AUPCritical thinking exercise – aaron swartzDesign CaseChapter 14: IT risk analysis and risk managementOverviewIntroductionRisk management as a component of organizationalmanagementRisk management frameworkThe NIST 800-39 frameworkRisk assessmentOther risk management frameworksIT general controls for sarbanes-oxley complianceCompliance versus risk managementSelling securityExample case – online marketplace purchasesSummaryChapter review questionsHands-on activity – risk assessment using lsofCritical thinking exercise – risk estimation biasesDesign CaseAppendix A: Password List for the Linux Virtual MachineGlossaryIndex