Information Security: Principles and Practices
Information Security: Principles and Practices
Second Edition
Mark S. Merkow Jim Breithaupt
800 East 96th Street, Indianapolis, Indiana 46240 USA
Information Security: Principles and Practices, Second Edition
Copyright ? 2014 by Pearson Education, Inc. All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein.
ISBN-13: 978-0-7897-5325-0 ISBN-10: 0-7897-5325-1
Library of Congress Control Number: 2014937271
Printed in the United States of America
First Printing: June 2014
Trademarks All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson IT Certification cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.
Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an "as is" basis. The authors and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book.
Special Sales For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at corpsales@ or (800) 382-3419.
For government sales inquiries, please contact governmentsales@.
For questions about sales outside the U.S., please contact international@.
Associate Publisher Dave Dusthimer
Acquisitions Editor Betsy Brown
Development Editor Jeff Riley
Managing Editor Sandra Schroeder
Senior Project Editor Tonya Simpson
Copy Editor Krista Hansing Editorial Services, Inc.
Indexer Publishing Works
Proofreader Paula Lowell
Technical Editors Tatyana Zidarov Chris Crayton
Publishing Coordinator Vanessa Evans
Cover Designer Alan Clements
Compositor Trina Wurst
Contents at a Glance
Preface ........................................................................................................................ xiii 1 Why Study Information Security?................................................................................2 2 Information Security Principles of Success...............................................................18 3 Certification Programs and the Common Body of Knowledge.................................36 4 Governance and Risk Management ..........................................................................54 5 Security Architecture and Design..............................................................................80 6 Business Continuity Planning and Disaster Recovery Planning .............................110 7 Law, Investigations, and Ethics...............................................................................126 8 Physical Security Control ........................................................................................146 9 Operations Security.................................................................................................166 10 Access Control Systems and Methodology..........................................................182 11 Cryptography ........................................................................................................200 12 Telecommunications, Network, and Internet Security ..........................................224 13 Software Development Security............................................................................260 14 Securing the Future...............................................................................................280 A Common Body of Knowledge.................................................................................292 B Security Policy and Standards Taxonomy..............................................................302 C Sample Policies ......................................................................................................306 D HIPAA Security Rule Standards..............................................................................320 Index ...........................................................................................................................324
iii
Table of Contents
Preface
xiii
Chapter 1: Why Study Information Security?
2
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
The Growing Importance of IT Security and New Career Opportunities . . . . . . 3
An Increase in Demand by Government and Private Industry. . . . . . . . . . 4
Becoming an Information Security Specialist . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Schools Are Responding to Demands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
The Importance of a Multidisciplinary Approach . . . . . . . . . . . . . . . . . . . . 7
Contextualizing Information Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Information Security Careers Meet the Needs of Business . . . . . . . . . . . . 8
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Test Your Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Chapter 2: Information Security Principles of Success
18
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Principle 1: There Is No Such Thing As Absolute Security . . . . . . . . . . . . . . . . 19
Principle 2: The Three Security Goals Are Confidentiality, Integrity, and Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Integrity Models. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Availability Models. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Principle 3: Defense in Depth as Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Principle 4: When Left on Their Own, People Tend to Make the Worst Security Decisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Principle 5: Computer Security Depends on Two Types of Requirements: Functional and Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Principle 6: Security Through Obscurity Is Not an Answer . . . . . . . . . . . . . . . . 25
Principle 7: Security = Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Principle 8: The Three Types of Security Controls Are Preventative, Detective, and Responsive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Principle 9: Complexity Is the Enemy of Security . . . . . . . . . . . . . . . . . . . . . . . 29
Principle 10: Fear, Uncertainty, and Doubt Do Not Work in Selling Security . 29
Principle 11: People, Process, and Technology Are All Needed to Adequately Secure a System or Facility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
iv
Table of Contents
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- installation manual for sr 1000 standalone integrated
- administering ibase administering ibm i2 ibase
- advanced configuration cisco
- fourth edition uoitc
- tristation 1131 version 4 nuclear regulatory commission
- reference statements and options
- reference manual procedures
- option a surface mounting pelco
- how to set wi fi function for hikvision wi fi camera
- information security principles and practices
Related searches
- navy information security website
- information security classification standards
- information security data classification
- bookkeeping principles and practices pdf
- dod introduction to information security answers
- introduction to information security cdse
- information security risk register
- introduction to information security stepp
- introduction to information security usalearning
- management principles and practices pdf
- accounting principles and practices pdf
- information security roles and responsibilities