Principles of Information Systems Security Texts and Cases

ISBN-10: 0471450561
ISBN-13: 9780471450566
Edition: 2007
Authors: Gurpreet Dhillon
List price: $174.95 Buy it from $23.21 Rent it from $18.60
eBook available
This item qualifies for FREE shipping

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy

Description: The real threat to information system security comes from people, not computers. That's why students need to understand both the technical implementation of security controls, as well as the softer human behavioral and managerial factors that  More...

Used Starting from $23.21
Rent Starting from $18.60
eBooks Starting from $39.00
Rent
Buy
what's this?
Rush Rewards U
Members Receive:
coins
coins
You have reached 400 XP and carrot coins. That is the daily max!
You could win $10,000

Get an entry for every item you buy, rent, or sell.

Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Add to cart
Study Briefs
Business Ethics Online content $4.95 $1.99
Add to cart
Study Briefs
Business Law Online content $4.95 $1.99
Add to cart
Study Briefs
Management Online content $4.95 $1.99

Customers also bought

Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading

Book details

List price: $174.95
Copyright year: 2007
Publisher: John Wiley & Sons, Incorporated
Publication date: 3/17/2006
Binding: Hardcover
Pages: 464
Size: 7.75" wide x 9.50" long x 1.00" tall
Weight: 2.420
Language: English

The real threat to information system security comes from people, not computers. That's why students need to understand both the technical implementation of security controls, as well as the softer human behavioral and managerial factors that contribute to the theft and sabotage proprietary data. Addressing both the technical and human side of IS security, Dhillon's Information Systems Security: A Management Challenge equips managers (and those training to be managers) with an understanding of a broad range issues related to information system security management, and specific tools and techniques to support this managerial orientation. Coverage goes well beyond the technical aspects of information system security to address formal controls (the rules and procedures that need to be established for bringing about success of technical controls), as well as informal controls that deal with the normative structures that exist within organizations.

Preface
Information Systems Security: Nature and Scope
Coordination in Threes
Security in Threes
Technical Controls
Formal Controls
Informal Controls
Institutionalizing Security in Organizations
Questions and Exercises
Case Study
Technical Aspects of Information Systems Security
Security of Technical Systems in Organizations: An Introduction
Vulnerabilities
Data Security Requirements
Methods of Defense
Encryption
Software Controls
Physical and Hardware Controls
Concluding Remarks
Questions and Exercises
Case Study
Models for Technical Specification of Information Systems Security
Models for Security Specification
Evaluation Criteria and Their Context
Bell La Padula
Denning Information Flow Model
The Reference Monitor and Rushby's Solution
Away from the Military
Military and Nonmilitary: Toward Integrity
Toward Integrity: Biba, Clark-Wilson, and Chinese Walls
Biba
The Clark-Wilson Model
Emergent Issues
Questions and Exercises
Case Study
Cryptography and Technical Information Systems Security
Cryptography
Cryptanalysis
Basics of Cryptanalysis
Using Digrams for Cryptanalysis
Conventional Encryption Algorithms
Data Encryption Standard
IDEA
CAST
AES
Asymmetric Encryption
Authentication of the Sender
RSA
Questions and Exercises
Case Study
Network Security
TCP/IP Protocol Architecture
LAN Security
Security and TCP/IP Protocol
Architecture
Operating-System-based Attacks
Network-based Attacks
Securing Systems
Securing the File System
Securing Access from the Network
Questions and Exercises
Case Study
Formal Aspects of Information Systems Security
Security of Formal Systems in Organizations: An Introduction
Formal IS Security Dimensions
Responsibility and Authority Structures
Organizational Buy-In
Security Policy
Concluding Remarks
Questions and Exercises
Case Study
Planning for Information Systems Security
Security Strategy Levels
Classes of Security Decisions in Firms
Strategic Decisions
Administrative Decisions
Operational Decisions
Prioritizing Decisions
Security Planning Process
Orion Strategy Process Overview
IS Security Planning Principles
Summary
Questions and Exercises
Case Study
Designing Information Systems Security
Security Breaches in Systems Development
Control Structures
Auditing
Application Controls
Modeling Controls
Documentation Controls
Process Improvement Software
The SSE-CMM
Key Constructs and Concepts in SSE-CMM
Organization and Projects
System
Work Product
Customer
Process
Process Area
Role Independence
Process Capability
Institutionalization
Process Management
Capability Maturity Model
SSE-CMM Architecture Description
Basic Model
Concluding Remarks
Questions and Exercises
Case Study
Risk Management for Information Systems Security
Risk Assessment
System Characterization
Threat Identification
Vulnerability Identification
Control Analysis
Likelihood Determination and Impact Analysis
Risk Determination
Control Recommendations and Results Documentation
Risk Mitigation
Control Categories
Risk Evaluation and Assessment
COBRA: Hybrid Model for Software Cost Estimation, Benchmarking, and Risk Assessment
The I2S2 Model
Three Levels of I2S2 Model
Six Components of I2S2 Model
Concluding Remarks
Questions and Exercises
Case Study
Informal Aspects of Information Systems Security
Security of Informal Systems in Organizations: An Introduction
The Concept of Pragmatics and IS Security
What Is Pragmatics?
Nature of IS Security at the Pragmatic Level
Informal Behavior
Concluding Remarks
Questions and Exercises
Case Study
Corporate Governance For is Security
What Is Corporate Governance?
Models of Corporate Governance: Civic Republicanism
An Opposing View: Liberalism
Enter the Corporation
The Science of Management: Enter the Professional Manager
Professional Managers as Trustees of Society
The New Power Elite: The Managerial Technocracy
Minding the Minders: Contractual Shareholder Model
Analysis of the Structure of American Corporations
Owners
Board of Directors
CEO and Executives
Corporate Governance for IS Security
Security Governance Principles
Constructing Information System Security Governance
Concluding Remarks
Questions and Exercises
Case Study
Culture and Information Systems Security
Security Culture
Silent Messages and IS Security
Security Culture Framework
OECD Principles for Security Culture
Concluding Remarks
Questions and Exercises
Case Study
Regulatory Aspects of Information Systems Security
Information Systems Security Standards
ISO 17799
ISO 17799 Framework
The Rainbow Series
ITSEC
International Harmonization
Common Criteria
Common Problems with CC
Other Miscellaneous Standards and Guidelines
RFC 2196 Site Security Handbook
ISO/IEC TR 13335 Guidelines for the Management of IT Security
Generally Accepted Information Security Principles (GAISP)
OECD Guidelines for the Security of Information Systems
Concluding Remarks
Questions and Exercises
Case Study
Legal Aspects of Information Systems Security
Computer Fraud and Abuse Act (CFAA)
Computer Security Act (CSA)
Health Insurance Portability and Accountability Act (HIPAA)
Requirements
Compliance and Recommended Protection
HIPAA: Help or Hindrance?
USA Patriot Act
IT and the Act
Sarbanes-Oxley Act (SOX)
IT-Specific Issues
Federal Information Security Management Act (FISMA)
Concluding Remarks
Questions and Exercises
Case Study
Computer Forensics
The Basics
Types and Scope of Crimes
Lack of Uniform Law
What Is Computer Forensics?
Gathering Forensic Evidence
Formal Procedure for Gathering Data
Law Dictating Formal Procedure
Laws Governing Seizure of Evidence
Law Governing Analysis and Presentation of Evidence
Emergent Issues
International Arena
National Arena
Concluding Remarks
Questions and Exercises
Case Study 1
Case Study 2
Summary Principles for Information Systems Security
Principles for Technical Aspects of IS Security
Principles for Formal Aspects of IS Security
Principles for Informal Aspects of IS Security
Concluding Remarks
Cases
Case of a Computer Hack
Botnet: Anatomy of a Case
Cases in Computer Crime
IS Security at Southam Council
Security Management at the Tower
Computer Crime and the Demise of Barings Bank
Technology-Enabled Fraud and the Demise of Drexel Burnham Lambert
It Won't Part Your Hair: The INSLAW Affair
Taylor City Police Department Security Breach
Developing a Security Policy at M&M Procurement, Inc.
Index

×
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.

×