Skip to content

Principles of Information Systems Security Texts and Cases

Spend $50 to get a free DVD!

ISBN-10: 0471450561

ISBN-13: 9780471450566

Edition: 2007

Authors: Gurpreet Dhillon

List price: $174.95
Blue ribbon 30 day, 100% satisfaction guarantee!
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!


The real threat to information system security comes from people, not computers. That's why students need to understand both the technical implementation of security controls, as well as the softer human behavioral and managerial factors that contribute to the theft and sabotage proprietary data. Addressing both the technical and human side of IS security, Dhillon's Information Systems Security: A Management Challenge equips managers (and those training to be managers) with an understanding of a broad range issues related to information system security management, and specific tools and techniques to support this managerial orientation. Coverage goes well beyond the technical aspects of information system security to address formal controls (the rules and procedures that need to be established for bringing about success of technical controls), as well as informal controls that deal with the normative structures that exist within organizations.
Customers also bought

Book details

List price: $174.95
Copyright year: 2007
Publisher: John Wiley & Sons, Incorporated
Publication date: 3/17/2006
Binding: Hardcover
Pages: 464
Size: 7.75" wide x 9.50" long x 1.00" tall
Weight: 2.332
Language: English

Information Systems Security: Nature and Scope
Coordination in Threes
Security in Threes
Technical Controls
Formal Controls
Informal Controls
Institutionalizing Security in Organizations
Questions and Exercises
Case Study
Technical Aspects of Information Systems Security
Security of Technical Systems in Organizations: An Introduction
Data Security Requirements
Methods of Defense
Software Controls
Physical and Hardware Controls
Concluding Remarks
Questions and Exercises
Case Study
Models for Technical Specification of Information Systems Security
Models for Security Specification
Evaluation Criteria and Their Context
Bell La Padula
Denning Information Flow Model
The Reference Monitor and Rushby's Solution
Away from the Military
Military and Nonmilitary: Toward Integrity
Toward Integrity: Biba, Clark-Wilson, and Chinese Walls
The Clark-Wilson Model
Emergent Issues
Questions and Exercises
Case Study
Cryptography and Technical Information Systems Security
Basics of Cryptanalysis
Using Digrams for Cryptanalysis
Conventional Encryption Algorithms
Data Encryption Standard
Asymmetric Encryption
Authentication of the Sender
Questions and Exercises
Case Study
Network Security
TCP/IP Protocol Architecture
LAN Security
Security and TCP/IP Protocol
Operating-System-based Attacks
Network-based Attacks
Securing Systems
Securing the File System
Securing Access from the Network
Questions and Exercises
Case Study
Formal Aspects of Information Systems Security
Security of Formal Systems in Organizations: An Introduction
Formal IS Security Dimensions
Responsibility and Authority Structures
Organizational Buy-In
Security Policy
Concluding Remarks
Questions and Exercises
Case Study
Planning for Information Systems Security
Security Strategy Levels
Classes of Security Decisions in Firms
Strategic Decisions
Administrative Decisions
Operational Decisions
Prioritizing Decisions
Security Planning Process
Orion Strategy Process Overview
IS Security Planning Principles
Questions and Exercises
Case Study
Designing Information Systems Security
Security Breaches in Systems Development
Control Structures
Application Controls
Modeling Controls
Documentation Controls
Process Improvement Software
Key Constructs and Concepts in SSE-CMM
Organization and Projects
Work Product
Process Area
Role Independence
Process Capability
Process Management
Capability Maturity Model
SSE-CMM Architecture Description
Basic Model
Concluding Remarks
Questions and Exercises
Case Study
Risk Management for Information Systems Security
Risk Assessment
System Characterization
Threat Identification
Vulnerability Identification
Control Analysis
Likelihood Determination and Impact Analysis
Risk Determination
Control Recommendations and Results Documentation
Risk Mitigation
Control Categories
Risk Evaluation and Assessment
COBRA: Hybrid Model for Software Cost Estimation, Benchmarking, and Risk Assessment
The I2S2 Model
Three Levels of I2S2 Model
Six Components of I2S2 Model
Concluding Remarks
Questions and Exercises
Case Study
Informal Aspects of Information Systems Security
Security of Informal Systems in Organizations: An Introduction
The Concept of Pragmatics and IS Security
What Is Pragmatics?
Nature of IS Security at the Pragmatic Level
Informal Behavior
Concluding Remarks
Questions and Exercises
Case Study
Corporate Governance For is Security
What Is Corporate Governance?
Models of Corporate Governance: Civic Republicanism
An Opposing View: Liberalism
Enter the Corporation
The Science of Management: Enter the Professional Manager
Professional Managers as Trustees of Society
The New Power Elite: The Managerial Technocracy
Minding the Minders: Contractual Shareholder Model
Analysis of the Structure of American Corporations
Board of Directors
CEO and Executives
Corporate Governance for IS Security
Security Governance Principles
Constructing Information System Security Governance
Concluding Remarks
Questions and Exercises
Case Study
Culture and Information Systems Security
Security Culture
Silent Messages and IS Security
Security Culture Framework
OECD Principles for Security Culture
Concluding Remarks
Questions and Exercises
Case Study
Regulatory Aspects of Information Systems Security
Information Systems Security Standards
ISO 17799
ISO 17799 Framework
The Rainbow Series
International Harmonization
Common Criteria
Common Problems with CC
Other Miscellaneous Standards and Guidelines
RFC 2196 Site Security Handbook
ISO/IEC TR 13335 Guidelines for the Management of IT Security
Generally Accepted Information Security Principles (GAISP)
OECD Guidelines for the Security of Information Systems
Concluding Remarks
Questions and Exercises
Case Study
Legal Aspects of Information Systems Security
Computer Fraud and Abuse Act (CFAA)
Computer Security Act (CSA)
Health Insurance Portability and Accountability Act (HIPAA)
Compliance and Recommended Protection
HIPAA: Help or Hindrance?
USA Patriot Act
IT and the Act
Sarbanes-Oxley Act (SOX)
IT-Specific Issues
Federal Information Security Management Act (FISMA)
Concluding Remarks
Questions and Exercises
Case Study
Computer Forensics
The Basics
Types and Scope of Crimes
Lack of Uniform Law
What Is Computer Forensics?
Gathering Forensic Evidence
Formal Procedure for Gathering Data
Law Dictating Formal Procedure
Laws Governing Seizure of Evidence
Law Governing Analysis and Presentation of Evidence
Emergent Issues
International Arena
National Arena
Concluding Remarks
Questions and Exercises
Case Study 1
Case Study 2
Summary Principles for Information Systems Security
Principles for Technical Aspects of IS Security
Principles for Formal Aspects of IS Security
Principles for Informal Aspects of IS Security
Concluding Remarks
Case of a Computer Hack
Botnet: Anatomy of a Case
Cases in Computer Crime
IS Security at Southam Council
Security Management at the Tower
Computer Crime and the Demise of Barings Bank
Technology-Enabled Fraud and the Demise of Drexel Burnham Lambert
It Won't Part Your Hair: The INSLAW Affair
Taylor City Police Department Security Breach
Developing a Security Policy at M&M Procurement, Inc.