Information Security Fundamentals

Name: Information Security Fundamentals
Price: 6.95 USD
Availability: InStock
ISBN: 9780849319570

ISBN-10: 0849319579

ISBN-13: 9780849319570

Edition: 2005

Authors: Thomas R. Peltier

List price: $75.95

30 day, 100% satisfaction guarantee!

Buy used: $8.04

Marketplace

2 new & used from $6.95

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Description:

Information Security Fundamentals allows security professionals to gain a solid understanding of the foundations of the field and the entire range of issues that practitioners must address. This book enables you to understand the key elements that comprise a successful information security program and apply these concepts into your own efforts. The text examines the elements of computer security, employee roles and responsibilities, and common threats. It examines the need for management controls, policies and procedures, and risk analysis, and also presents a comprehensive list of tasks and objectives that make up a typical information protection program.

Book details

List price: $75.95
Copyright year: 2005
Publisher: Auerbach Publishers, Incorporated
Publication date: 10/28/2004
Binding: Hardcover
Pages: 280
Size: 6.00" wide x 9.25" long x 0.75" tall
Weight: 1.144
Language: English

Peltier has numerous years of field experience in corporate information security, and is a member of the Advisory Council of the Computer Security Institute (CSI).



Acknowledgments


Introduction



Overview



Elements of Information Protection



More Than Just Computer Security



Employee Mind-Set toward Controls



Roles and Responsibilities



Director, Design and Strategy



Common Threats



Policies and Procedures



Risk Management



Typical Information Protection Program



Summary



Threats to Information Security



What Is Information Security?



Common Threats



Errors and Omissions



Fraud and Theft



Malicious Hackers



Malicious Code



Denial-of-Service Attacks



Social Engineering



Common Types of Social Engineering



Summary



The Structure of an Information Security Program



Overview



Enterprisewide Security Program



Business Unit Responsibilities



Creation and Implementation of Policies and Standards



Compliance with Policies and Standards



Information Security Awareness Program



Frequency



Media



Information Security Program Infrastructure



Information Security Steering Committee



Assignment of Information Security Responsibilities



Senior Management



Information Security Management



Business Unit Managers



First Line Supervisors



Employees



Third Parties



Summary



Information Security Policies



Policy Is the Cornerstone



Why Implement an Information Security Policy



Corporate Policies



Organizationwide (Tier 1) Policies



Employment



Standards of Conduct



Conflict of Interest



Performance Management



Employee Discipline



Information Security



Corporate Communications



Workplace Security



Business Continuity Plans (BCPs)



Procurement and Contracts



Records Management



Asset Classification



Organizationwide Policy Document



Legal Requirements



Duty of Loyalty



Duty of Care



Federal Sentencing Guidelines for Criminal Convictions



The Economic Espionage Act of 1996



The Foreign Corrupt Practices Act (FCPA)



Sarbanes-Oxley (SOX) Act



Health Insurance Portability and Accountability Act (HIPAA)



Gramm-Leach-Bliley Act (GLBA)



Business Requirements



Definitions



Policy



Standards



Procedures



Guidelines



Policy Key Elements



Policy Format



Global (Tier 1) Policy



Topic



Scope



Responsibilities



Compliance or Consequences



Sample Information Security Global Policies



Topic-Specific (Tier 2) Policy



Thesis Statement



Relevance



Responsibilities



Compliance



Supplementary Information



Application-Specific (Tier 3) Policy



Summary



Asset Classification



Introduction



Overview



Why Classify Information?



What Is Information Classification?



Where to Begin?



Information Classification Category Examples



Example 1



Example 2



Example 3



Example 4



Resist the Urge to Add Categories



What Constitutes Confidential Information



Copyright



Employee Responsibilities



Owner



Information Owner



Custodian



User



Classification Examples



Classification: Example 1



Classification: Example 2



Classification: Example 3



Classification: Example 4



Declassification or Reclassification of Information



Records Management Policy



Sample Records Management Policy



Information Handling Standards Matrix



Printed Material



Electronically Stored Information



Electronically Transmitted Information



Record Management Retention Schedule



Information Classification Methodology



Authorization for Access



Owner



Custodian



User



Summary



Access Control



Business Requirements for Access Control



Access Control Policy



User Access Management



Account Authorization



Access Privilege Management



Account Authentication Management



System and Network Access Control



Network Access and Security Components



System Standards



Remote Access



Operating System Access Controls



Operating Systems Standards



Change Control Management



Monitoring System Access



Event Logging



Monitoring Standards



Intrusion Detection Systems



Cryptography



Definitions



Public Key and Private Key



Block Mode, Cipher Block, and Stream Ciphers



Cryptanalysis



Sample Access Control Policy



Summary



Physical Security



Data Center Requirements



Physical Access Controls



Assets to be Protected



Potential Threats



Attitude toward Risk



Sample Controls



Fire Prevention and Detection



Fire Prevention



Fire Detection



Fire Fighting



Verified Disposal of Documents



Collection of Documents



Document Destruction Options



Choosing Services



Agreements



Duress Alarms



Intrusion Detection Systems



Purpose



Planning



Elements



Procedures



Sample Physical Security Policy



Summary



Risk Analysis and Risk Management



Introduction



Frequently Asked Questions on Risk Analysis



Why Conduct a Risk Analysis?



When to Conduct a Risk Analysis?



Who Should Conduct the Risk Analysis?



How Long Should a Risk Analysis Take?



What a Risk Analysis Analyzes



What Can the Results of a Risk Analysis Tell an Organization?



Who Should Review the Results of a Risk Analysis?



How Is the Success of the Risk Analysis Measured?



Information Security Life Cycle



Risk Analysis Process



Asset Definition



Threat Identification



Determine Probability of Occurrence



Determine the Impact of the Threat



Controls Recommended



Documentation



Risk Mitigation



Control Categories



Cost/Benefit Analysis



Summary



Business Continuity Planning



Overview



Business Continuity Planning Policy



Policy Statement



Scope



Responsibilities



Compliance



Conducting a Business Impact Analysis (BIA)



Identify Sponsor(s)



Scope



Information Meeting



Information Gathering



Questionnaire Design



Scheduling the Interviews



Conducting Interviews



Tabulating the Information



Presenting the Results



Preventive Controls



Recovery Strategies



Hot Site, Cold Site, Warm Site, Mobile Site



Key Considerations



People



Communications



Computing Equipment



Facilities



Plan Construction, Testing, and Maintenance



Plan Construction



Crisis Management Plan



Plan Distribution



Plan Testing



Line Testing



Walk-through Testing



Single Process Testing



Full Testing



Plan Testing Summary



Plan Maintenance



Sample Business Continuity Plan Policy



Summary


Glossary


Bibliography


Index