Book description
PART OF THE JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES
Series meets all standards put forth by CNSS 4011 & 4013A!
Access control protects resources against unauthorized viewing, tampering, or destruction. They serve as a primary means of ensuring privacy, confidentiality, and prevention of unauthorized disclosure. Revised and updated with the latest data from this fast paced field, Access Control, Authentication, and Public Key Infrastructure defines the components of access control, provides a business framework for implementation, and discusses legal requirements that impact access control programs. It looks at the risks, threats, and vulnerabilities prevalent in information systems and IT infrastructures and how to handle them. It provides a student and professional resource that details how to put access control systems to work as well as testing and managing them.
New to the Second Edition:
Updated references to Windows 8 and Outlook 2011
A new discussion of recent Chinese hacking incidence
Examples depicting the risks associated with a missing unencrypted laptop containing private data.
New sections on the Communications Assistance for Law Enforcement Act (CALEA) and granting Windows folder permissions are added.
New information on the Identity Theft Enforcement and Restitution Act and the Digital Millennium Copyright Act (DMCA).
Table of contents
- Cover
- Title Page
- Copyright
- Contents
- Preface
- Acknowledgments
- About the author
- Dedication
-
Part One The Need for Information Security
- Chapter 1 Access Control Framework
- Chapter 2 Assessing Risk and Its Impact on Access Control
- Chapter 3 Business Drivers for Access Controls
-
Chapter 4 Access Control Policies, Standards, Procedures, and Guidelines
-
U.S. Compliance Laws and Regulations
- Gramm-Leach-Bliley Act (GLBA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Sarbanes-Oxley (SOX) Act
- Family Educational Rights and Privacy Act (FERPA)
- Communications Assistance for Law Enforcement Act (CALEA)
- Children’s Internet Protection Act (CIPA)
- 21 CFR Part 11
- North American Electric Reliability Council (NERC)
- Homeland Security Presidential Directive 12 (HSPD 12)
- Access Control Security Policy Best Practices
- IT Security Policy Framework
- Examples of Access Control Policies, Standards Procedures, and Guidelines
- Chapter Summary
- Key Concepts and Terms
- Chapter 4 Assessment
- Endnote
-
U.S. Compliance Laws and Regulations
- Chapter 5 Security Breaches and the Law
-
Part Two Mitigating Risk with Access Control Systems, Authentication, and PKI
- Chapter 6 Mapping Business Challenges to Access Control Types
-
Chapter 7 Human Nature and Organizational Behavior
- The Human Element
- Organizational Structure and Access Control Strategy
- Job Rotation and Position Sensitivity
- Requirement for Periodic Vacation
- Separation of Duties
- Responsibilities of Access Owners
- Training Employees
- Ethics
- Best Practices for Handling Human Nature and Organizational Behavior
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 7 Assessment
-
Chapter 8 Access Control for Information Systems
- Access Control for Data
- Access Control for File Systems
- Access Control for Executables
- Microsoft Windows Workstations and Servers
- UNIX and Linux
- Supervisory Control and Data Acquisition (SCADA) and Process Control Systems
- Best Practices for Access Controls for Information Systems
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 8 Assessment
- Chapter 9 Physical Security and Access Control
-
Chapter 10 Access Control in the Enterprise
- Access Control Lists (ACLs) and Access Control Entries (ACEs)
- Access Control Models
- Authentication Factors
- Kerberos
- Network Access Control
- Wireless IEEE 802.11 LANs
- Single Sign-On (SSO)
- Best Practices for Handling Access Controls in an Enterprise Organization
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 10 Assessment
-
Part Three Implementing, Testing, and Managing Access Control Systems
-
Chapter 11 Access Control System Implementations
- Transforming Access Control Policies and Standards into Procedures and Guidelines
- Identity Management and Access Control
- Size and Distribution of Staff and Assets
- Multilayered Access Control Implementations
-
Access Controls for Employees, Remote Employees, Customers, and Business Partners
- Remote Virtual Private Network (VPN) Access—Remote Employees and Workers
- Intranets—Internal Business Operations and Communications
- Extranets—External Supply Chains, Business Partners, Distributors, and Resellers
- Secure E-commerce Portals with Encryption
- Secure Online Banking Access Control Implementations
- Logon/Password Access
- Identification Imaging and Authorization
- Best Practices for Access Control Implementations
- Case Studies and Examples
- Chapter 11 Summary
- Key Concepts and Terms
- Chapter 11 Assessment
-
Chapter 12 Access Control Solutions for Remote Workers
- Growth in Mobile Work Force
- Remote Access Methods and Techniques
- Access Protocols to Minimize Risk
- Remote Authentication Protocols
- Virtual Private Networks (VPNs)
- Web Authentication
- Best Practices for Remote Access Controls to Support Remote Workers
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 12 Assessment
-
Chapter 13 Public Key Infrastructure and Encryption
- Public Key Infrastructure (PKI)
- Ensuring Integrity, Confidentiality, Authentication, and Non-Repudiation
- What PKI Is and What It Is Not
- What Are the Potential Risks Associated with PKI?
- Implementations of Business Cryptography
- Certificate Authorities (CA)
- Best Practices for PKI Use Within Large Enterprises and Organizations
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 13 Assessment
-
Chapter 14 Testing Access Control Systems
- Purpose of Testing Access Control Systems
- Software Development Life Cycle and the Need for Testing Software
- Security Development Life Cycle and the Need for Testing Security Systems
- Information Security Activities
- Performing the Access Control System Penetration Test
- Preparing the Final Test Report
- Chapter Summary
- Key Concepts and Terms
- Chapter 14 Assessment
-
Chapter 15 Access Control Assurance
- What Is Information Assurance?
- How Can Information Assurance Be Applied to Access Control Systems?
- What Are the Goals of Access Control System Monitoring and Reporting?
- What Checks and Balances Can Be Implemented?
- Audit Trail and Audit Log Management and Parsing
- Audit Trail and Audit Log Reporting Issues and Concerns
- Security Information and Event Management (SIEM)
- Best Practices for Performing Ongoing Access Control System Assurance
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 15 Assessment
-
Chapter 11 Access Control System Implementations
- Appendix A Answer Key
- Appendix B Standard Acronyms
- Glossary of Key Terms
- References
- Index
Product information
- Title: Access Control, Authentication, and Public Key Infrastructure, 2nd Edition
- Author(s):
- Release date: July 2013
- Publisher(s): Jones & Bartlett Learning
- ISBN: 9781284031607
You might also like
book
Access Control, Authentication, and Public Key Infrastructure
PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES! Access control …
book
Securing Network Infrastructure
Plug the gaps in your network's infrastructure with resilient network security models Key Features Develop a …
book
Securing the Perimeter: Deploying Identity and Access Management with Free Open Source Software
Leverage existing free open source software to build an identity and access management (IAM) platform that …
book
Network and Data Security for Non-Engineers
Learn network and data security by analyzing the Anthem breach and step-by-step how hackers gain entry, …