Book description
Revised and updated with the latest data in the field, Fundamentals of Information Systems Security, Third Edition provides a comprehensive overview of the essential concepts readers must know as they pursue careers in information systems security. The text opens with a discussion of the new risks, threats, and vulnerabilities associated with the transition to a digital world. Part 2 presents a high level overview of the Security+ Exam and provides students with information as they move toward this certification.
Table of contents
- Cover Page
- Title Page
- Copyright Page
- Dedication
- Contents
- Preface
- Acknowledgments
- The Authors
-
PART I The Need for Information Security
- CHAPTER 1 Information Systems Security
-
CHAPTER 2 The Internet of Things Is Changing How We Live
- Evolution of the Internet of Things
- Converting to a TCP/IP World
- IoT’s Impact on Human and Business Life
- Evolution from Bricks and Mortar to E-Commerce
- Why Businesses Must Have an Internet and IoT Marketing Strategy
- IP Mobility
- Mobile Applications
- New Challenges Created by the IoT
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 2 ASSESSMENT
-
CHAPTER 3 Malicious Attacks, Threats, and Vulnerabilities
- Malicious Activity on the Rise
- What Are You Trying to Protect?
- Whom Are You Trying to Catch?
- Attack Tools
- What Is a Security Breach?
- What Are Risks, Threats, and Vulnerabilities?
- What Is a Malicious Attack?
- What Is Malicious Software?
- What Are Common Types of Attacks?
- What Is a Countermeasure?
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 3 ASSESSMENT
-
CHAPTER 4 The Drivers of the Information Security Business
- Defining Risk Management
- Implementing a BIA, a BCP, and a DRP
- Assessing Risks, Threats, and Vulnerabilities
- Closing the Information Security Gap
- Adhering to Compliance Laws
- Keeping Private Data Confidential
- Mobile Workers and Use of Personally Owned Devices
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 4 ASSESSMENT
-
PART II Securing Today’s Information Systems
-
CHAPTER 5 Access Controls
- Four-Part Access Control
- Two Types of Access Controls
- Authorization Policies
- Methods and Guidelines for Identification
- Processes and Requirements for Authentication
- Policies and Procedures for Accountability
- Formal Models of Access Control
- Effects of Breaches in Access Control
- Threats to Access Controls
- Effects of Access Control Violations
- Credential and Permissions Management
- Centralized and Decentralized Access Control
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 5 ASSESSMENT
-
CHAPTER 6 Security Operations and Administration
- Security Administration
- Compliance
- Professional Ethics
- The Infrastructure for an IT Security Policy
- Data Classification Standards
- Configuration Management
- The Change Management Process
- Application Software Security
- Software Development and Security
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 6 ASSESSMENT
-
CHAPTER 7 Auditing, Testing, and Monitoring
- Security Auditing and Analysis
- Defining Your Audit Plan
- Auditing Benchmarks
- Audit Data Collection Methods
- Post-Audit Activities
- Security Monitoring
- Types of Log Information to Capture
- How to Verify Security Controls
- Monitoring and Testing Security Systems
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 7 ASSESSMENT
- CHAPTER 8 Risk, Response, and Recovery
-
CHAPTER 9 Cryptography
- What Is Cryptography?
- Business and Security Requirements for Cryptography
- Cryptographic Principles, Concepts, and Terminology
- Types of Ciphers
- Symmetric and Asymmetric Key Cryptography
- Keys, Keyspace, and Key Management
- Digital Signatures and Hash Functions
- Cryptographic Applications and Uses in Information System Security
- Principles of Certificates and Key Management
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 9 ASSESSMENT
- CHAPTER 10 Networks and Telecommunications
-
CHAPTER 11 Malicious Code and Activity
- Characteristics, Architecture, and Operations of Malicious Software
- The Main Types of Malware
- A Brief History of Malicious Code Threats
- Threats to Business Organizations
- Anatomy of an Attack
- Attack Prevention Tools and Techniques
- Intrusion Detection Tools and Techniques
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 11 ASSESSMENT
-
CHAPTER 5 Access Controls
-
PART III Information Security Standards, Education, Certifications, and Laws
-
CHAPTER 12 Information Security Standards
-
Standards Organizations
- National Institute of Standards and Technology
- International Organization for Standardization
- International Electrotechnical Commission
- World Wide Web Consortium
- Internet Engineering Task Force
- Institute of Electrical and Electronics Engineers
- International Telecommunication Union Telecommunication Sector
- American National Standards Institute
- European Telecommunications Standards Institute Cyber Security Technical Committee
- ISO 17799(Withdrawn)
- Payment Card Industry Data Security Standard
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 12 ASSESSMENT
-
Standards Organizations
- CHAPTER 13 Information Systems Security Education and Training
-
CHAPTER 14 Information Security Professional Certifications
- U.S. Department of Defense/Military Directive 8570.01
-
Vendor-Neutral Professional Certifications
- International Information Systems Security Certification Consortium, Inc.
- SSCP®
- CISSP®
- CAP®
- CSSLP®
- CCFP®
- HCISPP®
- CCSP®
- Additional (ISC)2 Professional Certifications
- Global Information Assurance Certification/SANS Institute
- Certified Internet Webmaster
- CompTIA
- ISACA®
- Other Information Systems Security Certifications
- Vendor-Specific Professional Certifications
- Juniper Networks
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 14 ASSESSMENT
-
CHAPTER 15 U.S. Compliance Laws
- Compliance Is the Law
- Federal Information Security
- The Health Insurance Portability and Accountability Act
- The Gramm-Leach-Bliley Act
- The Sarbanes-Oxley Act
- The Family Educational Rights and Privacy Act
- The Children’s Internet Protection Act
- Payment Card Industry Data Security Standard
- Making Sense of Laws for Information Security Compliance
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 15 ASSESSMENT
- ENDNOTES
- APPENDIX A Answer Key
- APPENDIX B Standard Acronyms
- APPENDIX C Earning the CompTIA Security+ Certification
-
CHAPTER 12 Information Security Standards
- Glossary of Key Terms
- References
- Index
Product information
- Title: Fundamentals of Information Systems Security, 3rd Edition
- Author(s):
- Release date: October 2016
- Publisher(s): Jones & Bartlett Learning
- ISBN: 9781284116465
You might also like
book
Fundamentals of Information Systems Security, 4th Edition
Fundamentals of Information Systems Security, Fourth Edition provides a comprehensive overview of the essential concepts readers …
book
ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, 10th Edition
CISSP Study Guide - fully updated for the 2024 CISSP Body of Knowledge ISC2 Certified Information …
audiobook
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide 9th Edition
(ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated …
book
Principles of Computer Security: CompTIA Security+ and Beyond, Fifth Edition, 5th Edition
Fully updated computer security essentials—quality approved by CompTIA Learn IT security fundamentals while getting complete coverage …