Principles of Information Security 7th Edition by Michael Whitman, ISBN-13: 978-0357506431

Description

Principles of Information Security 7th Edition by Michael Whitman, ISBN-13: 978-0357506431

[PDF eBook eTextbook] – Available Instantly

• Publisher: ‎ Cengage Learning; 7th edition (June 27, 2021)
• Language: ‎ English
• 752 pages
• ISBN-10: ‎ 035750643X
• ISBN-13: ‎ 978-0357506431

Discover the latest trends, developments and technology in information security with Whitman/Mattord’s market-leading PRINCIPLES OF INFORMATION SECURITY, 7th Edition. Designed specifically to meet the needs of information systems students like you, this edition’s balanced focus addresses all aspects of information security, rather than simply offering a technical control perspective. This overview explores important terms and examines what is needed to manage an effective information security program. A new module details incident response and detection strategies. In addition, current, relevant updates highlight the latest practices in security operations as well as legislative issues, information management toolsets, digital forensics and the most recent policies and guidelines that correspond to federal and international standards.

Table of Contents:

Cover Page

Title Page

Copyright Page

Dedication

Preface

Acknowledgments

Foreword

Module 1. Introduction to Information Security

Introduction to Information Security

The 1960s

The 1970s and ’80s

The 1990s

2000 to Present

What Is Security?

Key Information Security Concepts

Critical Characteristics of Information

CNSS Security Model

Components of an Information System

Software

Hardware

Data

People

Procedures

Networks

Security and the Organization

Balancing Information Security and Access

Approaches to Information Security Implementation

Security Professionals

Data Responsibilities

Communities of Interest

Information Security: Is It an Art or a Science?

Security as Art

Security as Science

Security as a Social Science

Module Summary

Review Questions

Exercises

Module 2. The Need for Information Security

Introduction to the Need for Information Security

Business Needs First

Information Security Threats and Attacks

4.8 Billion Potential Hackers

Other Studies of Threats

Common Attack Pattern Enumeration and Classification (CAPEC)

The 12 Categories of Threats

Compromises to Intellectual Property

Deviations in Quality of Service

Espionage or Trespass

Forces of Nature

Human Error or Failure

Information Extortion

Sabotage or Vandalism

Software Attacks

Technical Hardware Failures or Errors

Technical Software Failures or Errors

Technological Obsolescence

Theft

Module Summary

Review Questions

Exercises

Module 3. Information Security Management

Introduction to the Management of Information Security

Planning

Policy

Programs

Protection

People

Projects

Information Security Planning and Governance

Information Security Leadership

Information Security Governance Outcomes

Planning Levels

Planning and the CISO

Information Security Policy, Standards, and Practices

Policy as the Foundation for Planning

Enterprise Information Security Policy

Issue-Specific Security Policy

Systems-Specific Security Policy (SysSP)

Developing and Implementing Effective Security Policy

Policy Management

Security Education, Training, and Awareness Program

Security Education

Security Training

Security Awareness

Information Security Blueprint, Models, and Frameworks

The ISO 27000 Series

NIST Security Models

Other Sources of Security Frameworks

Design of the Security Architecture

Module Summary

Review Questions

Exercises

Module 4. Risk Management

Introduction to Risk Management

Sun Tzu and the Art of Risk Management

The Risk Management Framework

The Roles of the Communities of Interest

The RM Policy

Framework Design

Defining the Organization’s Risk Tolerance and Risk Appetite

Framework Implementation

Framework Monitoring and Review

The Risk Management Process

RM Process Preparation—Establishing the Context

Risk Assessment: Risk Identification

Risk Assessment: Risk Analysis

Risk Evaluation

Risk Treatment/Risk Response

Risk Mitigation

Risk Transference

Risk Acceptance

Risk Termination

Process Communications, Monitoring, and Review

Mitigation and Risk

Managing Risk

Feasibility and Cost-Benefit Analysis

Alternative Risk Management Methodologies

The OCTAVE Methods

FAIR

ISO Standards for InfoSec Risk Management

NIST Risk Management Framework (RMF)

Selecting the Best Risk Management Model

Module Summary

Review Questions

Exercises

Module 5. Incident Response and Contingency Planning

Introduction to Incident Response and Contingency Planning

Fundamentals of Contingency Planning

Components of Contingency Planning

Business Impact Analysis

Contingency Planning Policies

Incident Response

Getting Started

Incident Response Policy

Incident Response Planning

Detecting Incidents

Reacting to Incidents

Recovering from Incidents

Digital Forensics

The Digital Forensics Team

Affidavits and Search Warrants

Digital Forensics Methodology

Evidentiary Procedures

Disaster Recovery

The Disaster Recovery Process

Disaster Recovery Policy

Disaster Classification

Planning to Recover

Responding to the Disaster

Business Continuity

Business Continuity Policy

Business Resumption

Continuity Strategies

Timing and Sequence of CP Elements

Crisis Management

Testing Contingency Plans

Final Thoughts on CP

Module Summary

Review Questions

Exercises

Module 6. Legal, Ethical, and Professional Issues in Information Security

Introduction to Law and Ethics in Information Security

Organizational Liability and the Need for Counsel

Policy Versus Law

Types of Law

Relevant U.S. Laws

General Computer Crime Laws

Privacy

Identity Theft

Export and Espionage Laws

U.S. Copyright Law

Financial Reporting

Freedom of Information Act of 1966

Payment Card Industry Data Security Standards (PCI DSS)

State and Local Regulations

International Laws and Legal Bodies

U.K. Computer Security Laws

Australian Computer Security Laws

Council of Europe Convention on Cybercrime

World Trade Organization and the Agreement on Trade-Related Aspects of Intellectual Property Rights

Digital Millennium Copyright Act

Ethics and Information Security

Ethical Differences Across Cultures

Ethics and Education

Deterring Unethical and Illegal Behavior

Codes of Ethics of Professional Organizations

Major IT and InfoSec Professional Organizations

Key U.S. Federal Agencies

Department of Homeland Security

U.S. Secret Service

Federal Bureau of Investigation (FBI)

National Security Agency (NSA)

Module Summary

Review Questions

Exercises

Module 7. Security and Personnel

Introduction to Security and Personnel

Positioning the Security Function

Staffing the Information Security Function

Qualifications and Requirements

Entry into the Information Security Profession

Information Security Positions

Credentials for Information Security Professionals

( ISC ) 2 Certifications

ISACA Certifications

SANS Certifications

EC-Council Certifications

CompTIA Certifications

Cloud Security Certifications

Certification Costs

Advice for Information Security Professionals

Employment Policies and Practices

Job Descriptions

Interviews

Background Checks

Employment Contracts

New Hire Orientation

On-the-Job Security Training

Evaluating Performance

Termination

Personnel Control Strategies

Privacy and the Security of Personnel Data

Security Considerations for Temporary Employees, Consultants, and Other Workers

Module Summary

Review Questions

Exercises

Module 8. Security Technology: Access Controls, Firewalls, and VPNs

Introduction to Access Controls

Access Control Mechanisms

Biometrics

Access Control Architecture Models

Firewall Technologies

Firewall Processing Modes

Firewall Architectures

Selecting the Right Firewall

Configuring and Managing Firewalls

Content Filters

Protecting Remote Connections

Remote Access

Virtual Private Networks (VPNs)

Final Thoughts on Remote Access and Access Controls

Deperimeterization

Remote Access in the Age of COVID-19

Module Summary

Review Questions

Exercises

Module 9. Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools

Introduction to Intrusion Detection and Prevention Systems

IDPS Terminology

Why Use an IDPS?

Types of IDPSs

IDPS Detection Methods

Log File Monitors

Security Information and Event Management (SIEM)

IDPS Response Behavior

Selecting IDPS Approaches and Products

Strengths and Limitations of IDPSs

Deployment and Implementation of an IDPS

Measuring the Effectiveness of IDPSs

Honeypots, Honeynets, and Padded Cell Systems

Trap-and-Trace Systems

Active Intrusion Prevention

Scanning and Analysis Tools

Port Scanners

Firewall Analysis Tools

Operating System Detection Tools

Vulnerability Scanners

Packet Sniffers

Wireless Security Tools

Module Summary

Review Questions

Exercises

Module 10. Cryptography

Introduction to Cryptography

The History of Cryptology

Key Cryptology Terms

Encryption Methods

Substitution Cipher

Transposition Cipher

Exclusive OR

Vernam Cipher

Book-Based Ciphers

Hash Functions

Cryptographic Algorithms

Symmetric Encryption

Asymmetric Encryption

Encryption Key Size

Cryptographic Tools

Public Key Infrastructure (PKI)

Digital Signatures

Digital Certificates

Hybrid Cryptography Systems

Steganography

Protocols for Secure Communications

Securing Internet Communication with HTTPS and SSL

Securing E-Mail with S/MIME, PEM, and PGP

Securing Web Transactions with SET, SSL, and HTTPS

Securing Wireless Networks with WPA and RSN

Securing TCP/IP with IPSec and PGP

Module Summary

Review Questions

Exercises

Module 11. Implementing Information Security

Introduction to Information Security Implementation

The Systems Development Life Cycle

Traditional Development Methods

Software Assurance

The NIST Approach to Securing the SDLC

Information Security Project Management

Developing the Project Plan

Project Planning Considerations

The Need for Project Management

Security Project Management Certifications

Technical Aspects of Implementation

Conversion Strategies

The Bull’s-Eye Model

To Outsource or Not

Technology Governance and Change Control

The Center for Internet Security’s Critical Security Controls

Nontechnical Aspects of Implementation

The Culture of Change Management

Considerations for Organizational Change

Module Summary

Review Questions

Exercises

Module 12. Information Security Maintenance

Introduction to Information Security Maintenance

Security Management Maintenance Models

NIST SP 800-100, “Information Security Handbook: A Guide for Managers”

The Security Maintenance Model

Monitoring the External Environment

Monitoring the Internal Environment

Planning and Risk Assessment

Vulnerability Assessment and Remediation

Readiness and Review

Physical Security

Physical Access Controls

Physical Security Controls

Fire Security and Safety

Failure of Supporting Utilities and Structural Collapse

Heating, Ventilation, and Air Conditioning

Power Management and Conditioning

Interception of Data

Securing Mobile and Portable Systems

Special Considerations for Physical Security

Module Summary

Review Questions

Exercises

Michael E. Whitman, Ph.D., C.I.S.M., C.I.S.S.P., is the executive director of the Institute for Cybersecurity Workforce Development and a professor of information security at Kennesaw State University. In 2004, 2007, 2012 and 2015, under Dr. Whitman’s direction, the Center for Information Security Education spearheaded K.S.U.’s successful bid for the prestigious National Center of Academic Excellence recognitions (CAE/IAE and CAE/CDE), awarded jointly by the Department of Homeland Security and the National Security Agency. Dr. Whitman is also the editor-in-chief of the Journal of Cybersecurity Education and Research and Practice and director of the Southeast Collegiate Cyber Defense Competition. Dr. Whitman is an active researcher and author in information security policy, threats, curriculum development and ethical computing. He currently teaches graduate and undergraduate courses in information security. Dr. Whitman has several information security textbooks currently in print, including “Principles of Information Security,” “Principles of Incident Response and Disaster Recovery,” “Management of Information Security,” “Readings and Cases in the Management of Information Security, Volumes I and II, “The Hands-On Information Security Lab Manual,” “The Guide to Network Security” and “The Guide to Firewalls and Network Security.” He has published articles in Information Systems Research, the Communications of the ACM, the Journal of International Business Studies, Information and Management and the Journal of Computer Information Systems. Dr. Whitman is a member of the Information Systems Security Association, ISACA and the Association for Information Systems. Previously, Dr. Whitman served the U.S. Army as an armored cavalry officer with additional duties as the automated data processing system security officer (ADPSSO).

Herbert Mattord, Ph.D., C.I.S.M., C.I.S.S.P., completed 24 years of IT industry experience as an application developer, database administrator, project manager and information security practitioner before joining the faculty at Kennesaw State University, where he serves as a professor of information security and assurance and cybersecurity. Dr. Mattord currently teaches graduate and undergraduate courses. He is also a senior editor of the Journal of Cybersecurity Education, Research and Practice. He and Dr. Michael Whitman have authored “Principles of Information Security,” “Principles of Incident Response and Disaster Recovery,” “Management of Information Security,” “Readings and Cases in the Management of Information Security,” “The Guide to Network Security” and “The Hands-On Information Security Lab Manual.” Dr. Mattord is an active researcher, author and consultant in information security management and related topics. He has published articles in the Information Resources Management Journal, Journal of Information Security Education, the Journal of Executive Education and the International Journal of Interdisciplinary Telecommunications and Networking. Dr. Mattord is a member of the Information Systems Security Association, ISACA and the Association for Information Systems. During his career as an IT practitioner, Dr. Mattord was an adjunct professor at Kennesaw State University, Southern Polytechnic State University, Austin Community College and Texas State University: San Marcos. He was formerly the manager of corporate information technology security at Georgia-Pacific Corporation, where he acquired much of the practical knowledge found in this and his other textbooks.

What makes us different?

• Instant Download

• Always Competitive Pricing

• 100% Privacy

• FREE Sample Available

• 24-7 LIVE Customer Support