ebook img

Information security fundamentals PDF

424 Pages·2017·4.822 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Information security fundamentals

Information Technology / Security & Auditing P e Developing an information security program that adheres to the principle of security l Information Security t as a business enabler must be the first step in an enterprise’s effort to build an effective i e security program. Following in the footsteps of its bestselling predecessor, Information r Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range FUNDAMENTALS of issues they will experience in the field. The book examines the elements of computer security, employee roles and responsibilities, and common threats. It discusses the legal requirements that impact FI security policies, including Sarbanes-Oxley, HIPAA, and the Gramm-Leach-Bliley n Act. Detailing physical security requirements and controls, this updated edition offers a U f sample physical security policy and includes a complete list of tasks and objectives that o Second Edition make up an effective information protection program. N r • Includes ten new chapters Dm • Broadens its coverage of regulations to include FISMA, PCI compliance, Aa and foreign requirements t Mi • Expands its coverage of compliance and governance issues o • Adds discussions of ISO 27001, ITIL, COSO, COBIT, and other frameworks n E • Presents new information on mobile security issues S N • Reorganizes the contents around ISO 27002 e Tc The book discusses organization-wide policies, their documentation, and legal and Au business requirements. It explains policy format with a focus on global, topic-specific, r and application-specific policies. Following a review of asset classification, it explores L i access control, the components of physical security, and the foundations and processes t S y of risk analysis and risk management. The text concludes by describing business continuity planning, preventive controls, recovery strategies, and how to conduct a business impact analysis. Each chapter in the book has been written by a different expert to ensure you gain the comprehensive understanding of what it takes to develop an effective information security program. ES de ic to i on K10531 nd 6000 Broken Sound Parkway, NW Suite 300, Boca Raton, FL 33487 ISBN: 978-1-4398-1062-0 711 Third Avenue 90000 New York, NY 10017 an informa business Thomas R. Peltier 2 Park Square, Milton Park www.crcpress.com Abingdon, Oxon OX14 4RN, UK 9 781439 810620 www.auerbach-publications.com K10531 cvr mech.indd 1 8/27/13 2:01 PM Information Security FUNDAMENTALS Second Edition Information Security FUNDAMENTALS Second Edition Thomas R. Peltier CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2014 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Version Date: 20130626 International Standard Book Number-13: 978-1-4398-1063-7 (eBook - PDF) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmit- ted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright. com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com To the souls that left us too early: Justin Peltier, Gene Schultz, and Brad Smith. They were always eager to try new things first— I know they will make our next meeting a joyous occasion. Contents Acknowledgments ..........................................................................................ix Introduction ...................................................................................................xi Information Security Fundamentals ...........................................................xiii Editor ..........................................................................................................xxv Contributors ..............................................................................................xxvii 1 Developing Policies ................................................................................1 THOMAS R. PELTIER 2 Organization of Information Security .................................................17 PATRICK D. HOWARD 3 Cryptology ...........................................................................................37 MARIA DAILEY 4 Risk Management: The Facilitated Risk Analysis and Assessment Process ..................................................................................................59 THOMAS R. PELTIER 5 Building and Maintaining an Effective Security Awareness Program ..............................................................................................109 JOHN G. O’LEARY 6 Physical Security ................................................................................147 JOHN A. BLACKLEY 7 Disaster Recovery and Business Continuity Planning .......................161 KEVIN McLAUGHLIN 8 Continuity of Operations Planning ...................................................169 JEFFERY SAUNTRY vii viii  ◾  Contents 9 Access Controls...................................................................................219 KIMBERLY LOGAN 10 Information System Development, Acquisition, and Maintenance ....239 QUINN R. SHAMBLIN 11 Information Security Incident Management ......................................273 BRAD SMITH 12 Asset Classification .............................................................................297 THOMAS R. PELTIER AND WILLIAM TOMPKINS 13 Threats to Information Security .........................................................327 JUSTIN PELTIER 14 Information Security Policies: A Practitioner’s View .........................349 CHARLES JOHNSON Glossary.......................................................................................................357 Appendix A: Facilitated Risk Analysis and Assessment Process (FRAAP) ....369 Appendix B: Business Impact Analysis .......................................................383 KEVIN McLAUGHLIN Acknowledgments This book is the combined effort of many industry professionals. This group includes John Blackley, Maria Dailey, Pat Howard, Charles Johnson, Kimberly Logan, Kevin McLaughlin, John O’Leary, Justin Peltier, Tom Peltier, Jeff Sauntry, Quinn Shamblin, Brad Smith, and William Tompkins. For more than a decade, SecureWorld has expanded and improved the concept of affordable regional security conferences. By ensuring knowledgeable speakers and quality educational and training programs, the security professional is able to stay current and cultivate contacts to help provide a means to get questions answered and problems solved. Mike O’Gara, Kerry Nelson, and the entire SecureWorld team are serving the industry well. No one has all the answers to any question, so the really “smart” person culti- vates good friends. Being in the information security business for nearly 40 years, I have had the great good fortune of having a number of such friends and fellow professionals. This group of longtime sources of great information includes John and Jane O’Leary, Lisa Bryson, Mike Corby, Terri Curran, Peter Stephenson, Merrill Lynch, Bob Cartwright, Pat Howard, Cheryl Jackson, Becky Herold, Ray Kaplan, Anne Terwilliger, David Lynas, John Sherwood, Herve Schmidt, Antonio and Pietro Ruvolo, Wayne Sumida, Dean Feldpausch, and William H. Murray. My working buddies also need to be acknowledged. My son Justin was the greatest asset any father and information security team could ever hope for. Over the years, we logged thousands of air miles together and touched five continents. Every day I learned something new from him. I miss him greatly each and every day. The other working buddy is John Blackley, a strange Scotsman who makes my life more fun and interesting. I’ve worked with John since 1985 and have marveled at how well he takes obtuse concepts and condenses them so that even management types can understand. ix

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.