ebook img

Principles of Information Security PDF

722 Pages·2014·14.831 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Principles of Information Security

Principles of Information Security Fifth Edition Michael E. Whitman, Ph.D., CISM, CISSP Herbert J. Mattord, Ph.D., CISM, CISSP Kennesaw State University Australia(cid:129)Brazil(cid:129)Mexico(cid:129)Singapore(cid:129)UnitedKingdom(cid:129)UnitedStates Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. This is an electronic version of the print textbook. Due to electronic rights restrictions, some third party content may be suppressed. Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. The publisher reserves the right to remove content from this title at any time if subsequent rights restrictions require it. For valuable information on pricing, previous editions, changes to current editions, and alternate formats, please visit www.cengage.com/highered to search by ISBN#, author, title, or keyword for materials in your areas of interest. Important Notice: Media content referenced within the product description or the product text may not be available in the eBook version. Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. PrinciplesofInformationSecurity, ©2016,2012CengageLearning FifthEdition WCN: 02-200-203 MichaelE.Whitmanand HerbertJ.Mattord ALLRIGHTSRESERVED.Nopartofthisworkcoveredbythe copyrighthereinmaybereproduced,transmitted,stored,orusedin SVP,GMSkills&GlobalProductManagement: anyformorbyanymeans—graphic,electronic,ormechanical, DawnGerrain includingbutnotlimitedtophotocopying,recording,scanning, ProductDevelopmentManager:LeighHefferon digitizing,taping,Webdistribution,informationnetworks,or SeniorContentDeveloper:NataliePashoukos informationstorageandretrievalsystems,exceptaspermittedunder DevelopmentEditor:DanSeiter Section107or108ofthe1976UnitedStatesCopyrightAct—without thepriorwrittenpermissionofthepublisher. ProductAssistant:ScottFinger VicePresident,MarketingServices: Forproductinformationandtechnologyassistance,contactusat JenniferAnnBaker CengageLearningCustomer&SalesSupport,1-800-354-9706 SeniorMarketingManager:EricLaScola Forpermissiontousematerialfromthistextorproduct,submitall SeniorProductionDirector:WendyTroeger requestsonlineatwww.cengage.com/permissions. ProductionDirector:PattyStephan Furtherpermissionquestionscanbee-mailedto [email protected] SeniorContentProjectManager: BrookeGreenhouse LibraryofCongressControlNumber:2014944986 ManagingArtDirector:JackPendleton ISBN:978-1-2854-4836-7 SoftwareDevelopmentManager:PavanEthakota Coverimage(s):©iStockphoto.com/Vertigo3d CengageLearning 20ChannelCenterStreet Boston,MA02210 USA CengageLearningisaleadingproviderofcustomizedlearning solutionswithofficelocationsaroundtheglobe,includingSingapore, theUnitedKingdom,Australia,Mexico,Brazil,andJapan.Locateyour localofficeat:www.cengage.com/global. CengageLearningproductsarerepresentedinCanadaby NelsonEducation,Ltd. TolearnmoreaboutCengageLearning,visitwww.cengage.com Purchaseanyofourproductsatyourlocalcollegestoreoratour preferredonlinestorewww.cengagebrain.com. NoticetotheReader Publisherdoesnotwarrantorguaranteeanyoftheproductsdescribedhereinorperformanyindependentanalysisinconnectionwithanyoftheproduct informationcontainedherein.Publisherdoesnotassume,andexpresslydisclaims,anyobligationtoobtainandincludeinformationotherthanthatprovided toitbythemanufacturer.Thereaderisexpresslywarnedtoconsiderandadoptallsafetyprecautionsthatmightbeindicatedbytheactivitiesdescribed hereinandtoavoidallpotentialhazards.Byfollowingtheinstructionscontainedherein,thereaderwillinglyassumesallrisksinconnectionwithsuch instructions.Thepublishermakesnorepresentationsorwarrantiesofanykind,includingbutnotlimitedto,thewarrantiesoffitnessforparticularpurposeor merchantability,norareanysuchrepresentationsimpliedwithrespecttothematerialsetforthherein,andthepublishertakesnoresponsibilitywithrespect tosuchmaterial.Thepublishershallnotbeliableforanyspecial,consequential,orexemplarydamagesresulting,inwholeorpart,fromthereaders’useof, orrelianceupon,thismaterial. Printed in the United States of America Print Number: 01 Print Year: 2014 Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. To Rhonda, Rachel, Alex, and Meghan, thank you for your loving support. —MEW To my granddaughter Ellie; the future is yours. —HJM Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Brief Table of Contents PREFACE. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... xvii CHAPTER 1 Introductionto Information Security ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... .. 1 CHAPTER 2 TheNeedforSecurity . ... .. ... .. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... . 45 CHAPTER 3 Legal,Ethical, andProfessionalIssuesinInformation Security.. ... ... .. ... ... .. ... ... .. ... 109 CHAPTER 4 PlanningforSecurity .. ... .. ... .. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... 153 CHAPTER 5 RiskManagement . ... ... .. ... .. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... 229 CHAPTER 6 SecurityTechnology:FirewallsandVPNs... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... 297 CHAPTER 7 SecurityTechnology:Intrusion DetectionandPreventionSystems,andOther SecurityTools.. ... 355 CHAPTER 8 Cryptography... .. ... ... .. ... .. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... 417 CHAPTER 9 PhysicalSecurity. .. ... ... .. ... .. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... 467 CHAPTER 10 ImplementingInformation Security . ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... 505 CHAPTER 11 SecurityandPersonnel. ... .. ... .. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... 547 CHAPTER 12 InformationSecurityMaintenance.. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... 591 GLOSSARY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 657 INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677 v Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Table of Contents PREFACE. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... xvii CHAPTER1 Introductionto Information Security ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... .. 1 Introduction......................................................................... 3 TheHistoryofInformationSecurity ....................................................... 3 The1960s....................................................................... 4 The1970sand80s................................................................. 5 The1990s....................................................................... 9 2000toPresent ................................................................... 9 WhatIsSecurity?.................................................................... 10 KeyInformationSecurityConcepts .................................................... 11 CriticalCharacteristicsofInformation.................................................. 14 CNSSSecurityModel................................................................. 17 ComponentsofanInformationSystem..................................................... 19 Software ....................................................................... 19 Hardware ...................................................................... 20 Data.......................................................................... 20 People......................................................................... 20 Procedures...................................................................... 21 Networks ...................................................................... 21 BalancingInformationSecurityandAccess.................................................. 21 ApproachestoInformationSecurityImplementation........................................... 22 SecurityintheSystemsLifeCycle ........................................................ 23 TheSystemsDevelopmentLifeCycle................................................... 24 TheSecuritySystemsDevelopmentLifeCycle............................................. 27 SoftwareAssurance—SecurityintheSDLC............................................... 28 SoftwareDesignPrinciples .......................................................... 30 TheNISTApproachtoSecuringtheSDLC............................................... 31 SecurityProfessionalsandtheOrganization................................................. 34 SeniorManagement............................................................... 35 InformationSecurityProjectTeam..................................................... 36 DataResponsibilities .............................................................. 37 CommunitiesofInterest ............................................................... 37 InformationSecurityManagementandProfessionals........................................ 37 InformationTechnologyManagementandProfessionals..................................... 38 OrganizationalManagementandProfessionals............................................ 38 InformationSecurity:IsItanArtoraScience?............................................... 38 SecurityasArt................................................................... 38 SecurityasScience ................................................................ 39 SecurityasaSocialScience.......................................................... 39 SelectedReadings.................................................................... 39 ChapterSummary ................................................................... 40 ReviewQuestions.................................................................... 40 Exercises.......................................................................... 41 CaseExercises...................................................................... 42 Endnotes.......................................................................... 42 vii Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. viii TableofContents CHAPTER2 TheNeedforSecurity ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... .. ... ... .. ... .. 45 Introduction........................................................................ 47 BusinessNeedsFirst............................................................... 47 ThreatsandAttacks.................................................................. 49 2.5BillionPotentialHackers......................................................... 49 OtherStudiesofThreats............................................................ 50 CommonAttackPatternEnumerationandClassification(CAPEC).............................. 52 The12CategoriesofThreats ........................................................ 52 CompromisestoIntellectualProperty...................................................... 52 SoftwarePiracy .................................................................. 53 CopyrightProtectionandUserRegistration .............................................. 53 DeviationsinQualityofService.......................................................... 56 InternetServiceIssues.............................................................. 56 CommunicationsandOtherServiceProviderIssues......................................... 57 PowerIrregularities ............................................................... 57 EspionageorTrespass ................................................................ 58 Hackers........................................................................ 59 HackerVariants.................................................................. 64 PasswordAttacks................................................................. 66 ForcesofNature .................................................................... 68 Fire........................................................................... 69 Floods......................................................................... 69 Earthquakes..................................................................... 69 Lightning....................................................................... 69 LandslidesorMudslides............................................................ 69 TornadosorSevereWindstorms ...................................................... 69 Hurricanes,Typhoons,andTropicalDepressions .......................................... 70 Tsunamis....................................................................... 70 ElectrostaticDischarge ............................................................. 70 DustContamination............................................................... 70 HumanErrororFailure............................................................... 71 SocialEngineering ................................................................ 72 InformationExtortion................................................................. 76 SabotageorVandalism................................................................ 77 OnlineActivism.................................................................. 78 SoftwareAttacks .................................................................... 80 Malware....................................................................... 80 BackDoors..................................................................... 87 Denial-of-Service(DoS)andDistributedDenial-of-Service(DDoS)Attacks ........................ 88 E-mailAttacks................................................................... 89 CommunicationsInterceptionAttacks .................................................. 90 TechnicalHardwareFailuresorErrors .................................................... 92 TheIntelPentiumCPUFailure ....................................................... 92 MeanTimeBetweenFailure ......................................................... 93 TechnicalSoftwareFailuresorErrors ..................................................... 93 TheOWASPTop10 .............................................................. 93 TheDeadlySinsinSoftwareSecurity................................................... 94 TechnologicalObsolescence ............................................................ 99 Theft............................................................................ 101 SelectedReadings................................................................... 101 Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.