Название: Principles of Information Security, 7th Edition Автор: Michael E. Whitman, Herbert J. Mattord Издательство: Cengage Learning Год: 2022 Страниц: 562 Язык: английский Формат: pdf (true) Размер: 19.2 MB
Discover the latest trends, developments and technology in information security with Whitman/Mattord's market-leading PRINCIPLES OF INFORMATION SECURITY, 7th Edition. Designed specifically to meet the needs of information systems students like you, this edition's balanced focus addresses all aspects of information security, rather than simply offering a technical control perspective. This overview explores important terms and examines what is needed to manage an effective information security program. A new module details incident response and detection strategies. In addition, current, relevant updates highlight the latest practices in security operations as well as legislative issues, information management toolsets, digital forensics and the most recent policies and guidelines that correspond to federal and international standards. MindTap digital resources offer interactive content to further strength your success as a business decision-maker.
When attempting to secure current and planned systems and networks, organizations must draw on the current pool of information security and cybersecurity practitioners. However, to develop more secure computing environments in the future, these same organizations are counting on the next generation of professionals to have the correct mix of skills and experience to anticipate and manage the complex information security issues that will arise. Thus, improved texts with supporting materials, along with the efforts of college and university faculty, are needed to prepare students of technology to recognize the threats and vulnerabilities in existing systems and to learn to design and develop the secure systems needed.
The purpose of Principles of Information Security, Seventh Edition, is to continue to meet the need for a current, high-quality academic resource that surveys the full breadth of the information security and cybersecurity disciplines. Even today, there remains a lack of resources that provide students with a balanced introduction to the managerial and technical aspects of these fields. By specifically focusing our writing on the common body of knowledge, we hope to close this gap. Further, there is a clear need to include principles from criminal justice, political science, Computer Science, information systems, and other related disciplines to gain a clear understanding of information security and cybersecurity principles and formulate interdisciplinary solutions for system vulnerabilities. The essential tenet of this text is that information security and cybersecurity in the modern organization is a problem for management to solve, and not one that technology alone can address. In other words, an organization’s information security has important economic consequences for which management will be held accountable.
Module 8—Security Technology: Access Controls, Firewalls, and VPNs Module 8 provides a detailed overview of the configuration and use of technologies designed to segregate the organization’s systems from the insecure Internet. This module examines the various definitions and categorizations of firewall technologies and the architectures under which firewalls may be deployed. The module discusses the rules and guidelines associated with the proper configuration and use of firewalls. Module 8 also discusses remote dial-up services and the security precautions necessary to secure access points for organizations still deploying this older technology. The module continues by presenting content filtering capabilities and considerations, and concludes by examining technologies designed to provide remote access to authorized users through virtual private networks.
Module 9—Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools Module 9 continues the discussion of security technologies by examining the concept of intrusion and the technologies necessary to prevent, detect, react, and recover from intrusions. Specific types of intrusion detection and prevention systems (IDPSs)—the host IDPS, network IDPS, and application IDPS—and their respective configurations and uses are presented and discussed. The module examines specialized detection technologies that are designed to entice attackers into decoy systems (and thus away from critical systems) or simply to identify the attacker’s entry into these decoy areas. Such systems are known as honeypots, honeynets, and padded cell systems. The discussion also examines trace-back systems, which are designed to track down the true address of attackers who were lured into decoy systems. The module then examines key security tools that information security professionals can use to monitor the current state of their organization’s systems and identify potential vulnerabilities or weaknesses in the organization’s overall security posture. Module 9 concludes with a discussion of access control devices commonly deployed by modern operating systems and new technologies in the area of biometrics that can provide strong authentication to existing implementations.
Module 10—Cryptography Module 10 continues the study of security technologies by describing the underlying foundations of modern cryptosystems as well as their architectures and implementations. The module begins by summarizing the history of cryptography and discussing the various types of ciphers that played key roles in that history. The module also examines some of the mathematical techniques that comprise cryptosystems, including hash functions. The module then extends this discussion by comparing traditional symmetric encryption systems with more modern asymmetric encryption systems and examining the role of asymmetric systems as the foundation of public-key encryption systems. Also covered are the cryptography-based protocols used in secure communications, including HTTPS, S/MIME, and SET. The module then discusses steganography and its emerging role as an effective means of hiding information. The module concludes by revisiting attacks on information security that are specifically targeted at cryptosystems.
Скачать Principles of Information Security (MindTap Course List), 7th Edition