This book is part of the Information Systems Security & Assurance Series from Jones & Bartlett Learning (www.jblearning.com). Designed for courses and curriculums in IT Security, Cybersecurity, Information Assurance, and Information Systems Security, this series features a comprehensive, consistent treatment of the most current thinking and trends in this critical subject area. These titles deliver fundamental information-security principles packed with real-world applications and examples. Authored by Certified Information Systems Security Professionals (CISSPs), they deliver comprehensive information on all aspects of information security. Reviewed word for word by leading technical experts in the field, these books are not just current, but forward-thinking—putting you in the position to solve the cybersecurity challenges not just of today, but of tomorrow, as well.

The goal of Access Control, Authentication, and Public Key Infrastructure is to provide you with both academic knowledge and real-world understanding of the concepts behind access controls. These are tools you will use to secure valuable resources within your organization's IT infrastructure. The authors' goal was to provide you with a book that would teach important concepts first, and act as a useful reference later.

Access control goes beyond the simple username and password. This book approaches access control from a broad perspective, dealing with every aspect of access controls, from the very low-tech to the cutting edge.

Part 1 of this book defines the components of access control, provides a business framework for implementation, and discusses legal requirements that impact access control programs.

In Part 2, the risks, threats, and vulnerabilities that are prevalent in information systems and IT infrastructures are addressed with risk mitigation strategies and techniques. Access control systems and stringent authentication are presented as ways to mitigate risk.

Part 3 provides a resource for students and practitioners who are responsible for implementing, testing, and managing access control systems throughout the IT infrastructure. Use of public key infrastructures for large organizations and certificate authorities is presented to solve unique business challenges.

This book is more than just a list of different technologies and techniques. You will come away with an understanding of how and why to implement an access control system. You will know how to conduct an effective risk assessment prior to implementation, and how to test solutions throughout the life cycle of the system.

The writing style of this book is practical and conversational. Each chapter begins with a statement of learning objectives. Step-by-step examples of information security concepts and procedures are presented throughout the text. Illustrations are used both to clarify the material and to vary the presentation. The text is sprinkled with Notes, Tips, FYIs, Warnings, and sidebars to alert the reader to additional helpful information related to the subject under discussion. Chapter Assessments appear at the end of each chapter, with solutions provided in the back of the book.

Chapter summaries are included in the text to provide a rapid review or preview of the material and to help students understand the relative importance of the concepts presented.

The material is suitable for undergraduate or graduate computer science majors or information science majors, or students at a two-year technical college or community college who have a basic technical background, or readers who have a basic understanding of IT security and want to expand their knowledge.