Purpose of This Book

This book is part of the Information Systems Security & Assurance Series from Jones & Bartlett Learning (www.jblearning.com). Designed for courses and curricula in IT Security, Cybersecurity, Information Assurance, and Information Systems Security, this series features a comprehensive, consistent treatment of the most current thinking and trends in this critical subject area. These titles deliver fundamental information-security principles packed with real-world applications and examples. Authored by Certified Information Systems Security Professionals (CISSPs), they deliver comprehensive information on all aspects of information security. Reviewed word for word by leading technical experts in the field, these books are not just current, but forward-thinking—putting you in the position to solve the cybersecurity challenges not just of today, but of tomorrow, as well.

The goal of Access Control and Identity Management, Third Edition, is to provide you with both academic knowledge and real-world understanding of the concepts behind access controls. These are tools you will use to secure valuable resources within your organization’s IT infrastructure. The authors’ goal was to provide you with a book that would teach important concepts first and act as a useful reference later.

Access control goes beyond the simple username and password. This book approaches access control from a broad perspective, dealing with every aspect of access controls, from the very low-tech to the cutting edge.

Part 1 of this book defines the components of access control, provides a business framework for implementation, describes the impact of human nature and organizational behavior on access control systems, and discusses the risk assessment process.

Part 2 focuses on implementing access control systems in enterprise environments. It includes a discussion of mapping business challenges to access control types, the technical details of implementing access controls, and a review of access control issues specific to physical security and teleworking.

Part 3 provides a resource for students and practitioners who are responsible for implementing, testing, and managing access control systems throughout the IT infrastructure. Use of public key infrastructures for large organizations and certificate authorities is presented to solve unique business challenges. This part also includes a review of the legal issues surrounding access control and a discussion of security breaches.

The book is more than just a list of different technologies and techniques. You will come away with an understanding of how and why to implement an access control system. You will know how to conduct an effective risk assessment prior to implementation and how to test solutions throughout the life cycle of the system.

Learning Features

The writing style of this book is practical and conversational. Each chapter begins with a statement of learning objectives. Step-by-step examples of information security concepts and procedures are presented throughout the text. Illustrations are used both to clarify the material and to vary the presentation. The text is sprinkled with Notes, Tips, FYIs, Warnings, and sidebars to alert the reader to additional helpful information related to the subject under discussion. Chapter assessments appear at the end of each chapter, with solutions provided in the back of the book.

Chapter summaries are included in the text to provide a rapid review or preview of the material and to help students understand the relative importance of the concepts presented.

Audience

The material is suitable for undergraduate or graduate computer science majors or information science majors, or students at a 2-year technical college or community college who have a basic technical background, or readers who have a basic understanding of IT security and want to expand their knowledge.

New to This Edition

The third edition of this book reorganizes the content to better fit modern discussions of access control systems. It also includes technology updates to bring the content in line with current best practices. The book includes more detailed discussions of the government certification process for access control systems and the technologies used to provide assurance in government computing environments. This third edition includes updates on wireless technology and the use of NIST Special Publication 800-48 to implement wireless security standards.

Cloud Labs

This text is accompanied by Cybersecurity Cloud Labs. These hands-on virtual labs provide immersive mock IT infrastructures where students can learn and practice foundational cybersecurity skills as an extension of the lessons in this textbook. For more information or to purchase the labs, visit go.jblearning.com/chapple3e.