Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by Michael Workman
Information Security Management, 2nd Edition
Cover
Title Page
Copyright Page
Dedication Page
Contents
Preface
Acknowledgments
About the Author
CHAPTER 1 Introduction to Information and Cybersecurity
1.1 Introduction to Information and Cybersecurity
1.2 The Study of Information and Cybersecurity
1.2.1 Concentrating on the Discipline
1.2.2 Research and Practice in Cybersecurity
1.3 Information and Cybersecurity
1.3.1 Technology and Humans-in-the-Loop
1.3.2 Information and Cybersecurity Basic Concepts
1.4 Information and Cybersecurity Topics
1.4.1 Key Information and Cybersecurity Concepts
CHAPTER SUMMARY
IMPORTANT TERMS
THINK ABOUT IT
REFERENCES
CHAPTER 2 Information Security Departments and Roles
2.1 Software Engineering and Development
2.1.1 DevOps and Software Development Life Cycle
2.1.2 DevSecOps
2.1.3 Information Security Management Life Cycle
2.1.4 The SDLC and Information Security
2.1.5 Planning: Failures Are a Rule, Not an Exception
2.2 Life-Cycle Processes
2.2.1 Life-Cycle Planning Stages
2.2.2 Life-Cycle Design and Implementation Stages
2.3 Operations
2.3.1 NOC/TOC
2.3.2 Monitoring Infrastructure with IDS
2.3.3 Maintaining Operational Capabilities
2.4 Compliance/Governance
2.4.1 Compliance and Professional Cybersecurity Training
2.4.2 Compliance and Behavioral Governance
2.4.3 Compliance Auditing of Systems and Networks
2.4.4 Compliance and Data Centers
2.5 Cybersecurity Incidents
2.5.1 Handling Inevitable Incidents
2.5.2 Reporting Security Incidents
2.5.3 Collecting and Preserving Evidence
2.5.4 Cyberstalking and Harassment Incidents
CHAPTER SUMMARY
IMPORTANT TERMS
THINK ABOUT IT
REFERENCES
CHAPTER 3 Actors and Practices
3.1 Getting to Know Your Adversary
3.1.1 The Insider Threat
3.1.2 Hacktivist
3.1.3 State-Sponsored Actor
3.2 Attack Surface
3.2.1 Network Security Zones
3.2.2 Zero Trust Networks
3.3 Some Cybersecurity Attacks and Countermeasures
3.3.1 DDoS (Distributed Denial of Service)
3.3.2 Phishing, Vishing, and Smishing
3.3.3 Cryptojacking
3.3.4 Ransomware
3.3.5 Backdoors
3.4 Some Specific Attack Scenarios
3.4.1 ICMP Tunnel Attacks
3.4.2 ICMP Permutation Attacks
3.4.3 Network Packet, Frame, or Octet Attacks
3.4.4 DNS Hijacking
CHAPTER SUMMARY
IMPORTANT TERMS
THINK ABOUT IT
REFERENCES
CHAPTER 4 Corporations: Laws, Regulations, and Policies
4.1 Business Law and Regulations
4.1.1 Accountability, Responsibility, and Law
4.1.2 Intellectual Property
4.2 Organizational Power Structures
4.2.1 The Management Discipline
4.2.2 Management Initiatives and Security
4.2.3 Information Security Management
4.2.4 Organizational Structure, Principals, and Agency
4.2.5 Delegation of Responsibilities and Power
4.2.6 Fiduciary Responsibilities
4.2.7 Ethics and Ethical Behavior
4.3 Law and Enforceable Security Policies
4.3.1 Enforced and Enforceable Security Policies
4.3.2 Policies and Controls
CHAPTER SUMMARY
IMPORTANT TERMS
THINK ABOUT IT
REFERENCES
CHAPTER 5 Information Security Management
5.1 Managing Information Security
5.1.1 ISML and Strategy
5.1.2 ISML and Governance Frameworks
5.2 Technology Management and Governance
5.2.1 Governance and Security Programs
5.2.2 Enacting Security Programs
5.3 Control Frameworks
5.3.1 ITIL / ITSM
5.3.2 COBIT
5.3.3 ISO 27K IT Security Control Selection
5.3.4 NIST 800-53
CHAPTER SUMMARY
IMPORTANT TERMS
THINK ABOUT IT
REFERENCES
CHAPTER 6 Assessing Threats and Vulnerabilities
6.1 Threat Classifications and Infrastructure
6.1.1 Internet of Things (IoT)
6.1.2 Cloud Computing
6.1.3 Servers and Host Computers
6.1.4 Networking
6.1.5 Programming Languages and Resource Files
6.1.6 RDF and Ontology Markup
6.1.7 Active Semantic Systems
6.1.8 Agent Frameworks and Semantic Fusion
6.2 Threats and Vulnerabilities
6.2.1 Mobility and Threats
6.2.2 Interconnectivity and Insecurity
6.2.3 Security Countermeasures and Unintended Consequences
6.3 Broad Attack Classifications and Examples
6.3.1 Information System Attack Examples
6.3.2 Giving Attackers Information
CHAPTER SUMMARY
IMPORTANT TERMS
THINK ABOUT IT
REFERENCES
CHAPTER 7 Risk Assessments and Risk Management
7.1 Assessing Risks
7.1.1 Identifying and Classifying Security Risks
7.1.2 Cybersecurity Response and Governance
7.2 Risks and Management
7.2.1 Risks and Countermeasures
7.2.2 Hoping for the Best, Planning for the Worst
7.3 Risk Assessment Overview
7.3.1 Risk Mitigation
7.3.2 Cybersecurity Hygiene
7.4 Risk Determination Frameworks
7.4.1 Risk Determination and Management Frameworks
7.4.2 OCTAVE
7.4.3 NIST 800-30
7.4.4 Using the Frameworks for Implementing Plans
CHAPTER SUMMARY
IMPORTANT TERMS
THINK ABOUT IT
REFERENCES
CHAPTER 8 Computer Architecture and Security Models
8.1 Security Models versus Policies
8.1.1 Computer Architecture and Systems Security
8.1.2 Security Models and Systems Architecture
8.1.3 Security Models and Computer Architecture
8.2 Security Models and Countermeasures
8.2.1 Security Models, Clark–Wilson Example
8.2.2 Security Models and Stances
8.2.3 Countermeasures and Security Models
8.3 Extending Security with Defense-In-Depth
8.3.1 Trusted Computing Base (TCB) and Common Criteria
8.3.2 Evaluation and Certification
8.3.3 Computer Security Controls
8.3.4 Threats to Computer Security
8.4 Computer Security and Hardening Systems
8.4.1 Ensuring a Trusted Configuration
8.4.2 Password Protections
8.4.3 User Authentication
8.5 Biometrics
8.5.1 Biometric Uses
8.5.2 Biometric Security Process and Information Protection
8.5.3 Biometrics and Errors
8.5.4 Biometric Errors and Technology
8.5.5 Biometrics in Computer Security
8.6 Secure Software Development and DevSecOps
8.6.1 Secure Systems Development and Implementation
8.6.2 Computer Security and Configuration Management
CHAPTER SUMMARY
IMPORTANT TERMS
THINK ABOUT IT
REFERENCES
CHAPTER 9 Security Policies and Managing Behaviors
9.1 Security and Policies
9.1.1 Security Policies and Employment Law
9.1.2 Security Policies and Corrective Action
9.2 Monitoring and Security Policies
9.2.1 Monitoring as a Policy
9.2.2 Information Collection and Storage
9.2.3 Monitoring and Organizational Justice
9.2.4 Surveillance and Trust
9.2.5 Virtual Work, Security, and Privacy
9.3 Managing Security Behaviors
9.3.1 Organizational Behavior
9.3.2 Behavior Modification
9.3.3 Organizational Security Behaviors
9.3.4 Management of Omission Behaviors
9.4 Contravention Behaviors, Theory, and Research
9.4.1 Attacker Motivation, Personality, and Behavior Theory
9.4.2 Entertainment and Status
9.4.3 Ideology and Social Acceptance
9.4.4 Neuroticism, Impulse, and Exploitation
9.5 Management of Contravention Behaviors
9.5.1 Responding to the Outside Attacker
9.5.2 Responding to the Inside Attacker
9.5.3 Ethics and Employee Attitudes Toward the Law
CHAPTER SUMMARY
IMPORTANT TERMS
THINK ABOUT IT
REFERENCES
CHAPTER 10 Cryptography
10.1 Cryptography Essentials
10.1.1 Cryptographic Concepts
10.1.2 Generating a Simple Cipher Code
10.1.3 Breaking a Simple Cipher Code
10.1.4 Ciphertext Dissection and “S” Boxes
10.1.5 Cryptography and Security Goals
10.2 Symmetric Cryptography
10.2.1 Symmetric Ciphers and Keys
10.2.2 Substitution, Transposition, and Permutation
10.2.3 Modern Symmetric Ciphers
10.2.4 Key Issues with Symmetric Cryptography
10.3 Asymmetric Cryptography
10.3.1 Private Keys and Asymmetric Cryptography
10.3.2 Beyond Encrypting Messages
10.3.3 Key Distribution and PKI
10.3.4 Public Key Algorithms: RSA as an Example
10.4 Cryptographic Uses
10.4.1 IPSec Implementation
10.4.2 SSL/TLS
10.4.3 Virtual Private Networks (VPN)
CHAPTER SUMMARY
IMPORTANT TERMS
THINK ABOUT IT
REFERENCES
CHAPTER 11 Network Security, Firewalls, IDS, and SeCM
11.1 Firewall Systems
11.1.1 Stateless Screening Filters
11.1.2 Stateful Packet Inspection
11.1.3 Circuit Gateway Firewalls
11.1.4 Application-Layer Firewall
11.1.5 Bastion Hosts
11.2 Firewall Architecture
11.2.1 Belt and Braces Architecture
11.2.2 Screened Subnet Architecture
11.2.3 Ontology Based Architecture
11.3 Cybermonitoring and Scanning Systems
11.3.1 IDS Detection Methods
11.3.2 IDSs and IPSs
11.3.3 Code and Application Scanning
11.4 Information and Cybersecurity Management
11.4.1 SeCM and CM
11.4.2 CM and Computer Security Procedures and Frameworks
11.4.3 Security Management Planning—System Level
11.4.4 Configuring to a Secure State
11.4.5 Managed Enterprises
11.4.6 Managed Legacy Systems
11.4.7 Extended Guidelines
11.4.8 Center for Internet Security Benchmarks
11.4.9 Maintaining the Secure State
11.4.10 Conducting a Security Impact Analysis
11.4.11 Certification and Accreditation
CHAPTER SUMMARY
IMPORTANT TERMS
THINK ABOUT IT
REFERENCES
CHAPTER 12 Information Security Horizons
12.1 Cybersecurity Analytics and Machine Learning
12.1.1 Machine Learning and Models
12.1.2 Machine Learning and Natural Language Processing
12.1.3 Traffic Analysis
12.2 Game Theory and Predictive Models
12.2.1 Inductive Predictions
12.2.2 Deductive Predictions
12.2.3 Game Theory and Attack Modeling
12.3 Reasoning and Inference
12.3.1 Reasoning Systems
12.3.2 Ontology and Epistemology
12.3.3 Inference and the Ontological to Epistemic Transformation
12.4 Heuristics and AI Decision Systems
12.4.1 Reasoning: Discrete versus Equivocal Problems
12.4.2 Synthetic Heuristics
12.4.3 Issues with Synthetic Heuristic Systems
12.4.4 Combining Techniques
12.5 Heuristic Biases and Security Planning
12.5.1 AI Decisions, Naïve Theories, and Biases
12.5.2 Interactions of Biases and Framing Effects
12.5.3 Biases, Framing Effects, and Security Decisions
12.6 Biologically Inspired Security and Adaptive Systems
12.6.1 Self-Healing Adaptive Systems
12.6.2 Damage and Danger
12.6.3 Trusted Security Kernels
12.6.4 Social Systems
12.6.5 Social Systems and Security Adaptation
12.6.6 Collective Agency, Availability, and Integrity
12.7 Sociobiologically Inspired Systems—A Final Case
12.7.1 Novelty as Potential Danger
12.7.2 Sociobiological Behavior as Goal-Directed Behavior
12.7.3 Adaptive Synthetic Systems
12.7.4 Challenges for Ad Hoc Networks and Adaptive Systems
CHAPTER SUMMARY
IMPORTANT TERMS
THINK ABOUT IT
REFERENCES
Appendix: Think About IT Answers
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Title Page
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset