Home Page Icon
Home Page
Table of Contents for
Title Page
Close
Title Page
by Eric Pierce, Alex Campoe, Manish Agrawal
Information Security and IT Risk Management
Cover Page
Wiley's Digital Advantage
Title Page
Copyright
Table of Contents
List of Figures
Preface
CHAPTER 1: Introduction
Overview
Professional utility of information security knowledge
Brief history
Definition of information security
SUMMARY
EXAMPLE CASE–WIKILEAKS, CABLEGATE, AND FREE REIGN OVER CLASSIFIED NETWORKS
REFERENCES
CHAPTER REVIEW QUESTIONS
EXAMPLE CASE QUESTIONS
HANDS-ON ACTIVITY–SOFTWARE INSPECTOR, STEGANOGRAPHY
CRITICAL THINKING EXERCISE: IDENTIFYING CIA AREA(S) AFFECTED BY SAMPLE REAL-LIFE HACKING INCIDENTS
DESIGN CASE
CHAPTER 2: System Administration (Part 1)
Overview
Introduction
What is system administration?
System administration and information security
Common system administration tasks
System administration utilities
SUMMARY
EXAMPLE CASE–T.J. MAXX
REFERENCES
CHAPTER REVIEW QUESTIONS
EXAMPLE CASE QUESTIONS
HANDS-ON ACTIVITY–LINUX SYSTEM INSTALLATION
CRITICAL THINKING EXERCISE–GOOGLE EXECUTIVES SENTENCED TO PRISON OVER VIDEO
REFERENCES
CRITICAL THINKING QUESTIONS
DESIGN CASE
SECURITY DESIGN CASE QUESTIONS
CHAPTER 3: System Administration (Part 2)
Overview
Operating system structure
The command-line interface
Files and directories
Moving around the filesystem–pwd, cd
Listing files and directories
Shell expansions
File management
Viewing files
Searching for files
Access control and user management
Access control lists
File ownership
Editing files
Software installation and updates
Account management
Command-line user administration
Example case–Northwest Florida State College
REFERENCES
SUMMARY
CHAPTER REVIEW QUESTIONS
EXAMPLE CASE QUESTIONS
HANDS-ON ACTIVITY–BASIC LINUX SYSTEM ADMINISTRATION
CRITICAL THINKING EXERCISE–OFFENSIVE CYBER EFFECTS OPERATIONS (OCEO)
REFERENCES
CRITICAL THINKING QUESTIONS
DESIGN CASE
CHAPTER 4: The Basic Information Security Model
Overview
Introduction
Components of the basic information security model
Common vulnerabilities, threats, and controls
Example case–ILOVEYOU virus
REFERENCES
SUMMARY
CHAPTER REVIEW QUESTIONS
EXAMPLE CASE QUESTIONS
HANDS-ON ACTIVITY–WEB SERVER SECURITY
QUESTIONS
CRITICAL THINKING EXERCISE–THE INTERNET, “AMERICAN VALUES,” AND SECURITY
CRITICAL THINKING QUESTIONS
DESIGN CASE
CHAPTER 5: Asset Identification and Characterization
Overview
Assets overview
Determining assets that are important to the organization
Asset types
Asset characterization
IT asset life cycle and asset identification
System profiling
Asset ownership and operational responsibilities
Example case–Stuxnet
REFERENCES
SUMMARY
CHAPTER REVIEW QUESTIONS
EXAMPLE CASE QUESTIONS
HANDS-ON ACTIVITY–COURSE ASSET IDENTIFICATION
CRITICAL THINKING EXERCISE–USES OF A HACKED PC
DESIGN CASE
DESIGN CASE QUESTIONS
CHAPTER 6: Threats and Vulnerabilities
Overview
Introduction
Threat models
Threat agent
Threat action
Vulnerabilities
Example case–Gozi
REFERENCES
SUMMARY
CHAPTER REVIEW QUESTIONS
EXAMPLE CASE QUESTIONS
HANDS-ON ACTIVITY–VULNERABILITY SCANNING
CRITICAL THINKING EXERCISE–IRAQ CYBERWAR PLANS IN 2003
REFERENCE
DESIGN CASE
CHAPTER 7: Encryption Controls
Overview
Introduction
Encryption basics
Encryption types overview
Encryption types details
Encryption in use
Example case–Nation technologies
SUMMARY
CHAPTER REVIEW QUESTIONS
EXAMPLE CASE QUESTIONS
HANDS-ON ACTIVITY–ENCRYPTION
CRITICAL THINKING EXERCISE–ENCRYPTION KEYS EMBED BUSINESS MODELS
REFERENCES
CRITICAL THINKING EXERCISE QUESTIONS
DESIGN CASE
CHAPTER 8: Identity and Access Management
Overview
Identity management
Access management
Authentication
Single sign-on
Federation
Example case–Markus Hess
REFERENCES
SUMMARY
CHAPTER REVIEW QUESTIONS
EXAMPLE CASE QUESTIONS
HANDS-ON ACTIVITY–IDENTITY MATCH AND MERGE
CRITICAL THINKING EXERCISE–FEUDALISM THE SECURITY SOLUTION FOR THE INTERNET?
REFERENCES
CRITICAL THINKING EXERCISE QUESTIONS
DESIGN CASE
CHAPTER 9: Hardware and Software Controls
Overview
Password management
Access control
Firewalls
Intrusion detection/prevention systems
Patch management for operating systems and applications
End-point protection
Example case–AirTight networks
REFERENCES
CHAPTER REVIEW QUESTIONS
EXAMPLE CASE QUESTIONS
HANDS-ON ACTIVITY–HOST-BASED IDS (OSSEC)
CRITICAL THINKING EXERCISE–EXTRA-HUMAN SECURITY CONTROLS
REFERENCES
CRITICAL THINKING EXERCISE QUESTIONS
DESIGN CASE
CHAPTER 10: Shell Scripting
Overview
Introduction
Output redirection
Text manipulation
Variables
Conditionals
User input
Loops
Putting it all together
Example case–Max Butler
REFERENCES
SUMMARY
CHAPTER REVIEW QUESTIONS
EXAMPLE CASE QUESTIONS
HANDS-ON ACTIVITY–BASIC SCRIPTING
CRITICAL THINKING EXERCISE–SCRIPT SECURITY
REFERENCE
SHELL SCRIPTING QUESTIONS
DESIGN CASE
CHAPTER 11: Incident Handling
Introduction
Incidents overview
Incident handling
The disaster
Example case–on-campus piracy
SUMMARY
CHAPTER REVIEW QUESTIONS
EXAMPLE CASE QUESTIONS
HANDS-ON ACTIVITY–INCIDENT TIMELINE USING OSSEC
QUESTIONS
CRITICAL THINKING EXERCISE–DESTRUCTION AT THE EDA
DESIGN CASE
CHAPTER 12: Incident Analysis
Introduction
Log analysis
Event criticality
General log configuration and maintenance
Live incident response
Timelines
Other forensics topics
Example case–backup server compromise
CHAPTER REVIEW QUESTIONS
EXAMPLE CASE QUESTIONS
HANDS-ON ACTIVITY–SERVER LOG ANALYSIS
CRITICAL THINKING EXERCISE–DESTRUCTION AT THE EDA (CONTD.)
DESIGN CASE
QUESTIONS
CHAPTER 13: Policies, Standards, and Guidelines
Introduction
Guiding principles
Writing a policy
Impact assessment and vetting
Policy review
Compliance
Key policy issues
Example case–HB Gary
REFERENCES
SUMMARY
REFERENCE
CHAPTER REVIEW QUESTIONS
EXAMPLE CASE QUESTIONS
HANDS-ON ACTIVITY–CREATE AN AUP
CRITICAL THINKING EXERCISE–AARON SWARTZ
REFERENCES
CRITICAL THINKING QUESTIONS
DESIGN CASE
CHAPTER 14: IT Risk Analysis and Risk Management
Overview
Introduction
Risk management as a component of organizational management
Risk-management framework
The NIST 800-39 framework
Risk assessment
Other risk-management frameworks
IT general controls for Sarbanes–Oxley compliance
Compliance versus risk management
Selling security
Example case–online marketplace purchases
REFERENCE
SUMMARY
CHAPTER REVIEW QUESTIONS
EXAMPLE CASE QUESTIONS
HANDS-ON ACTIVITY–RISK ASSESSMENT USING LSOF
QUESTIONS
CRITICAL THINKING EXERCISE–RISK ESTIMATION BIASES
REFERENCES
CRITICAL THINKING QUESTIONS
DESIGN CASE
APPENDIX A: Password List for the Linux Virtual Machine
Glossary
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Wiley's Digital Advantage
Next
Next Chapter
Copyright
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset