Purpose of This Book

This book is part of the Information Systems Security & Assurance Series from Jones & Bartlett Learning (www.jblearning.com). Designed for courses and curriculums in Information Technology (IT) Security, Cybersecurity, Information Assurance, and Information Systems Security, this series features a comprehensive, consistent treatment of the most current thinking and trends in this critical subject area. These titles deliver fundamental information-security principles packed with real-world applications and examples. Authored by Certified Information Systems Security Professionals (CISSPs), they deliver comprehensive information on all aspects of information security. Reviewed word for word by leading technical experts in the field, these books are not just current, but forward-thinking—putting you in the position to solve the cybersecurity challenges not just of today, but of tomorrow as well.

This book discusses information security, privacy, and the law. Information security is the practice of protecting information to ensure the goals of confidentiality, integrity, and availability. Information security makes sure that accurate information is available to authorized individuals when it is needed. Governments, private organizations, and individuals all use information security to protect information. Sometimes these organizations do a very good job of protecting information. Sometimes they do not.

When governments, private organizations, and individuals do a poor job of protecting the information entrusted to them, legislatures respond with new laws that require a more structured approach to information security. The U.S. federal government has enacted several laws that focus on protecting different types of information. This third edition takes into account the changing legal and regulatory landscape, and growth in privacy concerns, since this book was first published. Finding out which law applies to a particular situation, or type of data, or how best to think about privacy issues related to specific situations or data, is often confusing.

This book tries to help eliminate that confusion. Part One of the book discusses common concepts in information security, privacy, and the law. These concepts are used throughout the book. Part Two discusses the federal and state laws and legal concepts that affect how governments and organizations think about information security. This part uses laws and case studies to help explain these concepts. A quick-reference list of the federal laws and cases that are discussed in the book is included at the end of the book. Finally, Part Three focuses on how to create an information security program that addresses the laws and compliance requirements discussed throughout the book.

Learning Features

The writing style of this book is practical and conversational. Step-by-step examples of information security concepts and procedures are presented throughout the text. Each chapter begins with a statement of learning objectives. Illustrations are used both to clarify the material and to vary the presentation. The text is sprinkled with Notes, Tips, FYIs, Warnings, and Sidebars to alert the reader to additional and helpful information related to the subject under discussion. Chapter Assessments appear at the end of each chapter, with solutions provided in the back of the book.

Chapter summaries are included in the text to provide a rapid review or preview of the material and to help students understand the relative importance of the concepts presented.

Audience

The material is suitable for undergraduate or graduate computer science majors or information science majors, students at a 2-year technical college or community college who have a basic technical background, or readers who have a basic understanding of IT security and want to expand their knowledge.

New to This Edition

The text has been updated to address major legal developments since 2015 impacting the practice of information security and privacy, including revised case examples and references to illustrate concepts explained in the text. It has also updated endnotes and references for students who wish to learn more about concepts explained in the book.

Theory Labs

This text is accompanied by Cybersecurity Theory Labs. These hands-on labs provide guided exercises and case studies where students can learn and practice foundational cybersecurity skills as an extension of the lessons in this textbook. For more information or to purchase the labs, visit go.jblearning.com/grama3e.