Introduction to Information Security - Edition 1 - By Timothy Shimeall and Jonathan Spring Elsevier Inspection Copies

Purchase textbook

Introduction to Information Security,

Edition 1 A Strategic-Based Approach

By Timothy Shimeall and Jonathan Spring

Publication Date: 19 Nov 2013

Educator resources
Student resources

0 Reviews

Most introductory texts provide a technology-based survey of methods and techniques that leaves the reader without a clear understanding of the interrelationships between methods and techniques. By providing a strategy-based introduction, the reader is given a clear understanding of how to provide overlapping defenses for critical information. This understanding provides a basis for engineering and risk-management decisions in the defense of information.

Information security is a rapidly growing field, with a projected need for thousands of professionals within the next decade in the government sector alone. It is also a field that has changed in the last decade from a largely theory-based discipline to an experience-based discipline. This shift in the field has left several of the classic texts with a strongly dated feel.

Key Features

Provides a broad introduction to the methods and techniques in the field of information security
Offers a strategy-based view of these tools and techniques, facilitating selection of overlapping methods for in-depth defense of information
Provides very current view of the emerging standards of practice in information security

About the author

By Timothy Shimeall, Timothy J. Shimeall, Ph.D. in Information and Computer Science, adjunct professor at Carnegie Mellon. and Jonathan Spring, Software Engineering Institute, Carnegie Mellon University.

Acknowledgments

Legal Acknowledgments

Introduction

Approach of this Book

Classroom Use

Support Materials

Chapter 1. Motivation and Security Definitions

Information in this chapter

Introduction

Information Security and its Motivation

Terminology: Vulnerabilities of Software, Exploits, Malware, Intrusions, and Controls

Security Risk Management

How to use this Book

Summary

References

Chapter Review Questions

Chapter Exercises

Chapter 2. Strategies and Security

Information in this chapter

Introduction

Security Strategies

Attack Strategies

Defense Strategies

Security Controls

Summary

References

Chapter Review Questions

Chapter Exercises

Part 1: Deception

Chapter 3. Deception Strategies: Networks, Organization, and Structures

Information in this chapter

Introduction

How the Internet Works

Deception and Network Organization

Outsourcing

Application Hosting

Dynamic Addressing

Summary

Chapter Review Questions

Chapter Exercises

References

Chapter 4. Deception Strategies: Defensive Technologies

Information in this chapter

Introduction

Internet Protocols

Proxies and Gateways

Honeypots and Honeynets

Tarpits

Virtual Hosts

Summary

References

Chapter Review Questions

Chapter Exercises

Part 2: Frustration

Chapter 5. Frustration Strategies: Technical Controls

Information in this chapter

Introduction

Minimization Goals and Objectives

Asymmetry in Information Security

Host Hardening

Network Devices and Minimization

Network Architecture and Frustration

Summary

References

Chapter Review Questions

Chapter Exercises

Chapter 6. Frustration Strategies: Formal Verification

Information in this chapter

Introduction

Formal Models and Model Verification

Discretionary Models

Confidentiality Models

Integrity Models

Limits of Formal Models

Summary

References

Chapter Review Questions

Chapter Exercises

Part 3: Resistance

Chapter 7. Resistance Strategies: Authentication and Permissions

Information in this chapter

Introduction

Authentication and Permission Goals and Objectives

Authentication Methods

Authentication Systems

Permissions and Access Control

Attacks

Summary

References

Chapter Review Questions

Chapter Exercises

Chapter 8. Resistance Strategies: Symmetric Encryption

Information in this chapter

Introduction

Encryption Concepts

Symmetric Encryption

Asymmetric Encryption

Key Management and Distribution

Computer Identification

Steganography

Summary

References

Chapter Review Questions

Chapter Exercises

Chapter 9. Resistance Strategies: Partitioning and Need to Know

Information in this chapter

Introduction

Outsider and Insider Threat

Internal Security Partitions

Need to Know

Policy Management

Summary

References

Chapter Review Questions

Chapter Exercises

Chapter 10. Change Management

Information in this chapter

Introduction

Change Management Versus Configuration Management

Why Use Change and Configuration Management Systems

Change Management Process

Minor or Insignificant Change Process

Automation of the Change Process

Change Management and Security-Related Issues

Change Management and Software Control Issues

Change Management Documentation

Patch Management

Configuration Management System

Software Configuration Management

Network Configuration Management System

Configuration Management Database

Certification

Summary

References

Chapter Review Questions

Chapter Exercises

Part 4: Recognition/Recovery

Chapter 11. Network Analysis and Forensics

Information in this chapter

Introduction

Introduction to the OSI Model

Analysis for Managers

Flow-Level Analysis

Metadata Analysis

Application-Level Analysis

Signature Analysis

Full-Packet Capture

Network Forensics

Sensor Network Architecture

Summary

References

Chapter Review Questions

Chapter Exercises

Chapter 12. Recognition Strategies: Intrusion Detection and Prevention

Information in this chapter

Introduction

Why Intrusion Detection

Network Intrusion Detection Pitfalls

Modes of Intrusion Detection

Network Behavior Analyzers

Wireless IDPS

Network Intrusion Prevention Systems

Summary

References

Chapter Review Questions

Chapter Exercises

Chapter 13. Digital Forensics

Information in this chapter

Introduction

Uses of Digital Forensics

Forensic Fundamentals

Hashing

Technology

Onsite Collections

Final Report

Organizational Preparedness

Summary

References

Chapter Review Questions

Chapter Exercises

Chapter 14. Recognition Strategies: Integrity Detection

Information in this chapter

Introduction

Checksums

Cryptographic Integrity Detection

Rule-Based Integrity Checking

Content Comparisons

An Example: GPS

Summary

References

Chapter Review Questions

Chapter Exercises

Chapter 15. Recovery of Security

Information in this chapter

Introduction

Emergency Management

Recovery Priorities

Building a Response Policy

Recovery from Accidents: Continuity of Operations

Recovery from Malicious Events

Incident Handling

Incorporating Lessons Learned

Summary

References

Chapter Review Questions

Chapter Exercises

Chapter 16. Professional Certifications and Overall Conclusions

Information in this chapter

Introduction

Professional Certifications

Tying the Pieces Together

Where to Go from Here

References

Chapter Review Questions

Chapter Exercises

Index

ISBN: 9781597499699

Page Count: 382

Illustrations : 20 illustrations

Retail Price : £54.99

9780132390774; 9780321247445; 9780131547292

Access to teacher/student resources is available to registered users with approved inspection copies or confirmed adoptions. To review this material, please request an inspection copy.

Chapter questions.pdf
Further Reading.pdf
JPG
Lecture
PDF
PPT
Shimeall_Paper-Project_Ideas.pdf
Shimeall_PaperProject_Ideas.pdf
Solutions_Manual.pdf

Students in Intro to Security courses, Network and System Administrators, IT Professionals

Related Titles