A compilation of the fundamental knowledge, skills, techniques, and tools require by all security professionals, Information Security Handbook, Sixth Edition sets the standard on which all IT security programs and certifications are based. Considered the gold-standard reference of Information Security, Volume 2 includes coverage of each domain of the Common Body of Knowledge, the standard of knowledge required by IT security professionals worldwide.
Information security does not guarantee the safety of your organization or your information or your computer systems. Information security cannot, in and of itself, provide protection for your information. That being said, information security is also not a black art. There is no sorcery to implementing proper information security and the concepts that are included in information security are not rocket science. In many ways, information security is a mindset. It is a mindset of examining the threats and vulnerabilities of your organization and managing them appropriately.
Overview, threats to information security, the structure of an information security program, information security policies, asset classification,... Invite you to consult the text book "Information security fundamentals". Hopefully, the books contents are useful references for you.
The Handbook of research on information security and assurance offers comprehensive definitions and explanations on topics such as firewalls, information warfare, encryption standards, and social and ethical concerns in enterprise security. Edited by scholars in information science, this reference provides tools to combat the growing risk associated with technology.
Lecture Security + Guide to Network Security Fundamentals - Chapter 1 include objectives: Identify the challenges for information security, define information security, explain the importance of information security, list and define information security terminology, describe the CompTIA Security+ certification exam, describe information security careers.
After studying this chapter, you should be able to: Explain how information security affects information systems reliability; describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security.
Authentication And Threats and Attacks to information security, polices and laws includes about Definition, Some basic authentication methods, Authentication Protocols, Kerberos-An security protocols in the real world.
Module 6 - Network and information security and privacy. In the Information Age, information is an asset to be protected and policymakers need to know what information security is and how to take action against information leakage and infringement. This module provides an overview of the need for information security, information security issues and trends, and the process of formulating an information security strategy.
This book takes you through the basics of NetFlow analysis for information security purposes, including details on what NetFlow is, how it works, who is on the network doing what, and how you can enable it to yield actionable security intelligence. It also provides insight for how to address specific security risks with NetFlow analysis.
(BQ) The book examines the elements of computer security, employee roles and responsibilities, and common threats. It discusses the legal requirements that impact security policies, including Sarbanes-Oxley, HIPAA, and the Gramm-Leach-Bliley Act. Detailing physical security requirements and controls, this updated edition offers a sample physical security policy and includes a complete list of tasks and objectives that make up an effective information protection program.
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.
Information Security Policy - A Development Guide for Large and Small Companies
A security policy should fulfill many purposes.
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest.
“If the Internet were a city street, I would not travel it in daylight,” laments a chief information
security officer for a prestigious university.
The Internet is critical infrastructure at the world’s commerce. Cybercrime is escalating; once the
domain of hackers and script kiddies, cyber-gangs and organized criminal organizations have discovered
the business opportunities for extortion, embezzlement, and fraud that now surpasses
income from illegal drug trafficking.
Security Attack: Any action that compromises the security of information.
Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.
Copyright 2005 by CRC Press, LLC. All Rights Reserved.
.OTHER INFORMATION SECURITY BOOKS FROM AUERBACH
Asset Protection and Security Management Handbook POA Publishing ISBN: 0-8493-1603-0 Building a Global Information Assurance Program Raymond J. Curts and Douglas E. Campbell ISBN: 0-8493-1368-6 Building an Information Security Awareness Program Mark B. Desman ISBN: 0-8493-0116-5 Critical Incident Management Alan B.
Malware: software designed to infiltrate or
damage a computer system without the
owner's informed consent
Spyware: software designed to intercept
or take partial control over the user's
interaction with the computer, without the
user's informed consent
secretly monitors the user's behavior
collect various types of personal information
Lecture Security + Guide to Network Security Fundamentals - Chapter 3 include objectives: Identify who is responsible for information security, describe security principles, use effective authentication methods, control access to computer systems, uudit information security schemes.
Lecture Security + Guide to Network Security Fundamentals - Chapter 13 include objectives: Define computer forensics, respond to a computer forensics incident, harden security through new solutions, list information security jobs and skills.
The content in chapter 1: Understanding information security, understanding the goals of information security, comprehending the security process, authentication issues to consider, distinguishing between security topologies.
Chapter 11 - Information security and computer fraud. After reading this chapter, you should be able to: Describe the risks related to information security and systems integrity, understand the concepts of encryption and authentication, describe computer fraud and misuse of AIS and corresponding risk-mitigation techniques, define vulnerabilities, and explain how to manage and assess vulnerabilities.