Table Of Content

fifth edition P r i n c i P l e s o f i n f o r m a t i o n s e c u r i t y To register or access your online learning solution or purchase materials for your course, visit www.cengagebrain.com. Whitman mattord 48367_cvr_ptg01_hires.indd 1 16/10/14 7:37 PM Principles of Information Security Fifth Edition Michael E. Whitman, Ph.D., CISM, CISSP Herbert J. Mattord, Ph.D., CISM, CISSP Kennesaw State University Australia(cid:129)Brazil(cid:129)Mexico(cid:129)Singapore(cid:129)UnitedKingdom(cid:129)UnitedStates PrinciplesofInformationSecurity, ©2016,2012CengageLearning FifthEdition WCN:01-100-101 MichaelE.Whitmanand HerbertJ.Mattord ALLRIGHTSRESERVED.Nopartofthisworkcoveredbythe copyrighthereinmaybereproduced,transmitted,stored,orusedin SVP,GMSkills&GlobalProductManagement: anyformorbyanymeans—graphic,electronic,ormechanical, DawnGerrain includingbutnotlimitedtophotocopying,recording,scanning, ProductDevelopmentManager:LeighHefferon digitizing,taping,Webdistribution,informationnetworks,or SeniorContentDeveloper:NataliePashoukos informationstorageandretrievalsystems,exceptaspermittedunder DevelopmentEditor:DanSeiter Section107or108ofthe1976UnitedStatesCopyrightAct—without thepriorwrittenpermissionofthepublisher. ProductAssistant:ScottFinger VicePresident,MarketingServices: Forproductinformationandtechnologyassistance,contactusat JenniferAnnBaker CengageLearningCustomer&SalesSupport,1-800-354-9706 SeniorMarketingManager:EricLaScola Forpermissiontousematerialfromthistextorproduct,submitall SeniorProductionDirector:WendyTroeger requestsonlineatwww.cengage.com/permissions. ProductionDirector:PattyStephan Furtherpermissionquestionscanbee-mailedto [email protected] SeniorContentProjectManager: BrookeGreenhouse LibraryofCongressControlNumber:2014944986 ManagingArtDirector:JackPendleton ISBN:978-1-2854-4836-7 SoftwareDevelopmentManager:PavanEthakota Coverimage(s):©iStockphoto.com/Vertigo3d CengageLearning 20ChannelCenterStreet Boston,MA02210 USA CengageLearningisaleadingproviderofcustomizedlearning solutionswithofficelocationsaroundtheglobe,includingSingapore, theUnitedKingdom,Australia,Mexico,Brazil,andJapan.Locateyour localofficeat:www.cengage.com/global. CengageLearningproductsarerepresentedinCanadaby NelsonEducation,Ltd. TolearnmoreaboutCengageLearning,visitwww.cengage.com Purchaseanyofourproductsatyourlocalcollegestoreoratour preferredonlinestorewww.cengagebrain.com. NoticetotheReader Publisherdoesnotwarrantorguaranteeanyoftheproductsdescribedhereinorperformanyindependentanalysisinconnectionwithanyoftheproduct informationcontainedherein.Publisherdoesnotassume,andexpresslydisclaims,anyobligationtoobtainandincludeinformationotherthanthatprovided toitbythemanufacturer.Thereaderisexpresslywarnedtoconsiderandadoptallsafetyprecautionsthatmightbeindicatedbytheactivitiesdescribed hereinandtoavoidallpotentialhazards.Byfollowingtheinstructionscontainedherein,thereaderwillinglyassumesallrisksinconnectionwithsuch instructions.Thepublishermakesnorepresentationsorwarrantiesofanykind,includingbutnotlimitedto,thewarrantiesoffitnessforparticularpurposeor merchantability,norareanysuchrepresentationsimpliedwithrespecttothematerialsetforthherein,andthepublishertakesnoresponsibilitywithrespect tosuchmaterial.Thepublishershallnotbeliableforanyspecial,consequential,orexemplarydamagesresulting,inwholeorpart,fromthereaders’useof, orrelianceupon,thismaterial. Printed in the United States of America Print Number: 01 Print Year: 2014 To Rhonda, Rachel, Alex, and Meghan, thank you for your loving support. —MEW To my granddaughter Ellie; the future is yours. —HJM Brief Table of Contents PREFACE. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... xvii CHAPTER 1 Introductionto Information Security ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... .. 1 CHAPTER 2 TheNeedforSecurity . ... .. ... .. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... . 45 CHAPTER 3 Legal,Ethical, andProfessionalIssuesinInformation Security.. ... ... .. ... ... .. ... ... .. ... 109 CHAPTER 4 PlanningforSecurity .. ... .. ... .. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... 153 CHAPTER 5 RiskManagement . ... ... .. ... .. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... 229 CHAPTER 6 SecurityTechnology:FirewallsandVPNs... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... 297 CHAPTER 7 SecurityTechnology:Intrusion DetectionandPreventionSystems,andOther SecurityTools.. ... 355 CHAPTER 8 Cryptography... .. ... ... .. ... .. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... 417 CHAPTER 9 PhysicalSecurity. .. ... ... .. ... .. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... 467 CHAPTER 10 ImplementingInformation Security . ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... 505 CHAPTER 11 SecurityandPersonnel. ... .. ... .. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... 547 CHAPTER 12 InformationSecurityMaintenance.. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... 591 GLOSSARY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 657 INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677 v Table of Contents PREFACE. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... xvii CHAPTER1 Introductionto Information Security ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... .. 1 Introduction......................................................................... 3 TheHistoryofInformationSecurity ....................................................... 3 The1960s....................................................................... 4 The1970sand80s................................................................. 5 The1990s....................................................................... 9 2000toPresent ................................................................... 9 WhatIsSecurity?.................................................................... 10 KeyInformationSecurityConcepts .................................................... 11 CriticalCharacteristicsofInformation.................................................. 14 CNSSSecurityModel................................................................. 17 ComponentsofanInformationSystem..................................................... 19 Software ....................................................................... 19 Hardware ...................................................................... 20 Data.......................................................................... 20 People......................................................................... 20 Procedures...................................................................... 21 Networks ...................................................................... 21 BalancingInformationSecurityandAccess.................................................. 21 ApproachestoInformationSecurityImplementation........................................... 22 SecurityintheSystemsLifeCycle ........................................................ 23 TheSystemsDevelopmentLifeCycle................................................... 24 TheSecuritySystemsDevelopmentLifeCycle............................................. 27 SoftwareAssurance—SecurityintheSDLC............................................... 28 SoftwareDesignPrinciples .......................................................... 30 TheNISTApproachtoSecuringtheSDLC............................................... 31 SecurityProfessionalsandtheOrganization................................................. 34 SeniorManagement............................................................... 35 InformationSecurityProjectTeam..................................................... 36 DataResponsibilities .............................................................. 37 CommunitiesofInterest ............................................................... 37 InformationSecurityManagementandProfessionals........................................ 37 InformationTechnologyManagementandProfessionals..................................... 38 OrganizationalManagementandProfessionals............................................ 38 InformationSecurity:IsItanArtoraScience?............................................... 38 SecurityasArt................................................................... 38 SecurityasScience ................................................................ 39 SecurityasaSocialScience.......................................................... 39 SelectedReadings.................................................................... 39 ChapterSummary ................................................................... 40 ReviewQuestions.................................................................... 40 Exercises.......................................................................... 41 CaseExercises...................................................................... 42 Endnotes.......................................................................... 42 vii viii TableofContents CHAPTER2 TheNeedforSecurity ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... .. ... ... .. ... .. 45 Introduction........................................................................ 47 BusinessNeedsFirst............................................................... 47 ThreatsandAttacks.................................................................. 49 2.5BillionPotentialHackers......................................................... 49 OtherStudiesofThreats............................................................ 50 CommonAttackPatternEnumerationandClassification(CAPEC).............................. 52 The12CategoriesofThreats ........................................................ 52 CompromisestoIntellectualProperty...................................................... 52 SoftwarePiracy .................................................................. 53 CopyrightProtectionandUserRegistration .............................................. 53 DeviationsinQualityofService.......................................................... 56 InternetServiceIssues.............................................................. 56 CommunicationsandOtherServiceProviderIssues......................................... 57 PowerIrregularities ............................................................... 57 EspionageorTrespass ................................................................ 58 Hackers........................................................................ 59 HackerVariants.................................................................. 64 PasswordAttacks................................................................. 66 ForcesofNature .................................................................... 68 Fire........................................................................... 69 Floods......................................................................... 69 Earthquakes..................................................................... 69 Lightning....................................................................... 69 LandslidesorMudslides............................................................ 69 TornadosorSevereWindstorms ...................................................... 69 Hurricanes,Typhoons,andTropicalDepressions .......................................... 70 Tsunamis....................................................................... 70 ElectrostaticDischarge ............................................................. 70 DustContamination............................................................... 70 HumanErrororFailure............................................................... 71 SocialEngineering ................................................................ 72 InformationExtortion................................................................. 76 SabotageorVandalism................................................................ 77 OnlineActivism.................................................................. 78 SoftwareAttacks .................................................................... 80 Malware....................................................................... 80 BackDoors..................................................................... 87 Denial-of-Service(DoS)andDistributedDenial-of-Service(DDoS)Attacks ........................ 88 E-mailAttacks................................................................... 89 CommunicationsInterceptionAttacks .................................................. 90 TechnicalHardwareFailuresorErrors .................................................... 92 TheIntelPentiumCPUFailure ....................................................... 92 MeanTimeBetweenFailure ......................................................... 93 TechnicalSoftwareFailuresorErrors ..................................................... 93 TheOWASPTop10 .............................................................. 93 TheDeadlySinsinSoftwareSecurity................................................... 94 TechnologicalObsolescence ............................................................ 99 Theft............................................................................ 101 SelectedReadings................................................................... 101 TableofContents ix ChapterSummary .................................................................. 101 ReviewQuestions................................................................... 102 Exercises......................................................................... 104 CaseExercises..................................................................... 104 Endnotes......................................................................... 105 CHAPTER3 Legal,Ethical, andProfessionalIssuesinInformation Security.. ... ... .. ... ... .. ... ... .. ... 109 Introduction....................................................................... 110 LawandEthicsinInformationSecurity................................................... 110 OrganizationalLiabilityandtheNeedforCounsel........................................ 111 PolicyVersusLaw ............................................................... 112 TypesofLaw................................................................... 112 RelevantU.S.Laws ................................................................. 113 GeneralComputerCrimeLaws...................................................... 113 ExportandEspionageLaws ........................................................ 122 U.S.CopyrightLaw.............................................................. 124 FinancialReporting .............................................................. 124 FreedomofInformationActof1966.................................................. 124 PaymentCardIndustryDataSecurityStandards(PCIDSS).................................. 124 StateandLocalRegulations ........................................................ 126 InternationalLawsandLegalBodies..................................................... 127 U.K.ComputerSecurityLaws....................................................... 127 AustralianComputerSecurityLaws................................................... 127 CouncilofEuropeConventiononCybercrime ........................................... 128 WorldTradeOrganizationandtheAgreementonTrade-RelatedAspectsofIntellectualPropertyRights.. 128 DigitalMillenniumCopyrightAct.................................................... 129 EthicsandInformationSecurity......................................................... 129 EthicalDifferencesAcrossCultures ................................................... 129 EthicsandEducation ............................................................. 135 DeterringUnethicalandIllegalBehavior ............................................... 136 CodesofEthicsatProfessionalOrganizations............................................... 137 MajorInformationSecurityProfessionalOrganizations..................................... 138 KeyU.S.FederalAgencies............................................................. 139 DepartmentofHomelandSecurity.................................................... 139 U.S.SecretService ............................................................... 142 FederalBureauofInvestigation(FBI).................................................. 142 NationalSecurityAgency(NSA) ..................................................... 145 SelectedReadings................................................................... 146 ChapterSummary .................................................................. 147 ReviewQuestions................................................................... 147 Exercises......................................................................... 148 CaseExercises..................................................................... 149 Endnotes......................................................................... 149 CHAPTER4 PlanningforSecurity .. ... .. ... .. ... ... .. ... ... .. ... .. ... ... .. ... ... .. ... ... .. ... 153 Introduction....................................................................... 154 InformationSecurityPlanningandGovernance.............................................. 154

ebook img

Principles of information security PDF

721 Pages·2016·31.122 MB·English
by  MattordHerbert J.;WhitmanMichael E
#
Save to my drive
Quick download
Download

Download Principles of information security PDF Free - Full Version

by Mattord, Herbert J.;Whitman, Michael E| 2016| 721 pages| 31.122| English

Download Principles of information security by Mattord, Herbert J.;Whitman, Michael E in PDF format completely FREE. No registration required, no payment needed. Get instant access to this valuable resource on PDFdrive.to!

Free Download PDF

About Principles of information security

No description available for this book.

Detailed Information

Author:Mattord, Herbert J.;Whitman, Michael E
Publication Year:2016
ISBN:1285448367
Pages:721
Language:English
File Size:31.122
Format:PDF
Price:FREE
Download Free PDF

Safe & Secure Download - No registration required

Why Choose PDFdrive for Your Free Principles of information security Download?

  • 100% Free: No hidden fees or subscriptions required for one book every day.
  • No Registration: Immediate access is available without creating accounts for one book every day.
  • Safe and Secure: Clean downloads without malware or viruses
  • Multiple Formats: PDF, MOBI, Mpub,... optimized for all devices
  • Educational Resource: Supporting knowledge sharing and learning

Free Books Similar to Principles of information security

Frequently Asked Questions

Is it really free to download Principles of information security PDF?

Yes, on https://PDFdrive.to you can download Principles of information security by Mattord, Herbert J.;Whitman, Michael E completely free. We don't require any payment, subscription, or registration to access this PDF file. For 3 books every day.

How can I read Principles of information security on my mobile device?

After downloading Principles of information security PDF, you can open it with any PDF reader app on your phone or tablet. We recommend using Adobe Acrobat Reader, Apple Books, or Google Play Books for the best reading experience.

Is this the full version of Principles of information security?

Yes, this is the complete PDF version of Principles of information security by Mattord, Herbert J.;Whitman, Michael E. You will be able to read the entire content as in the printed version without missing any pages.

Is it legal to download Principles of information security PDF for free?

https://PDFdrive.to provides links to free educational resources available online. We do not store any files on our servers. Please be aware of copyright laws in your country before downloading.

The materials shared are intended for research, educational, and personal use in accordance with fair use principles.

We use cookies

We use cookies to ensure you get the best browsing experience on our website. By clicking "Accept Cookies", you agree that we can store cookies on your device in accordance with our Terms and Privacy.