Information security and IT risk management / Manish Agrawal, Alex Campoe, Eric Pierce
- Author:
- Agrawal, Manish
- Additional Titles:
- Information security and information technology risk management
- Published:
- Hoboken, NJ : Wiley, [2014]
- Physical Description:
- xviii, 414 pages : illustrations ; 24 cm
- Additional Creators:
- Campoe, Alex and Pierce, Eric
- Contents:
- Machine generated contents note: ch. 1 Introduction -- Overview -- Professional utility of information security knowledge -- Brief history -- Definition of information security -- Summary -- Example case -- Wikileaks, Cablegate, and free reign over classified networks -- Chapter review questions -- Example case questions -- Hands-on activity -- Software Inspector, Steganography -- Critical thinking exercise: identifying CIA area(s) affected by sample real-life hacking incidents -- Design case -- ch. 2 System Administration (Part 1) -- Overview -- Introduction -- What is system administration? -- System administration and information security -- Common system administration tasks -- System administration utilities -- Summary -- Example case -- T. J. Maxx -- Chapter review questions -- Example case questions -- Hands-on Activity -- Linux system installation -- Critical thinking exercise -- Google executives sentenced to prison over video -- Design case -- ch. 3 System Administration (Part 2) -- Overview -- Operating system structure -- The command-line interface -- Files and directories -- Moving around the filesystem -- pwd, cd -- Listing files and directories -- Shell expansions -- File management -- Viewing files -- Searching for files -- Access control and user management -- Access control lists -- File ownership -- Editing files -- Software installation and updates -- Account management -- Command-line user administration -- Example case -- Northwest Florida State College -- Summary -- Chapter review questions -- Example case questions -- Hands-on activity -- basic Linux system administration -- Critical thinking exercise -- offensive cyber effects operations (OCEO) -- Design Case -- ch. 4 The Basic Information Security Model -- Overview -- Introduction -- Components of the basic information security model -- Common vulnerabilities, threats, and controls -- Example case -- ILOVEYOU virus -- Summary -- Chapter review questions -- Example case questions -- Hands-on activity -- web server security -- Critical thinking exercise -- the internet, "American values," and security -- Design case -- ch. 5 Asset Identification and Characterization -- Overview -- Assets overview -- Determining assets that are important to the organization -- Asset types -- Asset characterization -- IT asset life cycle and asset identification -- System profiling -- Asset ownership and operational responsibilities -- Example case -- Stuxnet -- Summary -- Chapter review questions -- Example case questions -- Hands-on activity -- course asset identification -- Critical thinking exercise -- uses of a hacked PC -- Design case -- ch. 6 Threats and Vulnerabilities -- Overview -- Introduction -- Threat models -- Threat agent -- Threat action -- Vulnerabilities -- Example case -- Gozi -- Summary -- Chapter review questions -- Example case questions -- Hands-on activity -- Vulnerability scanning -- Critical thinking exercise -- Iraq cyberwar plans in 2003 -- Design case -- ch. 7 Encryption Controls -- Overview -- Introduction -- Encryption basics -- Encryption types overview -- Encryption types details -- Encryption in use -- Example case -- Nation technologies -- Summary -- Chapter review questions -- Example case questions -- Hands-on activity -- encryption -- Critical thinking exercise -- encryption keys embed business models -- Design case -- ch. 8 Identity and Access Management -- Overview -- Identity management -- Access management -- Authentication -- Single sign-on -- Federation -- Example case -- Markus Hess -- Summary -- Chapter review questions -- Example case questions -- Hands-on activity -- identity match and merge -- Critical thinking exercise -- feudalism the security solution for the internet? -- Design case -- ch. 9 Hardware and Software Controls -- Overview -- Password management -- Access control -- Firewalls -- Intrusion detection/prevention systems -- Patch management for operating systems and applications -- End-point protection -- Example case -- AirTight networks -- Chapter review questions -- Example case questions -- Hands-on activity -- host-based IDS (OSSEC) -- Critical thinking exercise -- extra-human security controls -- Design case -- ch. 10 Shell Scripting -- Overview -- Introduction -- Output redirection -- Text manipulation -- Variables -- Conditionals -- User input -- Loops -- Putting it all together -- Example case -- Max Butler -- Summary -- Chapter review questions -- Example case questions -- Hands-on activity -- basic scripting -- Critical thinking exercise -- script security -- Design case -- ch. 11 Incident Handling -- Introduction -- Incidents overview -- Incident handling -- The disaster -- Example case -- on-campus piracy -- Summary -- Chapter review questions -- Example case questions -- Hands-on activity -- incident timeline using OSSEC -- Critical thinking exercise -- destruction at the EDA -- Design case -- ch. 12 Incident Analysis -- Introduction -- Log analysis -- Event criticality -- General log configuration and maintenance -- Live incident response -- Timelines -- Other forensics topics -- Example case -- backup server compromise -- Chapter review questions -- Example case questions -- Hands-on activity -- server log analysis -- Critical thinking exercise -- destruction at the EDA -- Design case -- ch. 13 Policies, Standards, and Guidelines -- Introduction -- Guiding principles -- Writing a policy -- Impact assessment and vetting -- Policy review -- Compliance -- Key policy issues -- Example case -- HB Gary -- Summary -- Reference -- Chapter review questions -- Example case questions -- Hands-on activity -- create an AUP -- Critical thinking exercise -- Aaron Swartz -- Design case -- ch. 14 IT Risk Analysis and Risk Management -- Overview -- Introduction -- Risk management as a component of organizational management -- Risk-management framework -- The NIST 800-39 framework -- Risk assessment -- Other risk-management frameworks -- IT general controls for Sarbanes--Oxley compliance -- Compliance versus risk management -- Selling security -- Example case -- online marketplace purchases -- Summary -- Chapter review questions -- Hands-on activity -- risk assessment using LSOF -- Critical thinking exercise -- risk estimation biases -- Design case.
- Subject(s):
- ISBN:
- 9781118335895 (pbk. : alk. paper)
1118335899 (pbk. : alk. paper) - Bibliography Note:
- Includes bibliographical references and index.
- Source of Acquisition:
- Purchased with funds from the James and Joyce Gettys Libraries Endowment in the Math Library and in the School of Information Sciences and Technology; 2013.
- Endowment Note:
- James and Joyce Gettys Libraries Endowment in the Math Library and in the School of Information Sciences and Technology
View MARC record | catkey: 12554662