The InfoSec Handbook : An Introduction to Information Security / by Umesha Nayak, Umesh Hodeghatta Rao.

Format:

Book

Author/Creator:

Nayak, Umesha., Author.

Rao, Umesh Hodeghatta., Author.

Series:

Expert's voice in information security The InfoSec handbook

Language:

English

Subjects (All):

Data protection.

Data encryption (Computer science).

Computers.

Security.

Cryptology.

Information Systems and Communication Service.

Local Subjects:

Security.

Cryptology.

Information Systems and Communication Service.

Physical Description:

1 online resource (376 p.)

Edition:

1st ed. 2014.

Other Title:

Introduction to information security

Place of Publication:

Berkeley, CA : Apress : Imprint: Apress, 2014.

Language Note:

English

System Details:

text file

Summary:

The InfoSec Handbook offers the reader an organized layout of information that is easily read and understood. Allowing beginners to enter the field and understand the key concepts and ideas, while still keeping the experienced readers updated on topics and concepts. It is intended mainly for beginners to the field of information security, written in a way that makes it easy for them to understand the detailed content of the book. The book offers a practical and simple view of the security practices while still offering somewhat technical and detailed information relating to security. It helps the reader build a strong foundation of information, allowing them to move forward from the book with a larger knowledge base. Security is a constantly growing concern that everyone must deal with. Whether it’s an average computer user or a highly skilled computer user, they are always confronted with different security risks. These risks range in danger and should always be dealt with accordingly. Unfortunately, not everyone is aware of the dangers or how to prevent them and this is where most of the issues arise in information technology (IT). When computer users do not take security into account many issues can arise from that like system compromises or loss of data and information. This is an obvious issue that is present with all computer users. This book is intended to educate the average and experienced user of what kinds of different security practices and standards exist. It will also cover how to manage security software and updates in order to be as protected as possible from all of the threats that they face.

Contents:

Intro

Contents at a Glance

Contents

About the Authors

Acknowledgments

Introduction

Part I: Introduction

Chapter 1: Introduction to Security

What is Security?

Why is Security Important?

What if You Do Not Care About Security?

The Evolution of the Computer and Information Security

Information Security Today

Applicable Standards and Certifications

The Role of a Security Program

Chapter 2: History of Computer Security

Communication

World Wars and Their Influence on the Field of Security

Cypher Machine: Enigma

Bletchley Park

Code Breakers

Some Historical Figures of Importance: Hackers and Phreakers

Kevin Mitnick

Chapter Summary

Part II: Key Principles and Practices

Chapter 3: Key Concepts and Principles

Security Threats

External and Internal Threats

Information Security Frameworks and Information Security Architecture

Information Security Management Systems Framework Provided by ISO/IEC 27001:2013

NIST Special Publication 800-39 complemented by 800-53

SABSA®

Pillars of Security

People

Organization of Information Security

The Need for Independence

Specific Roles and Responsibilities

Audit Committee or Information Security Committee at the Board Level

Information Security Sponsor or Champion

Chief Information Security Officer or Information Security Officer

Information Security Forum

Information Security Specialists

Project Managers

Data Owners

Data Custodians

Users of the data

Authority for Information Security

Policies, Procedures, and Processes

Technology

Information Security Concepts

CIA Triad

Confidentiality

Integrity

Availability

Parkerian Hexad

Implementation of Information Security

Risk Assessment

Planning and Architecture

Gap Analysis.

Integration and Deployment

Operations

Monitoring

Legal Compliance and Audit

Crisis Management

Principles of Information Security

Chapter 4: Access Controls

Confidentiality and Data Integrity

Who Can Access the Data?

What is an Access Control?

Authentication and Authorization

Authentication and Access Control Layers

Administrative Access Controls (Layer)

Access Control Policy

Personnel related - jobs, responsibilities, and authorities

Segregation of duties

Supporting policies and procedure

Control Over Information Access to Trade Restricted Persons

Technical (Logical) Controls

Passwords

Smartcards

Encryption

Network Access

System Access

Physical Access Controls

Network Segregation

Perimeter Security

Security Guards

Badge Systems

Biometric Access Controls

Access Control Strategies

Discretionary Access Control (DAC)

Mandatory Access Control (MAC)

Role-Based Access Control (RBAC)

Attribute Based Access Control

Implementing Access Controls

Access Control Lists (ACLs)

File System ACLs

Network ACLs

AAA Framework

RADIUS and TACAS+

LDAP and Active Directory

IDAM

Chapter 5: Information Systems Management

Risk

Incident

Disaster

Disaster Recovery

Business Continuity

Risk Management

Identification of Risk

Risk Analysis

Risk Responses

Execution of the Risk Treatment Plans

The Importance of Conducting a Periodic Risk Assessment

Incident Response

Incident Response Policy, Plan, and Processes

Incident Response Policy

Purpose and Scope of the Policy

Definition of Information Security Incidents and Related Terms 2

Organizational Structure, Roles, Responsibilities, and Authorities

Ratings of Incidents

Measurements.

Incident Response Plan

Purpose and Scope

Strategies, Goals, and Approach to Incident Response

Internal and External Communication Plan

Plan for the Incident Response Capability 2

Measurement of Incident Response Capability and its Effectiveness

Integration with the Other Plans of the Organization

Incident Response Processes

Incident Response Teams

Incident Response Team structuring based on distribution of the Responsibilities

Centralized Incident Response Teams 2

Distributed Incident Response Teams 2

Hybrid Incident Response Teams

Incident Response Team Structuring Based on who Constitutes the Teams

Fully Employee Constituted Incident Response Teams

Fully Outsourced Incident Response Teams

Hybrid Teams: Partially Constituted by Employees and Partially Constituted by Outsourced Contractors

Ensuring Effectiveness of Incident Response

Preparation 2

Incident Detection 2

Precursors and Indicators of Incidents 2

Sources of Precursors and Indicators

Analysis of the Incidents: 2

Incident Im pact Analysis and Prioritization of the Actions 2

Incident Documentation and Incident Notification 2

Incident Containment, Eradication, and Recovery 2

Containment Strategy 2

Evidence Gathering and Handling 2

Eradication and Recovery 2

Post Incident Analysis and Activities 2

Analysis of Learnings

Use of Incident Data 2

Disaster Recovery and Business Continuity

How to Approach Business Continuity Plan

Assign Clear Roles and Responsibilities

Sponsor

Project Manager

Business Continuity Planning Team

Life Cycle of Business Continuity Planning

Scoping

Plan for Formulation of Business Continuity Plan

Business Continuity Plan Kick-Off Meeting

Business Impact Analysis (BIA)

Business Continuity Plan Preparation.

Business Continuity Plan Validation & Training

Up-to-date Maintenance of the BCP

Part III: Application Security

Chapter 6: Application and Web Security

Software Applications

Completeness of the Inputs

Correctness of the Inputs

Completeness of Processing

Correctness of Processing

Completeness of the Updates

Correctness of the Updates

Preservation of the Integrity of the Data in Storage

Preservation of the Integrity of the Data while in Transmission

Importance of an Effective Application Design and Development Life Cycle

Important Guidelines for Secure Design and Development

Web Browsers, Web Servers, and Web Applications

Vulnerabilities in Web Browsers

Inappropriate Configuration

Unnecessary or Untrusted Add-ons

Malware or Executables run on the Web Browser

No Patching up or Carrying out the Security Updates

How to Overcome the Vulnerabilities of Web Browsers

Vulnerabilities of Web Servers

Default Users and Default Permissions are not changed

Sample files and scripts are not removed

Default Configuration is Not Changed

File and Directory Permissions are not Set Properly

Security Loop-Holes or Defects in the Web Server Software or Underlying Operating System

How to Overcome the Web Server Vulnerabilities

Web Applications

SQL Injection Attacks

Command Injection Attacks

Buffer Overflow Attacks

Cro ss-Site Scripting

Cookie Poisoning

Session Hijacking Attacks

How to Overcome Web Application Vulnerabilities

Secure Socket Layer (SSL) Security and Digital Certificate

Chapter 7: Malicious Software and Anti-Virus Software

Malware Software

Introduction to Malware

Covert channels

Types of Malware in Detail

Spyware

Adware

Trojans

Viruses

Worms

Backdoors.

Botnets

A Closer Look at Spyware

Trojans and Backdoors

Rootkits

Viruses and Worms

Botnets

Brief History of Viruses, Worms, and Trojans

The Current Situation

Anti-Virus Software

Need for Anti-Virus Software

Top 5 Commercially Available Anti-Virus Software

Symantec Norton Anti-Virus Software

McAfee Anti- Virus

Kaspersky Anti- Virus

Bitdefender Anti- Virus

AVG Anti-Virus Software

A Few Words of Caution

Chapter 8: Cryptography

Cryptographic Algorithms

Symmetric Key Cryptography

Key Distribution

Asymmetric Key Cryptography

Public Key Cryptography

RSA Algorithm

Advantages of Public Key Cryptography

Applications of PKC

Public Key Infrastructure (PKI)

Certificate Authority (CA)

Digital Certificate

Hash Function Cryptography

Popular Hashes

Digital Signatures

Summary of Cryptography Standard Algorithms

Disk / Drive Encryption

Attacks on Cryptography

Part IV: Network Security

Chapter 9: Understanding Networks and Network Security

Networking Fundamentals

Computer Communication

Network and its Components

Network Protocols

OSI (Open Systems Interconnection) Reference Model

TCP/IP Model

Network Vulnerabilities and Threats

Vulnerabilities

Security Policy Weaknesses

Technology Weaknesses

Configuration Weaknesses

Threats

Attacks

Reconnaissance

Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)

Other Attacks on Networks

How to counter the Network Attacks

Chapter 10: Firewalls

How Do You Protect a Network?

Firewall

Basic Functions of Firewall

Packet Filtering

How a packet filtering firewall works

TCP Layer

An Example of Packet Filtering Rules.

Advantages and Disadvantages of Packet filtering.

Notes:

Bibliographic Level Mode of Issuance: Monograph

Includes bibliographical references and index.

CC BY-NC-ND

Description based on publisher supplied metadata and other sources.

ISBN:

9781430263838

1430263830

OCLC:

892917693