The basics of information security : understanding the fundamentals of InfoSec in theory and practice / Jason Andress ; Steven Winterfeld, technical editor ; acquiring editor, Chris Katsaropoulos ; designer, Matthew Limbert.

Format:

Book

Author/Creator:

Andress, Jason, author.

Contributor:

Winterfeld, Steven, editor.

Katsaropoulos, Chris, editor.

Limbert, Matthew, designer.

Series:

Basics.

The Basics

Language:

English

Subjects (All):

Computer security.

Computer networks--Security measures.

Computer networks.

Information resources management.

Physical Description:

1 online resource (240 p.)

Edition:

2nd ed.

Place of Publication:

Waltham, Massachusetts ; Oxford, England : Syngress, 2014.

Language Note:

English

System Details:

text file

Summary:

As part of the Syngress Basics series, The Basics of Information Security provides you with fundamental knowledge of information security in both theoretical and practical aspects. Author Jason Andress gives you the basic knowledge needed to understand the key concepts of confidentiality, integrity, and availability, and then dives into practical applications of these ideas in the areas of operational, physical, network, application, and operating system security. The Basics of Information Security gives you clear-non-technical explanations of how infosec works a

Contents:

Front Cover; The Basics of Information Security; Copyright Page; Dedication; Contents; Author Biography; Introduction; Book overview and key learning points; Book audience; How this book is organized; Chapter 1: What is information security?; Chapter 2: Identification and authentication; Chapter 3: Authorization and access control; Chapter 4: Auditing and accountability; Chapter 5: Cryptography; Chapter 6: Laws and regulations; Chapter 7: Operations security; Chapter 8: Human element security; Chapter 9: Physical security; Chapter 10: Network security; Chapter 11: Operating system security

Chapter 12: Application securityConclusion; 1 What is Information Security?; Introduction; What is security?; When are we secure?; Alert!; Models for discussing security; The confidentiality, integrity, and availability triad; More advanced; Confidentiality; Integrity; Availability; Relating the CIA triad to security; The Parkerian hexad; Alert!; Confidentiality, integrity, and availability; Possession or control; Authenticity; Utility; Attacks; Types of attack payloads; Interception; Interruption; Modification; Fabrication; Threats, vulnerabilities, and risk; Threats; Vulnerabilities; Risk

ImpactRisk management; Identify assets; Identify threats; Assess vulnerabilities; Assess risks; Mitigating risks; Physical; Logical and technical controls; Administrative; Incident response; Preparation; Detection and analysis; Containment, eradication, and recovery; Post incident activity; Defense in depth; Layers; Information security in the real world; Summary; Exercises; References; 2 Identification and Authentication; Introduction; Identification; Who we claim to be; Identity verification; Falsifying identification; Authentication; Factors; Multifactor authentication

Mutual authenticationPasswords; More advanced; Biometrics; Additional resources; Characteristics; Measuring performance; Issues; Hardware tokens; Alert!; Identification and authentication in the real world; Summary; Exercises; References; 3 Authorization and Access Control; Introduction; Authorization; Principle of least privilege; Access control; More advanced; Access control lists; File system ACLs; More advanced; Network ACLs; Alert!; More advanced; Capabilities; Confused deputy problem; Alert!; Access control methodologies; Access control models; Discretionary access control

Mandatory access controlMore advanced; Role-based access control; Attribute-based access control; Multilevel access control; Physical access controls; Authorization and access control in the real world; Summary; Exercises; References; 4 Auditing and Accountability; Introduction; Accountability; More advanced; Security benefits of accountability; Nonrepudiation; Deterrence; More advanced; Intrusion detection and prevention; Admissibility of records; How we accomplish accountability; Auditing; What do we audit?; Alert!; Logging; Monitoring; Assessments

Accountability and auditing in the real world

Notes:

Description based upon print version of record.

Includes bibliographical references at the end of each chapters and index.

Description based on print version record.

ISBN:

9780128008126

0128008121

OCLC:

881162098