Information security and IT risk management
Agrawal's Information Security and Risk Management , with a technical rather than managerial focus, gives readers the knowledge and skills needed to compete for and succeed in information security roles.
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | , |
| Format: | Book |
| Language: | English |
| Published: |
Hoboken, NJ
Wiley
2014
|
| Subjects: | |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
MARC
| LEADER | 00000nam a2200000 a 4500 | ||
|---|---|---|---|
| 001 | 100759 | ||
| 003 | MY-KLNDU | ||
| 005 | 20241220025550.0 | ||
| 008 | 141013s2014 njua bi 000 0 eng d | ||
| 020 | |a 9781118335895 (pbk) | ||
| 020 | |a 1118335899 (pbk) | ||
| 039 | 9 | |a 201503092200 |b zul |c 201411191028 |d shahrim |y 201410131519 |z hasniza | |
| 040 | |a UPNM | ||
| 090 | |a TK 5105.59 |b .A37 2014 | ||
| 100 | 1 | |a Agrawal, Manish | |
| 245 | 1 | 0 | |a Information security and IT risk management |c Manish Agrawal, Alex Campoe, Eric Pierce. |
| 260 | |a Hoboken, NJ |b Wiley |c 2014 | ||
| 300 | |a xviii, 414 p. |b ill. |c 24 cm. | ||
| 504 | |a Includes bibliographical references and index. | ||
| 505 | 0 | |a ch. 1 Introduction -- Overview -- Professional utility of information security knowledge -- Brief history -- Definition of information security -- Summary -- Example case -- Wikileaks, Cablegate, and free reign over classified networks -- Chapter review questions -- Example case questions -- Hands-on activity -- Software Inspector, Steganography -- Critical thinking exercise: identifying CIA area(s) affected by sample real-life hacking incidents -- Design case -- ch. 2 System Administration (Part 1) -- Overview -- Introduction -- What is system administration? -- System administration and information security -- Common system administration tasks -- System administration utilities -- Summary -- Example case -- T. J. Maxx -- Chapter review questions -- Example case questions -- Hands-on Activity -- Linux system installation -- Critical thinking exercise -- Google executives sentenced to prison over video -- Design case -- ch. 3 System Administration (Part 2) -- Overview -- Operating system structure -- The command-line interface -- Files and directories -- Moving around the filesystem -- pwd, cd -- Listing files and directories -- Shell expansions -- File management -- Viewing files -- Searching for files -- Access control and user management -- Access control lists -- File ownership -- Editing files -- Software installation and updates -- Account management -- Command-line user administration -- Example case -- Northwest Florida State College -- Summary -- Chapter review questions -- Example case questions -- Hands-on activity -- basic Linux system administration -- Critical thinking exercise -- offensive cyber effects operations (OCEO) -- Design Case -- ch. 4 The Basic Information Security Model -- Overview -- Introduction -- Components of the basic information security model -- Common vulnerabilities, threats, and controls -- Example case -- ILOVEYOU virus -- Summary -- Chapter review questions -- Example case questions -- Hands-on activity -- web server security -- Critical thinking exercise -- the internet, "American values," and security -- Design case -- ch. 5 Asset Identification and Characterization -- Overview -- Assets overview -- Determining assets that are important to the organization -- Asset types -- Asset characterization -- IT asset life cycle and asset identification -- System profiling -- Asset ownership and operational responsibilities -- Example case -- Stuxnet -- Summary -- Chapter review questions -- Example case questions -- Hands-on activity -- course asset identification -- Critical thinking exercise -- uses of a hacked PC -- Design case -- ch. 6 Threats and Vulnerabilities -- Overview -- Introduction -- Threat models -- Threat agent -- Threat action -- Vulnerabilities -- Example case -- Gozi -- Summary -- Chapter review questions -- Example case questions -- Hands-on activity -- Vulnerability scanning -- Critical thinking exercise -- Iraq cyberwar plans in 2003 -- Design case -- ch. 7 Encryption Controls -- Overview -- Introduction -- Encryption basics -- Encryption types overview -- Encryption types details -- Encryption in use -- Example case -- Nation technologies -- Summary -- Chapter review questions -- Example case questions -- Hands-on activity -- encryption -- Critical thinking exercise -- encryption keys embed business models -- Design case -- ch. 8 Identity and Access Management -- Overview -- Identity management -- Access management -- Authentication -- Single sign-on -- Federation -- Example case -- Markus Hess -- Summary -- Chapter review questions -- Example case questions -- Hands-on activity -- identity match and merge -- Critical thinking exercise -- feudalism the security solution for the internet? -- Design case -- ch. 9 Hardware and Software Controls -- Overview -- Password management -- Access control -- Firewalls -- Intrusion detection/prevention systems -- Patch management for operating systems and applications -- End-point protection -- Example case -- AirTight networks -- Chapter review questions -- Example case questions -- Hands-on activity -- host-based IDS (OSSEC) -- Critical thinking exercise -- extra-human security controls -- Design case -- ch. 10 Shell Scripting -- Overview -- Introduction -- Output redirection -- Text manipulation -- Variables -- Conditionals -- User input -- Loops -- Putting it all together -- Example case -- Max Butler -- Summary -- Chapter review questions -- Example case questions -- Hands-on activity -- basic scripting -- Critical thinking exercise -- script security -- Design case -- ch. 11 Incident Handling -- Introduction -- Incidents overview -- Incident handling -- The disaster -- Example case -- on-campus piracy -- Summary -- Chapter review questions -- Example case questions -- Hands-on activity -- incident timeline using OSSEC -- Critical thinking exercise -- destruction at the EDA -- Design case -- ch. 12 Incident Analysis -- Introduction -- Log analysis -- Event criticality -- General log configuration and maintenance -- Live incident response -- Timelines -- Other forensics topics -- Example case -- backup server compromise -- Chapter review questions -- Example case questions -- Hands-on activity -- server log analysis -- Critical thinking exercise -- destruction at the EDA -- Design case -- ch. 13 Policies, Standards, and Guidelines -- Introduction -- Guiding principles -- Writing a policy -- Impact assessment and vetting -- Policy review -- Compliance -- Key policy issues -- Example case -- HB Gary -- Summary -- Reference -- Chapter review questions -- Example case questions -- Hands-on activity -- create an AUP -- Critical thinking exercise -- Aaron Swartz -- Design case -- ch. 14 IT Risk Analysis and Risk Management -- Overview -- Introduction -- Risk management as a component of organizational management -- Risk-management framework -- The NIST 800-39 framework -- Risk assessment -- Other risk-management frameworks -- IT general controls for Sarbanes--Oxley compliance -- Compliance versus risk management -- Selling security -- Example case -- online marketplace purchases -- Summary -- Chapter review questions -- Hands-on activity -- risk assessment using LSOF -- Critical thinking exercise -- risk estimation biases -- Design case. | |
| 520 | |a Agrawal's Information Security and Risk Management , with a technical rather than managerial focus, gives readers the knowledge and skills needed to compete for and succeed in information security roles. | ||
| 592 | |a 00013727 |b 04/11/2014 |c RM567.80 |h PVK | ||
| 650 | 0 | |a Computer networks |x Security measures. | |
| 650 | 0 | |a Computer security. | |
| 700 | 1 | |a Campoe, Alex. | |
| 700 | 1 | |a Pierce, Eric. | |
| 999 | |a vtls000052920 |c 100759 |d 100759 | ||