[go: up one dir, main page]
Scribd
Upload
262 views10 pages

Fundamentals of Information Systems Security (3rd Edition)

Download Fundamentals of Information Systems Security (3rd Edition) PDF.

Uploaded by

madeeha.anees
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
262 views10 pages

Fundamentals of Information Systems Security (3rd Edition)

Download Fundamentals of Information Systems Security (3rd Edition) PDF.

Uploaded by

madeeha.anees
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

This Book is Available on YakiBooki.

com

https://www.yakibooki.com/download/fundamentals-of-information-systems-security-3rd-edition/
ISSA This Book is Available on YakiBooki.com
INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES

Fundamentals
of Information
Systems Security
THIRD EDITION

David Kim | Michael G. Solomon

https://www.yakibooki.com/download/fundamentals-of-information-systems-security-3rd-edition/
This Book is Available on YakiBooki.com
World Headquarters

Jones & Bartlett Learning

5 Wall Street

Burlington, MA 01803

978-443-5000

info@jblearning.com

www.jblearning.com

Jones and Bartlett’s books and products are available through most bookstores and online booksellers. To contact

Jones and Bartlett Publishers directly, call 800-832-0034, fax 978-443-8000, or visit our website www.jbpub.com.

Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations,

professional associations, and other qualified organizations. For details and specific discount information, contact

the special sales department at Jones & Bartlett Learning via the above contact information or send an email to

specialsales@jblearning.com.

Copyright © 2018 by Jones & Bartlett Learning, LLC, an Ascend Learning Company

All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form,

electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system,

without written permission from the copyright owner.

The content, statements, views, and opinions herein are the sole expression of the respective authors and not that

of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product, process, or service by trade

name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement or recommendation

by Jones & Bartlett Learning, LLC and such reference shall not be used for advertising or product endorsement

purposes. All trademarks displayed are the trademarks of the parties noted herein. Fundamentals of Information

Systems Security, Third Edition is an independent publication and has not been authorized, sponsored, or otherwise

approved by the owners of the trademarks or service marks referenced in this product.

There may be images in this book that feature models; these models do not necessarily endorse, represent, or

participate in the activities represented in the images. Any screenshots in this product are for educational and

instructive purposes only. Any individuals and scenarios featured in the case studies throughout this product may be

real or fictitious, but are used for instructional purposes only.

Production Credits

VP, Executive Publisher: David D. Cella Composition: S4Carlisle Publishing Services

Executive Editor: Matt Kane Cover Design: Scott Moden

Acquisitions Editor: Laura Pagluica Director of Rights & Media: Joanna Gallant

Editorial Assistant: Mary Menzemer Rights & Media Specialist: Merideth Tumasz

Production Manager: Carolyn Rogers Pershouse Media Development Editor: Shannon Sheehan

Associate Production Editor: Juna Abrams Cover and Header Image: © Zffoto/Shutterstock

Director of Marketing: Andrea DeFronzo Printing and Binding: Edwards Brothers Malloy

Marketing Manager: Amy Langlais Cover Printing: Edwards Brothers Malloy

Manufacturing and Inventory Control Supervisor: Amy Bacus

Library of Congress Cataloging-in-Publication Data

Names: Kim, David (Information technology security consultant), author. |

Solomon, Michael (Michael G.), 1963- author.

Title: Fundamentals of information systems security / David Kim and Michael G. Solomon.

Description: Third edition. | Burlington, Massachusetts : Jones & Bartlett

Learning, 2016. | Includes bibliographical references and index.

Identifiers: LCCN 2016038356 | ISBN 9781284116458 (pbk.)

Subjects: LCSH: Computer security. | Information resources--Security measures.

Classification: LCC QA76.9.A25 K536 2016 | DDC 005.8--dc23

LC record available at https://lccn.loc.gov/2016038356

6048

Printed in the United States of America

20 19 18 17 16 10 9 8 7 6 5 4 3 2 1

ii
https://www.yakibooki.com/download/fundamentals-of-information-systems-security-3rd-edition/
This Book is Available on YakiBooki.com

This book is dedicated to our readers, students, and IT professionals pursuing a

career in information systems security. May your passion for learning IT Security

help you protect the information assets of the United States of America, our

businesses, and the privacy data of our citizens.

—David Kim

To God, who has richly blessed me in so many ways.

—Michael G. Solomon

iii
https://www.yakibooki.com/download/fundamentals-of-information-systems-security-3rd-edition/
This Book is Available on YakiBooki.com

https://www.yakibooki.com/download/fundamentals-of-information-systems-security-3rd-edition/
This Book is Available on YakiBooki.com

Contents

Preface xix
Acknowledgments xxi
The Authors xxi

PART I The Need for Information Security 1

CHAPTER 1 Information Systems Security 2


Information Systems Security 3
Risks, Threats, and Vulnerabilities 11
What Is Information Systems Security? 12
U.S. Compliance Laws Drive Need for Information Systems Security 12
Tenets of Information Systems Security 14
Confidentiality 16
Integrity 17
Availability 17
The Seven Domains of a Typical IT Infrastructure 19
User Domain 19
Workstation Domain 22
LAN Domain 22
LAN-to-WAN Domain 25
WAN Domain 28
Remote Access Domain 32
System/Application Domain 36
Weakest Link in the Security of an IT Infrastructure 38
Ethics and the Internet 40
IT Security Policy Framework 40
Definitions 41
Foundational IT Security Policies 41
Data Classification Standards 42
CHAPTER SUMMARY 44
KEY CONCEPTS AND TERMS 44
CHAPTER 1 ASSESSMENT 45

v
https://www.yakibooki.com/download/fundamentals-of-information-systems-security-3rd-edition/
This Book is Available on YakiBooki.com
vi Contents

CHAPTER 2 The Internet of Things Is Changing How We Live 47


Evolution of the Internet of Things 49
Converting to a TCP/IP World 50
IoT’s Impact on Human and Business Life 51
How People Like to Communicate 52
IoT Applications That Impact Our Lives 52
Evolution from Bricks and Mortar to E-Commerce 55
Why Businesses Must Have an Internet
and IoT Marketing Strategy 57
IP Mobility 58
Mobile Users and Bring Your Own Device 58
Mobile Applications 59
IP Mobile Communications 60
New Challenges Created by the IoT 62
Security 62
Privacy 63
Interoperability and Standards 65
Legal and Regulatory Issues 67
E-Commerce and Economic Development Issues 68
CHAPTER SUMMARY 69
KEY CONCEPTS AND TERMS 70
CHAPTER 2 ASSESSMENT 70

CHAPTER 3 Malicious Attacks, Threats, and Vulnerabilities 72


Malicious Activity on the Rise 73
What Are You Trying to Protect? 74
Customer Data 74
IT and Network Infrastructure 75
Intellectual Property 76
Finances and Financial Data 76
Service Availability and Productivity 77
Reputation 78
Whom Are You Trying to Catch? 78
Attack Tools 79
Protocol Analyzers 80
Port Scanners 80
OS Fingerprint Scanners 80
Vulnerability Scanners 80
Exploit Software 81
Wardialers 81

https://www.yakibooki.com/download/fundamentals-of-information-systems-security-3rd-edition/
This Book is Available on YakiBooki.com
Contents vii

Password Crackers 82
Keystroke Loggers 82
What Is a Security Breach? 83
Denial of Service Attacks 83
Distributed Denial of Service Attacks 84
Unacceptable Web Browsing 84
Wiretapping 85
Backdoors 85
Data Modifications 86
Additional Security Challenges 86
What Are Risks, Threats, and Vulnerabilities? 88
Threat Targets 89
Threat Types 90
What Is a Malicious Attack? 92
Birthday Attacks 93
Brute-Force Password Attacks 93
Dictionary Password Attacks 94
IP Address Spoofing 94
Hijacking 94
Replay Attacks 95
Man-in-the-Middle Attacks 95
Masquerading 96
Eavesdropping 96
Social Engineering 96
Phreaking 97
Phishing 97
Pharming 98
What Is Malicious Software? 99
Viruses 99
Worms 100
Trojan Horses 100
Rootkits 101
Spyware 101
What Are Common Types of Attacks? 102
Social Engineering Attacks 103
Wireless Network Attacks 104
Web Application Attacks 104
What Is a Countermeasure? 106
Countering Malware 106
Protecting Your System with Firewalls 108

CHAPTER SUMMARY 108


KEY CONCEPTS AND TERMS 109
CHAPTER 3 ASSESSMENT 110

https://www.yakibooki.com/download/fundamentals-of-information-systems-security-3rd-edition/
This Book is Available on YakiBooki.com
viii Contents

CHAPTER 4 The Drivers of the Information Security Business 112


Defining Risk Management 113
Implementing a BIA, a BCP, and a DRP 115
Business Impact Analysis 115
Business Continuity Plan 116
Disaster Recovery Plan 118
Assessing Risks, Threats, and Vulnerabilities 122
Closing the Information Security Gap 123
Adhering to Compliance Laws 124
Keeping Private Data Confidential 127
Mobile Workers and Use of Personally Owned Devices 129
BYOD Concerns 129
Endpoint and Device Security 130
CHAPTER SUMMARY 131
KEY CONCEPTS AND TERMS 132
CHAPTER 4 ASSESSMENT 132

PART II Securing Today’s Information Systems 135

CHAPTER 5 Access Controls 136


Four-Part Access Control 137
Two Types of Access Controls 138
Physical Access Control 138
Logical Access Control 138
Authorization Policies 140
Methods and Guidelines for Identification 141
Identification Methods 141
Identification Guidelines 141
Processes and Requirements for Authentication 142
Authentication Types 142
Single Sign-On 151
Policies and Procedures for Accountability 154
Log Files 154
Monitoring and Reviews 154
Data Retention, Media Disposal, and Compliance Requirements 154
Formal Models of Access Control 156
Discretionary Access Control 157
Operating Systems-Based DAC 157

https://www.yakibooki.com/download/fundamentals-of-information-systems-security-3rd-edition/
This Book is Available on YakiBooki.com
Contents ix

Mandatory Access Control 159


Nondiscretionary Access Control 160
Rule-Based Access Control 160
Access Control Lists 160
Role-Based Access Control 161
Content-Dependent Access Control 163
Constrained User Interface 163
Other Access Control Models 164
Effects of Breaches in Access Control 166

Threats to Access Controls 167

Effects of Access Control Violations 168

Credential and Permissions Management 169

Centralized and Decentralized Access Control 169


Types of AAA Servers 169
Decentralized Access Control 172
Privacy 172
CHAPTER SUMMARY 177
KEY CONCEPTS AND TERMS 177
CHAPTER 5 ASSESSMENT 178

CHAPTER 6 Security Operations and Administration 181


Security Administration 182
Controlling Access 182
Documentation, Procedures, and Guidelines 183
Disaster Assessment and Recovery 183
Security Outsourcing 184
Compliance 185
Event Logs 186
Compliance Liaison 186
Remediation 186
Professional Ethics 187
Common Fallacies About Ethics 187
Codes of Ethics 188
Personnel Security Principles 189
The Infrastructure for an IT Security Policy 192
Policies 192
Standards 194
Procedures 194
Baselines 195
Guidelines 196

https://www.yakibooki.com/download/fundamentals-of-information-systems-security-3rd-edition/

You might also like