06551cam a2200721Ki 4500 ocn880706587 OCoLC 20190328114807.0 m o d cr cnu---unuuu 140530s2014 mau ob 001 0 eng d OPELS eng rda pn OPELS N$T OCLCO YDXCP E7B UMI OCLCF DEBBG DEBSZ TPH UNA EBLCP OCLCO B24X7 COO OCLCO OCLCQ OCLCO VT2 OCLCO LIV MERUC OCLCQ IOG OCLCO OCLCA U3W D6H CEF OTZ AU@ OCLCQ WYU CHVBK 881162098 883127955 898034970 9780128008126 (electronic bk.) 0128008121 (electronic bk.) 0128007443 9780128007440 9780128007440 (OCoLC)880706587 (OCoLC)881162098 (OCoLC)883127955 (OCoLC)898034970 QA76.9.A25 A5453 2014eb Online Book COM 060040 bisacsh COM 043050 bisacsh COM 053000 bisacsh 005.8 23 Andress, Jason, author. The basics of information security : understanding the fundamentals of InfoSec in theory and practice / [electronic resource] Jason Andress. 2nd ed. Waltham, MA : Syngress, 2014. 1 online resource. text txt rdacontent computer c rdamedia online resource cr rdacarrier Syngress basics series Online resource; title from PDF title page (ScienceDirect, viewed May 30, 2014). Includes index. As part of the Syngress Basics series, The Basics of Information Security provides you with fundamental knowledge of information security in both theoretical and practical aspects. Author Jason Andress gives you the basic knowledge needed to understand the key concepts of confidentiality, integrity, and availability, and then dives into practical applications of these ideas in the areas of operational, physical, network, application, and operating system security. The Basics of Information Security gives you clear-non-technical explanations of how infosec works and how to apply these principles whether you're in the IT field or want to understand how it affects your career and business. The new Second Edition has been updated for the latest trends and threats, including new material on many infosec subjects. Includes bibliographical references and index. Front Cover; The Basics of Information Security; Copyright Page; Dedication; Contents; Author Biography; Introduction; Book overview and key learning points; Book audience; How this book is organized; Chapter 1: What is information security?; Chapter 2: Identification and authentication; Chapter 3: Authorization and access control; Chapter 4: Auditing and accountability; Chapter 5: Cryptography; Chapter 6: Laws and regulations; Chapter 7: Operations security; Chapter 8: Human element security; Chapter 9: Physical security; Chapter 10: Network security; Chapter 11: Operating system security. Chapter 12: Application securityConclusion; 1 What is Information Security?; Introduction; What is security?; When are we secure?; Alert!; Models for discussing security; The confidentiality, integrity, and availability triad; More advanced; Confidentiality; Integrity; Availability; Relating the CIA triad to security; The Parkerian hexad; Alert!; Confidentiality, integrity, and availability; Possession or control; Authenticity; Utility; Attacks; Types of attack payloads; Interception; Interruption; Modification; Fabrication; Threats, vulnerabilities, and risk; Threats; Vulnerabilities; Risk. ImpactRisk management; Identify assets; Identify threats; Assess vulnerabilities; Assess risks; Mitigating risks; Physical; Logical and technical controls; Administrative; Incident response; Preparation; Detection and analysis; Containment, eradication, and recovery; Post incident activity; Defense in depth; Layers; Information security in the real world; Summary; Exercises; References; 2 Identification and Authentication; Introduction; Identification; Who we claim to be; Identity verification; Falsifying identification; Authentication; Factors; Multifactor authentication. Mutual authenticationPasswords; More advanced; Biometrics; Additional resources; Characteristics; Measuring performance; Issues; Hardware tokens; Alert!; Identification and authentication in the real world; Summary; Exercises; References; 3 Authorization and Access Control; Introduction; Authorization; Principle of least privilege; Access control; More advanced; Access control lists; File system ACLs; More advanced; Network ACLs; Alert!; More advanced; Capabilities; Confused deputy problem; Alert!; Access control methodologies; Access control models; Discretionary access control. Mandatory access controlMore advanced; Role-based access control; Attribute-based access control; Multilevel access control; Physical access controls; Authorization and access control in the real world; Summary; Exercises; References; 4 Auditing and Accountability; Introduction; Accountability; More advanced; Security benefits of accountability; Nonrepudiation; Deterrence; More advanced; Intrusion detection and prevention; Admissibility of records; How we accomplish accountability; Auditing; What do we audit?; Alert!; Logging; Monitoring; Assessments. Computer security. Computer networks Security measures. Information technology Security measures. Information resources management. Computer science. COMPUTERS Internet Security. bisacsh COMPUTERS Networking Security. bisacsh COMPUTERS Security General. bisacsh Computer networks Security measures. fast (OCoLC)fst00872341 Computer science. fast (OCoLC)fst00872451 Computer security. fast (OCoLC)fst00872484 Information resources management. fast (OCoLC)fst00972603 Information technology Security measures. fast (OCoLC)fst00973129 Computer Security. Information Management. Electronic books. Print version: 9780128007440 Syngress basics series. ScienceDirect http://www.sciencedirect.com/science/book/9780128007440 246917 246917