Verfügbarkeit: Information Security and Risk Management

Information Security and Risk Management:

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	Agrawal, Manish (VerfasserIn), Campoe, Alex (VerfasserIn), Pierce, Eric (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Hoboken, NJ Wiley 2014
Schlagworte:	Risikomanagement Unternehmen Computersicherheit Lehrbuch
Online-Zugang:	Inhaltsverzeichnis
Beschreibung:	Includes bibliographical references and index
Beschreibung:	XVIII, 414 S. graph. Darst.
ISBN:	9781118335895

Internformat

MARC


LEADER	00000nam a2200000 c 4500
001	BV041363110
003	DE-604
005	20140522
007	t
008	131016s2014 d\|\|\| \|\|\|\| 00\|\|\| eng d
020			\|a 9781118335895 \|c pbk. \|9 978-1-118-33589-5
035			\|a (OCoLC)881138179
035			\|a (DE-599)BVBBV041363110
040			\|a DE-604 \|b ger \|e aacr
041	0		\|a eng
049			\|a DE-355
050		0	\|a HB74.P8
084			\|a ST 276 \|0 (DE-625)143642: \|2 rvk
100	1		\|a Agrawal, Manish \|e Verfasser \|0 (DE-588)138792003 \|4 aut
245	1	0	\|a Information Security and Risk Management \|c Manish Agrawal; Alex Campoe; Eric Pierce
264		1	\|a Hoboken, NJ \|b Wiley \|c 2014
300			\|a XVIII, 414 S. \|b graph. Darst.
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
500			\|a Includes bibliographical references and index
650	0	7	\|a Risikomanagement \|0 (DE-588)4121590-4 \|2 gnd \|9 rswk-swf
650	0	7	\|a Unternehmen \|0 (DE-588)4061963-1 \|2 gnd \|9 rswk-swf
650	0	7	\|a Computersicherheit \|0 (DE-588)4274324-2 \|2 gnd \|9 rswk-swf
655		7	\|0 (DE-588)4123623-3 \|a Lehrbuch \|2 gnd-content
689	0	0	\|a Unternehmen \|0 (DE-588)4061963-1 \|D s
689	0	1	\|a Computersicherheit \|0 (DE-588)4274324-2 \|D s
689	0	2	\|a Risikomanagement \|0 (DE-588)4121590-4 \|D s
689	0		\|C b \|5 DE-604
700	1		\|a Campoe, Alex \|e Verfasser \|4 aut
700	1		\|a Pierce, Eric \|e Verfasser \|4 aut
856	4	2	\|m Digitalisierung UB Regensburg - ADAM Catalogue Enrichment \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=026811420&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-026811420

Datensatz im Suchindex

_version_	1804151448488902656
adam_text	Ust of Figures xi Prefoce xvii Chapter 1 — Introduction 1 Overview ................................................................................................................1 Professional utility ofinformation security knowledge .........................................1 Brief history ............................................................................................................5 Definition of information security ........................................................................11 Summary ..............................................................................................................14 Example case - Wikileaks, Cablegate, and free reign over classified networks ...........................................................................................14 Chapter review questions ......................................................................................15 Example case questions ........................................................................................16 Hands-on activity - Software Inspector, Steganography ......................................16 Critical thinking exercise: identifying CIA area(s) affected by sample real-life hacking incidents ....................................................................21 Design case ...........................................................................................................21 Chapter 2 — System Administration (Part 1) 26 Overview ..............................................................................................................26 Introduction ..........................................................................................................26 What is system administration? ............................................................................27 System administration and information security ..................................................28 Common system administration tasks ..................................................................29 System administration utilities .............................................................................33 Summary ..............................................................................................................37 Example case - T. J. Maxx ...................................................................................37 Chapter review questions ......................................................................................39 iv Table of Contents Example case questions ........................................................................................40 Hands-on Activity - Linux system installation ....................................................40 Critical thinking exercise - Google executives sentenced to prison over video .............................................................................................48 Design case ...........................................................................................................49 Chapter 3 — System Administration (Part 2) 51 Overview ..............................................................................................................51 Operating system structure ...................................................................................51 The command-line interface .................................................................................53 Files and directories ..............................................................................................53 Moving around the filesystem - pwd, cd.............................................................54 Listing files and directories ..................................................................................55 Shell expansions ...................................................................................................56 File management ..................................................................................................57 Viewing files .........................................................................................................59 Searching for files .................................................................................................60 Access control and user management ..................................................................61 Access control lists ...............................................................................................64 File ownership ......................................................................................................65 Editing files ...........................................................................................................66 Software installation and updates .........................................................................67 Accountmanagement ...........................................................................................72 Command-line user administration ......................................................................75 Example case - Northwest Florida State College ................................................77 Summary ..............................................................................................................78 Chapter review questions ......................................................................................78 Example case questions ........................................................................................79 Hands-on activity - basic Linux system administration .......................................79 Critical thinking exercise - offensive cyber effects operations (OCEO) ..........................................................................................80 Design Case ..........................................................................................................80 ТаЫе of Contents v Chapter 4 — The Basic Information Security Model 82 Overview ..............................................................................................................82 Introduction ..........................................................................................................82 Components of the basic information security model ..........................................82 Common vulnerabilities, threats, and controls .....................................................90 Example case - ILOVEYOU virus .......................................................................99 Summary ............................................................................................................100 Chapter review questions ....................................................................................100 Example case questions ......................................................................................101 Hands-on activity - web server security ............................................................101 Critical thinking exercise - the internet, American values, and security ........102 Design case .........................................................................................................103 Chapter 5 — Asset Identification and Characterization 104 Overview ............................................................................................................104 Assets overview ..................................................................................................104 Determining assets that are important to the organization .................................105 Asset types ..........................................................................................................109 Asset characterization .........................................................................................114 IT asset life cycle and asset identification ..........................................................119 System profiling .................................................................................................124 Asset ownership and operational responsibilities ...............................................127 Example case - Stuxnet ......................................................................................130 Summary ............................................................................................................130 Chapter review questions ....................................................................................131 Example case questions ......................................................................................131 Hands-on activity - course asset identification ..................................................132 Critical thinking exercise - uses of a hacked PC ...............................................132 Design case .........................................................................................................133 Chapter 6 — Threats and Vulnerabilities 135 Overview ............................................................................................................135 Introduction ........................................................................................................135 vi Table of Contents Threat models .....................................................................................................136 Threat agent ........................................................................................................137 Threat action .......................................................................................................149 Vulnerabilities .....................................................................................................162 Example case - Gozi ..........................................................................................167 Summary ............................................................................................................168 Chapter review questions ....................................................................................168 Example case questions ......................................................................................168 Hands-on activity - Vulnerability scanning .......................................................169 Critical thinking exercise - Iraq cyberwar plans in 2003...................................174 Design case .........................................................................................................174 Chapter 7 — Encryption Controls 176 Overview ............................................................................................................176 Introduction ........................................................................................................176 Encryption basics ...............................................................................................177 Encryption types overview .................................................................................181 Encryption types details .....................................................................................187 Encryption in use ................................................................................................194 Example case - Nation technologies ..................................................................197 Summary ............................................................................................................198 Chapter review questions ....................................................................................198 Example case questions ......................................................................................199 Hands-on activity - encryption ..........................................................................199 Critical thinking exercise - encryption keys embed business models .............................................................................................205 Design case .........................................................................................................206 Chapter 8 — Identity and Access Management 207 Overview ............................................................................................................207 Identity management ..........................................................................................207 Access management ...........................................................................................212 Authentication ....................................................................................................213 Table of Contents vii Single sign-on .....................................................................................................221 Federation ...........................................................................................................228 Example case - Markus Hess.............................................................................237 Summary ............................................................................................................239 Chapter review questions ....................................................................................239 Example case questions ......................................................................................240 Hands-on activity - identity match and merge ...................................................240 Critical thinking exercise - feudalism the security solution for the internet? .............................................................................................244 Design case .........................................................................................................245 Chapter 9 — Hardware and Software Controls 247 Overview ............................................................................................................247 Password management .......................................................................................247 Access control ....................................................................................................251 Firewalls .............................................................................................................252 Intrusion detection/prevention systems ..............................................................256 Patch management for operating systems and applications ...............................261 End-point protection ...........................................................................................264 Example case -AirTight networks .....................................................................266 Chapter review questions ....................................................................................270 Example case questions ......................................................................................270 Hands-on activity - host-based IDS (OSSEC) ...................................................271 Critical thinking exercise - extra-human security controls ................................275 Design case .........................................................................................................275 Chapter 10 — Shell Scripting 277 Overview ............................................................................................................277 Introduction ........................................................................................................277 Output redirection ...............................................................................................279 Text manipulation ...............................................................................................280 Variables .............................................................................................................283 Conditionals ........................................................................................................287 viii Table of Contents User input ...........................................................................................................290 Loops.................................................................................................................. 292 Putting it all together ..........................................................................................299 Example case - Max Butler ................................................................................301 Summary ............................................................................................................302 Chapter review questions ....................................................................................303 Example case questions ......................................................................................303 Hands-on activity - basic scripting ....................................................................303 Critical thinking exercise - script security .........................................................304 Design case .........................................................................................................305 Chapter 11 — Incident Handling 306 Introduction ........................................................................................................306 Incidents overview ..............................................................................................306 Incident handling ................................................................................................307 The disaster .........................................................................................................327 Example case - on-campus piracy .....................................................................328 Summary ............................................................................................................330 Chapter review questions ....................................................................................330 Example case questions ......................................................................................331 Hands-on activity - incident timeline using OSSEC .........................................331 Critical thinking exercise - destruction at the EDA ...........................................331 Design case .........................................................................................................332 Chapter 12 — Incident Analysis 333 Introduction ........................................................................................................333 Log analysis ........................................................................................................333 Event criticality ..................................................................................................337 General log configuration and maintenance .......................................................345 Live incident response ........................................................................................347 Timelines ............................................................................................................350 Other forensics topics .........................................................................................352 Example case - backup server compromise .......................................................353 Table of Contents ix Chapter review questions ....................................................................................355 Example case questions ......................................................................................356 Hands-on activity - server log analysis ..............................................................356 Critical thinking exercise - destruction at the EDA ...........................................358 Design case .........................................................................................................358 Chapter 13 — Policies, Standards, and Guidelines 360 Introduction ........................................................................................................360 Guiding principles ..............................................................................................360 Writing a policy ..................................................................................................367 Impact assessment and vetting ...........................................................................371 Policy review ......................................................................................................373 Compliance .........................................................................................................374 Key policy issues ................................................................................................377 Example case - HB Gary ...................................................................................378 Summary ............................................................................................................379 Reference ............................................................................................................379 Chapter review questions ....................................................................................379 Example case questions ......................................................................................380 Hands-on activity - create an AUP .....................................................................380 Critical thinking exercise - Aaron Swartz ..........................................................380 Design case .........................................................................................................381 Chapter 14 — IT Risk Analysis and Risk Management 382 Overview ............................................................................................................382 Introduction ........................................................................................................382 Risk management as a component of organizational management ..................................................................................................383 Risk-management framework ............................................................................384 The NIST 800-39 framework .............................................................................385 Risk assessment ..................................................................................................387 Other risk-management frameworks ..................................................................389 IT general controls for Sarbanes-Oxley compliance .........................................391 χ Table of Contents Compliance versus risk management .................................................................398 Selling security ...................................................................................................399 Example case - online marketplace purchases ...................................................399 Summary ............................................................................................................400 Chapter review questions ....................................................................................400 Hands-on activity - risk assessment using lsof .................................................401 Critical thinking exercise - risk estimation biases .............................................403 Design case .........................................................................................................403 Appendix A — Password List for the Linux Virtual Machine 404 Glossary 405 Index 413
any_adam_object	1
author	Agrawal, Manish Campoe, Alex Pierce, Eric
author_GND	(DE-588)138792003
author_facet	Agrawal, Manish Campoe, Alex Pierce, Eric
author_role	aut aut aut
author_sort	Agrawal, Manish
author_variant	m a ma a c ac e p ep
building	Verbundindex
bvnumber	BV041363110
callnumber-first	H - Social Science
callnumber-label	HB74
callnumber-raw	HB74.P8
callnumber-search	HB74.P8
callnumber-sort	HB 274 P8
callnumber-subject	HB - Economic Theory and Demography
classification_rvk	ST 276
ctrlnum	(OCoLC)881138179 (DE-599)BVBBV041363110
discipline	Informatik
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01713nam a2200421 c 4500</leader><controlfield tag="001">BV041363110</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20140522 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">131016s2014 d\|\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781118335895</subfield><subfield code="c">pbk.</subfield><subfield code="9">978-1-118-33589-5</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)881138179</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV041363110</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-355</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">HB74.P8</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 276</subfield><subfield code="0">(DE-625)143642:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Agrawal, Manish</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)138792003</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Information Security and Risk Management</subfield><subfield code="c">Manish Agrawal; Alex Campoe; Eric Pierce</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Hoboken, NJ</subfield><subfield code="b">Wiley</subfield><subfield code="c">2014</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XVIII, 414 S.</subfield><subfield code="b">graph. Darst.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references and index</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Risikomanagement</subfield><subfield code="0">(DE-588)4121590-4</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Unternehmen</subfield><subfield code="0">(DE-588)4061963-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="655" ind1=" " ind2="7"><subfield code="0">(DE-588)4123623-3</subfield><subfield code="a">Lehrbuch</subfield><subfield code="2">gnd-content</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Unternehmen</subfield><subfield code="0">(DE-588)4061963-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Risikomanagement</subfield><subfield code="0">(DE-588)4121590-4</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="C">b</subfield><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Campoe, Alex</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Pierce, Eric</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Regensburg - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=026811420&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-026811420</subfield></datafield></record></collection>
genre	(DE-588)4123623-3 Lehrbuch gnd-content
genre_facet	Lehrbuch
id	DE-604.BV041363110
illustrated	Illustrated
indexdate	2024-07-10T00:54:59Z
institution	BVB
isbn	9781118335895
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-026811420
oclc_num	881138179
open_access_boolean
owner	DE-355 DE-BY-UBR
owner_facet	DE-355 DE-BY-UBR
physical	XVIII, 414 S. graph. Darst.
publishDate	2014
publishDateSearch	2014
publishDateSort	2014
publisher	Wiley
record_format	marc
spelling	Agrawal, Manish Verfasser (DE-588)138792003 aut Information Security and Risk Management Manish Agrawal; Alex Campoe; Eric Pierce Hoboken, NJ Wiley 2014 XVIII, 414 S. graph. Darst. txt rdacontent n rdamedia nc rdacarrier Includes bibliographical references and index Risikomanagement (DE-588)4121590-4 gnd rswk-swf Unternehmen (DE-588)4061963-1 gnd rswk-swf Computersicherheit (DE-588)4274324-2 gnd rswk-swf (DE-588)4123623-3 Lehrbuch gnd-content Unternehmen (DE-588)4061963-1 s Computersicherheit (DE-588)4274324-2 s Risikomanagement (DE-588)4121590-4 s b DE-604 Campoe, Alex Verfasser aut Pierce, Eric Verfasser aut Digitalisierung UB Regensburg - ADAM Catalogue Enrichment application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=026811420&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Agrawal, Manish Campoe, Alex Pierce, Eric Information Security and Risk Management Risikomanagement (DE-588)4121590-4 gnd Unternehmen (DE-588)4061963-1 gnd Computersicherheit (DE-588)4274324-2 gnd
subject_GND	(DE-588)4121590-4 (DE-588)4061963-1 (DE-588)4274324-2 (DE-588)4123623-3
title	Information Security and Risk Management
title_auth	Information Security and Risk Management
title_exact_search	Information Security and Risk Management
title_full	Information Security and Risk Management Manish Agrawal; Alex Campoe; Eric Pierce
title_fullStr	Information Security and Risk Management Manish Agrawal; Alex Campoe; Eric Pierce
title_full_unstemmed	Information Security and Risk Management Manish Agrawal; Alex Campoe; Eric Pierce
title_short	Information Security and Risk Management
title_sort	information security and risk management
topic	Risikomanagement (DE-588)4121590-4 gnd Unternehmen (DE-588)4061963-1 gnd Computersicherheit (DE-588)4274324-2 gnd
topic_facet	Risikomanagement Unternehmen Computersicherheit Lehrbuch
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=026811420&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT agrawalmanish informationsecurityandriskmanagement AT campoealex informationsecurityandriskmanagement AT pierceeric informationsecurityandriskmanagement

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge