Verfügbarkeit: Information security management

Information security management: concepts and practice

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Raggad, Bel G. (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Boca Raton, Fla. [u.a.] CRC Press 2010
Schriftenreihe:	An Auerbach book
Schlagworte:	Computer security > Management Data protection Computersicherheit Datensicherung Lehrbuch
Online-Zugang:	Inhaltsverzeichnis
Beschreibung:	XXXV, 832 S. graph. Darst.
ISBN:	9781420078541

Internformat

MARC


LEADER	00000nam a2200000zc 4500
001	BV036117084
003	DE-604
005	20100528
007	t
008	100412s2010 xxud\|\|\| \|\|\|\| 00\|\|\| eng d
010			\|a 2009043226
020			\|a 9781420078541 \|c hardcover : alk. paper \|9 978-1-4200-7854-1
035			\|a (OCoLC)226357396
035			\|a (DE-599)BVBBV036117084
040			\|a DE-604 \|b ger \|e aacr
041	0		\|a eng
044			\|a xxu \|c US
049			\|a DE-355
050		0	\|a QA76.9.A25
082	0		\|a 005.8
084			\|a ST 276 \|0 (DE-625)143642: \|2 rvk
100	1		\|a Raggad, Bel G. \|e Verfasser \|4 aut
245	1	0	\|a Information security management \|b concepts and practice \|c Bel G. Raggad
264		1	\|a Boca Raton, Fla. [u.a.] \|b CRC Press \|c 2010
300			\|a XXXV, 832 S. \|b graph. Darst.
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
490	0		\|a An Auerbach book
650		4	\|a Computer security \|x Management
650		4	\|a Data protection
650	0	7	\|a Computersicherheit \|0 (DE-588)4274324-2 \|2 gnd \|9 rswk-swf
650	0	7	\|a Datensicherung \|0 (DE-588)4011144-1 \|2 gnd \|9 rswk-swf
655		7	\|0 (DE-588)4123623-3 \|a Lehrbuch \|2 gnd-content
689	0	0	\|a Computersicherheit \|0 (DE-588)4274324-2 \|D s
689	0	1	\|a Datensicherung \|0 (DE-588)4011144-1 \|D s
689	0		\|C b \|5 DE-604
856	4	2	\|m Digitalisierung UB Regensburg \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=019007169&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-019007169

Datensatz im Suchindex

_version_	1804141221049794560
adam_text	Contents Preface ........................................................................................................xxix About the Author ......................................................................................xxxv SECTION I INTRODUCTION 1 Introduction to Information Security Management ..............................3 1.1 Introduction ......................................................................................4 1.2 Why Information Security Matters ...................................................5 1.3 Information Sensitivity Classification ................................................6 1.3.1 Top Secret .............................................................................7 1.3.2 Highly Confidential .............................................................7 1.3.3 Proprietary ............................................................................8 1.3.4 Internal Use Only .................................................................8 1.3.5 Public Information ...............................................................8 1.4 Information Security Governance .....................................................8 1.5 The Computing Environment .........................................................10 1.5.1 People .................................................................................12 1.5.2 System Activities .................................................................13 1.5.3 Data Resources ...................................................................14 1.5.3.1 Noise Facts .........................................................14 1.5.3.2 Data Facts ...........................................................14 1.5.3.3 Information ........................................................15 1.5.3.4 Knowledge Facts .................................................15 1.5.4 Technology .........................................................................15 1.5.5 Network .............................................................................16 1.6 Security of Various Components in the Computing Environment ...................................................................................16 1.6.1 Personnel Security ..............................................................16 1.6.2 Activity Security .................................................................17 1.6.3 Information Security ..........................................................17 1.6.4 Technology Security ...........................................................18 vii viii ■ Contents 1.6.5 Network Security ...............................................................19 1.7 Security Interdependence .................................................................19 1.8 CIA Triad ........................................................................................20 1.8.1 Confidentiality ...................................................................20 1.8.2 Integrity ..............................................................................20 1.8.3 Availability .........................................................................20 1.9 Security Goals versus Business Goals ...............................................20 1.10 The Security Star .............................................................................22 1.10.1 Authentication ....................................................................22 1.10.2 Non-Repudiation ................................................................23 1.10.3 Risk Management ..............................................................23 1.11 Parker s View ofinformation Security .............................................24 1.11.1 Authenticity ........................................................................24 1.11.2 Possession Envelope ............................................................24 1.11.3 Utility .................................................................................25 1.12 What Is Information Security Management? ...................................25 1.13 Defense-In-Depth Security ..............................................................25 1.14 Security Controls .............................................................................25 1.15 The NSA Triad for Security Assessment ..........................................28 1.15.1 Assessment ..........................................................................28 1.15.2 Evaluation ..........................................................................28 1.15.3 Penetration Testing .............................................................29 1.16 Summary .........................................................................................30 1.17 Review Questions ............................................................................30 1.18 Workshops .......................................................................................31 Workshop 1.....................................................................................31 Workshop 2.....................................................................................31 References ..................................................................................................32 2 Introduction to Management Concepts ...............................................33 2.1 Introduction ...................................................................................34 2.2 Brief History of Management .........................................................34 2.3 Traditional Management Skills and Security Literacy .....................36 2.3.1 Computer Literacy ..............................................................36 2.3.2 Information Literacy ...........................................................37 2.3.3 Security Literacy .................................................................38 2.4 Managerial Skills .....................................................:.......................39 2.5 Redefining Mintzberg s Managerial Roles .......................................39 2.5.1 Redefining Interpersonal Roles ..........................................40 2.5.2 Redefining Informational Roles ..........................................41 2.5.3 Redefining Decisional Roles ...............................................41 2.6 Strategic Management Concepts ....................................................42 Contents ■ ix 2.7 IS Security Management Activities .................................................46 2.7.1 Prerequisites for Information Security Management ...........47 2.7.2 Core Phases ofinformation Security Management .............47 2.7.2.1 Security Planning ...............................................47 2.7 .2.2 Development and Revision of Security Policy ..................................................................47 2.7.2.3 Security Risk Analysis ........................................48 2.7.2.4 Security Assessment (Passive or Active) ...............48 2.7.2.5 Security Auditing ...............................................48 2.7.2.6 Security Certification and Accreditation .............48 2.7.2.7 Development of ISMS ........................................48 2.7.2.8 Intrusion Detection ............................................49 2.7.3 Recursive Continual Improvement for Security Management .......................................................................49 2.8 Do We Really Need an Independent Information Security Functional Unit? ..............................................................................49 2.9 The Information Security Management Cycle .................................51 2.9.1 Information Security Management Cycle and Management Concepts .......................................................51 2.9.2 Information Security Controls ............................................54 2.9.3 Information Security Requirements ....................................54 2.10 IS Security Management versus Functional Management ...............55 2.10.1 Strategic and Functional Levels: Security Managers ...........55 2.10.2 Operational Management Level: Security Administrators ....................................................................56 2.10.3 Roles, Responsibilities, and Qualifications for an IS Security Manager ...............................................................56 2.10.4 ISO Personality Traits for Effective IS Security Management .......................................................................58 2.10.5 The Information Security Management Team ....................59 2.10.6 ISO Self-Assessment to Deliver Effective IS Security Management .......................................................................61 2.11 Summary .........................................................................................63 2.12 Review Questions ...........................................................................64 2.13 Workshops ......................................................................................64 Workshop 1....................................................................................64 Workshop 2.....................................................................................65 References ..................................................................................................65 The Information Security Life Cycle ....................................................67 3.1 Introduction ....................................................................................67 3.2 Security Planning in the SLC ..........................................................69 3.2.1 Asset Definition ..................................................................69 χ ■ Contents 3.2.2 Security Policy ....................................................................71 3.2.3 Security Objectives .............................................................73 3.2.4 Security Scope ....................................................................74 3.3 Security Analysis .............................................................................75 3.3.1 Asset Analysis .....................................................................78 3.3.2 Impact Analysis ..................................................................79 3.3.3 Threat Analysis ...................................................................82 3.3.4 Exposure Analysis ...............................................................86 3.3.5 Vulnerability Analysis .........................................................87 3.3.6 Analysis of Effectiveness of Existing Security Controls .......88 3.3.7 Risk Analysis ......................................................................88 3.3.8 Security Requirements ........................................................92 3.4 Security Design ...............................................................................93 3.4.1 Risk Mitigation ..................................................................94 3.4.2 Design of Security Training Programs ................................96 3.4.3 Design of Security Planning Programs ...............................97 3.4.4 Design of the Risk-Driven Security Program ......................97 3.5 Security Implementation .................................................................99 3.6 Security Review .............................................................................100 3.7 Continual Security ........................................................................100 3.8 Summary .......................................................................................101 3.9 Review Questions ..........................................................................102 3.10 Workshops .....................................................................................102 Workshop 1...................................................................................102 Workshop 2...................................................................................103 Reference .................................................................................................103 SECTION II SECURITY PLAN 4 Security Plan ......................................................................................107 4.1 Introduction ..................................................................................108 4.2 SP Development Guidelines ..........................................................109 4.2.1 The Security Planning Process ..........................................109 4.2.2 System Categorization in Security Planning .....................112 4.2.3 Risk Management in Security Planning ...........................113 4.2.4 System SP Responsibilities ................................................114 4.2.5 System SP Approval ..........................................................115 4.2.6 Certification and Accreditation Process ............................115 4.2.7 SP Scope and System Boundaries .....................................116 4.2.7.1 Major Applications ...........................................117 4.2.7.2 General Support Systems ..................................118 4.2.8 What Is a Security Plan? ...........................,.......................118 Contents ■ xi 4.2.9 SP Analysis .......................................................................119 4.2.9.1 Scoping Guidance ............................................119 4.2.9.2 Compensating Controls ....................................123 4.2.9.3 Common Security Controls ..............................124 4.2.10 Security Control Selection ................................................126 4.2.11 Ongoing System SP Maintenance .....................................128 4.3 SP Methodology ............................................................................128 4.3.1 Security Program versus Security Plan ..............................129 4.3.2 Applications and Systems ..................................................130 4.3.3 Main Phases of the SP Methodology ................................131 4.3.3.1 Strategic Security Definition .............................131 4.3.3.2 Strategic Security Analysis ................................135 4.3.3.3 Strategic Security Design ..................................151 4.3.3.4 Strategic Security Choice ..................................159 4.3.3.5 Strategic Security Review .................................160 4.4 Summary .......................................................................................162 4.5 Review Questions ..........................................................................163 4.6 Workshops .....................................................................................163 Workshop 1...................................................................................163 Workshop 2...................................................................................163 References ................................................................................................164 Security Policy. ...................................................................................165 5.1 Introduction ..................................................................................165 5.2 Security Policy, Standards, and Guidelines ....................................166 5.2.1 IT Security Policy .............................................................166 5.2.2 Standard ...........................................................................167 5.2.3 Guideline ..........................................................................167 5.3 Security Policy Methodologies .......................................................169 5.3.1 Role-Based Security Policy ...............................................170 5.3.1.1 Requirements for Role-Based Security Policy ... 170 5.3.1.2 Compliance Controls in RBAC ........................171 5.3.2 The Corporate Vital Defense Strategy ...............................172 5.3.2.1 Requirements for the Corporate Vital Defense Strategy ...............................................172 5.3.2.2 How to Defend the Corporate Enclave through CVDS .................................................173 5.3.2.3 Raggad s IS Security Taxonomy. .......................174 5.3.2.4 How to Develop a Security Information System ..............................................................176 5.3.2.5 How to Build the Security Policy .....................180 5.3.3 Security Policy Flow Diagrams .........................................180 5.3.3.1 Policy Flow Statement ......................................182 xii ■ Contents 5.3.4 Security Policy Based on Computing Environment Partition ...........................................................................189 5.3.4.1 Security Policy for People .................................189 5.3.4.2 Security Policy for Networks ............................193 5.3.4.3 Security Policy for Technology .........................197 5.3.4.4 Security Policy of Activities .............................204 5.3.4.5 Security Policy for Data/Information ...............205 5.3.5 Security Policy Based on Computing Boundaries .............205 5.3.6 Benson s Security Policy Methodology .............................207 5.3.6.1 Methodology for Defining Security Strategies ..........................................................207 5.3.6.2 Proactive Strategy .............................................207 5.3.6.3 Reactive Strategy .............................................208 5.3.6.4 Assess the Damage ............................................209 5.3.6.5 Determine the Cause of the Damage ................209 5.3.6.6 Repair the Damage ...........................................209 5.3.6.7 Document and Learn .......................................209 5.3.6.8 Implement Contingency Plan ...........................209 5.3.6.9 Review Outcome/Do Simulations ....................210 5.3.6.10 Review Policy Effectiveness ..............................210 5.3.6.11 Adjust Policy Accordingly .................................210 5.4 Summary .......................................................................................210 5.5 Review Questions ..........................................................................210 5.6 Workshops .....................................................................................211 Workshop 1...................................................................................211 Workshop 2...................................................................................211 Workshop 3...................................................................................211 References ................................................................................................211 Business Continuity Planning ............................................................213 6.1 Introduction ..................................................................................214 6.2 Business Disruptions .....................................................................215 6.3 Business Continuity .......................................................................217 6Ä Disaster Recovery ..........................................................................217 6.5 Responding to Business Disruptions ..............................................218 6.5.1 Deterrence Safeguards ......................................................219 6.5.2 Detective Safeguards .......................................................220 6.5.3 Preventive Safeguards ......................................................220 6.5.4 Corrective Safeguards .......................................................221 6.5.4.1 What Is a Business Continuity Plan? ................221 6.5.4.2 What Is a Disaster Recovery Plan? ....................223 6.5.4.3 Coexistence of BCP and DRP ..........................224 Contents ■ xiii 6.6 Developing а ВСР .........................................................................225 6.6.1 Business Continuity Planning ..........................................225 6.6.1.1 Scope of Business Continuity ..........................226 6.6.1.2 Objectives of Business Continuity ....................229 6.6.1.3 Business Continuity Policy ...............................230 6.6.1.4 Feasibility Study ...............................................230 6.6.2 Business Continuity Analysis ............................................231 6.6.2.1 Business Analysis ..............................................232 6.6.2.2 Risk Analysis ....................................................236 6.6.2.3 Business Impact Analysis ..................................240 6.6.2.4 Risk-Driven Business Continuity Program .......257 6.6.2.5 Risk-Driven Business Continuity Management Applicability ..............................260 6.6.3 Business Continuity Design .............................................261 6.6.3.1 Business Continuity Management Requirements ....................................................261 6.6.3.2 Business Continuity Program ..........................264 6.6.3.3 Business Continuity Plan ..................................267 6.6.4 Implementation of the Business Continuity Plan .............268 6.6.4.1 Training All Relevant People ...........................268 6.6.4.2 Exercising the Business Continuity Plan ...........269 6.6.4.3 Review of the Business Continuity Plan ...........269 6.6.5 Maintenance of the Business Continuity Plan ..................269 6.7 Summary .......................................................................................270 6.8 Review Questions ..........................................................................270 6.9 Workshops .....................................................................................271 Workshop 1...................................................................................271 Questions ......................................................................................272 Workshop 2...................................................................................276 References ................................................................................................276 SECTION III SECURITY ANALYSIS 7 Security Risk Management ................................................................281 7.1 Introduction ..................................................................................282 7.1.1 Various Layers of Risk ......................................................282 7.2 The Risk Management Life Cycle .................................................284 7.3 The Preparation Effort for Risk Management ...............................286 7.3.1 What Is Asset Risk? .........................................................286 7.3.2 What Is Enterprise Risk? ..................................................287 7.4 A Sustainable Security Culture ......................................................289 7.4.1 Hazards ............................................................................290 7.5 Information Needed to Manage Risks ...........................................291 xiv ■ Contents 7.6 Factors Affecting Security Risk ......................................................292 7.6.1 Annual Productivity .........................................................295 7.6.2 Corrective Actions ............................................................296 7.6.3 Managing Productivity at Time of Disruption .................298 7.7 The ALE Risk Methodology ..........................................................301 7.8 Operational, Functional, and Strategic Risks .................................302 7.9 Operational Risk Management: Case of the Naval Safety Center ...........................................................................................306 7.9.1 Step 1: Identify Hazards ...................................................307 7.9.2 Step 2: Assess Hazards .....................................................308 7.9.3 Step 3: Make Risk Decisions ............................................309 7.9.4 Step 4: Implement Controls ..............................................309 7.9.5 Step 5: Supervise ...............................................................309 7.10 The ABLE Methodology ................................................................311 7.10.1 Introduction .....................................................................311 7.10.1.1 Measuring Functional Risk ..............................315 7.10.1.2 Measuring Strategic Risk ..................................316 7.10.2 Risk Analysis Using ABLE ...............................................317 7.10.2.1 The ABLE Risk Methodology ...........................317 7.10.2.2 Roles and Responsibilities .................................318 7.10.2.3 Risk Analysis Team ..........................................318 7.10.2.4 ABLE s Phases ..................................................319 7.11 Summary .......................................................................................350 7.12 Review Questions ..........................................................................350 7.13 Workshops .....................................................................................351 Workshop 1...................................................................................351 Workshop 2...................................................................................352 Workshop 3...................................................................................352 References ................................................................................................353 8 Continual Security: Integrated Fault-Event Analysis and Response Framework (IFEAR) ...........................................................355 8.1 Introduction ..................................................................................355 8.2 IFEAR Methodology .....................................................................356 8.3 Fault Tree Analysis ........................................................................359 8.3.1 FTA Development ............................................................361 8.3.2 Design of a Fault Tree .......................................................368 8.4 Event Tree Analysis .......................................................................377 8.4.1 ETA Steps .........................................................................378 8.4.2 How Is an Event Tree Constructed? .................................383 8.4.2.1 Advantages and Disadvantages of ETA .............383 8.4.3 Computing the Probabilities of Event Tree Paths ..............384 Contents ■ xv 8.4.4 Simulation-Based Event Tree Analysis for an Introduction Detection System .........................................385 8.4.5 Transient Failure Exit .......................................................386 8.4.6 Single Point Failure Exit ...................................................387 8.4.7 Permanent Failure Exit .....................................................388 8.5 FTA-ETA Integration ....................................................................388 8.6 Risk Management .........................................................................389 8.6.1 Computation of Probabilities in FTA-ETA Integration ........................................................................390 8.7 Simulation and Sensitivity Analysis ...............................................391 8.7.1 Risk Management Chain ..................................................391 8.8 Summary .......................................................................................393 8.9 Review Questions ..........................................................................395 8.10 Workshops .....................................................................................395 Workshop 1...................................................................................395 Workshop 2...................................................................................396 References ................................................................................................396 Active Security Assessment .................................................................397 9.1 Introduction ..................................................................................398 9.2 Standards for Active Security Assessment ......................................399 9.3 Limits of Active Security Assessment .............................................399 9.4 Can You Hack Your Own System? ................................................401 9.5 Ethical Hacking of a Computing Environment .............................403 9.5.1 Attacks on People .............................................................403 9.5.2 Attacks on Infrastructure ..................................................403 9.5.3 Attacks on Technology ....................................................404 9.5.4 Attacks on Data ................................................................405 9.5.5 Attacks on Activities .........................................................405 9.6 Ethics in Ethical Hacking ............................................................406 9.7 ASA through Penetration Testing ..................................................407 9.7.1 Target Systems and Components .....................................408 9.7.2 Delivery Requirements ....................................................408 9.7.3 Timing in the ASA Project ..............................................408 9.7.4 Responses Available to ASA Testers .................................409 9.8 Strategies for Active Security Assessment .......................................410 9.8.1 Place Strategies for Active Security Assessment .................410 9.8.1.1 External Active Security Assessment Strategy ............................................................410 9.8.1.2 Internal Active Security Assessment Strategy ............................................................411 9.8.2 Visibility Strategies for Active Security Assessment ...........412 9.8.3 Direction Strategy ............................................................412 xvi ■ Contents 9.9 Guidelines and Terms between Testers and the Organization .......413 9.10 The Active Security Assessment Project .........................................414 9.10.1 Planning Effort .................................................................414 9.10.2 Reconnaissance Effort ......................................................416 9.10.2.1 Search for Preliminary Information ..................416 9.10.2.2 Examples of Tools Applicable to the Reconnaissance Phase .......................................421 9.10.3 Passive Security Assessment ..............................................424 9.10.3.1 CVE to Standardize Vulnerabilities ..................425 9.10.4 Active Security Assessment Effort ....................................428 9.10.4.1 The NSA Triad for Security Assessment ...........428 9.10.4.2 How to Penetrate the System as Hackers Do ...................................................................430 9.10.4.3 Active Security Assessment on Network ..........430 9.10.4.4 What to Look for, as a Hacker Would ..............431 9.10.4.5 Simulating What Hackers Do ..........................432 9.10.4.6 Port Scanning ...................................................432 9.10.4.7 How Do Port Scanners Work? ..........................435 9.10.4.8 How to Map Company Networks as Hackers Do ......................................................435 9.10.4.9 How to Scan Your Systems as Hackers Do .......436 9.10.4.10 Cognitive Ability of Hackers ............................436 9.10.5 Resources Available for ASA Testers .................................437 9.10.5.1 Active and Passive Security Assessment Tools .................................................................437 9.10.5.2 General System Vulnerability Tools ..................439 9.10.5.3 Top 10 Web Application Vulnerability Scanners ..........................................................442 9.10.6 Corrective Effort ..............................................................444 9.10.7 Active Security Assessment Report ..................................444 9.11 Summary .......................................................................................445 9.12 Review Questions ..........................................................................445 9.13 Workshops .....................................................................................447 Workshop 1...................................................................................447 Workshop 2...................................................................................447 References ................................................................................................447 10 System Availability .............................................................................449 10.1 Introduction ..................................................................................450 10.2 Computer Clustering .....................................................................450 10.3 Review of Cluster Concepts ...........................................................451 10.4 Types of Clusters ...........................................................................452 10.4.1 High-Availability/Failover Clusters ...................................452 Contents ■ xvii 10.4.2 High-Performance Computing Clusters ...........................452 10.4.3 Load-Balancing Clusters ...................................................453 10.4.4 Grid Computing ...............................................................453 10.5 Web Site Availability .....................................................................453 10.5.1 Web Scalability .................................................................454 10.5.2 Web Availability ...............................................................455 10.5.3 The Web Cluster ...............................................................456 10.5.4 Cluster Affinity .................................................................457 10.6 Application Centers No Longer the Only Sound Implementation .............................................................................459 10.6.1 Increased Security .............................................................459 10.6.2 Application Rollback ........................................................459 10.6.3 Integration with Centralized Monitoring ........................460 10.6.4 Web Application and Enterprise Monitoring ...................460 10.7 Computation of Availability in High-Availability Cluster .............460 10.7.1 Simple Clustering Architecture .........................................461 10.7.2 Serial Availability ..............................................................461 10.7.3 Parallel Availability ...........................................................462 10.7.4 Availability Computation .................................................467 10.8 Related Availability Definitions .....................................................467 10.8.1 Concepts Closely Related to Availability .........................468 10.8.1.1 Downtime or Unavailability ............................468 10.8.1.2 Reliability ........................................................468 10.8.1.3 Fallibility or Unreliability ................................468 10.8.1.4 Failure Rate .....................................................468 10.8.1.5 Mean Time between Failures ...........................468 10.8.1.6 Mean Time to Repair .......................................469 10.8.2 Availability versus Defects per Million .............................469 10.8.3 Availability versus MTBF and MTTR .............................471 10.8.4 Computing Availability for Mixed Architecture ...............473 10.9 How to Obtain Higher Availability: The Cisco Process .................473 10.9.1 Feasibility Requirement for Higher Availability ................475 10.9.1.1 Economical Feasibility of Availability ...............475 10.9.1.2 Social Feasibility of Availability ........................475 10.9.1.3 Operational Feasibility of Availability ...............475 10.9.1.4 Technical Feasibility for Availability .................475 10.9.1.5 Legal/Ethical Feasibility of Availability ............476 10.9.2 How to Conduct Cisco Phases ..........................................476 10.9.2.1 Phase 1: Measure Availability ...........................476 10.9.2.2 Phase 2: The Four Nines Availability ...............477 10.9.2.3 Phase 3: Five Nines Availability .......................477 10.10 Common Configurations for Clusters ...........................................478 10.10.1 Common Cluster Configurations .....................................479 xviii ■ Contents 10.10.2 Minimal Cluster Design Requirements ...........................480 10.10.3 Redundancy Reliability ...................................................480 10.11 Self-Healing and Availability .........................................................483 10.12 Summary ......................................................................................484 10.13 Review Questions .........................................................................484 10.14 Workshops .....................................................................................485 Workshop 1...................................................................................485 References ................................................................................................486 SECTION IV SECURITY DESIGN 11 Nominal Security Enhancement Design Based on ISO/IEC 27002..................................................................................................491 11.1 Introduction ..................................................................................492 11.2 History of the ISO/IEC 27002......................................................492 11.3 ISO/IEC 27002.............................................................................493 11.4 How to Use the ISO/IEC 27002 to Enhance Security ...................498 11.4.1 c2. Security Policy ...........................................................504 11.4.2 со. Organization ofinformation Security ........................506 11.4.3 c4. Asset Management ......................................................507 11.4.4 c5. Human Resources Security .........................................508 11.4.5 сб. Physical and Environmental Security ..........................508 11.4.6 c7. Communications and Operations Management ..........509 11.4.7 c8. Access Control ............................................................510 11.4.8 c9. Systems Development and Maintenance .....................510 11.4.9 clO. Information Security Incident Management ..............518 11.4.10 ell. Business Continuity Management .............................518 11.4.11 cl2. Compliance ...............................................................520 11.5 Measurement and Implementations ...............................................520 11.5.1 How Does This Toning Up Work? ...................................523 11.6 Strategies to Enhance the ISO/IEC 27002-Based Security Posture ..........................................................................................524 11.6.1 Threat-Based ISO/IEC 27002-Based Security Posture Enhancement Strategy ......................................................525 11.6.2 Impact-Based ISO/IEC 27002-Based Security Posture Enhancement Strategy..... .................................................526 11.6.3 Vulnerability-Based Strategy to Enhance ISO/IEC 27002-Based Security Posture ..........................................530 11.6.4 Security Control-Based ISO/IEC 27002-Based Security Posture Enhancement Strategy ...........................531 11.6.5 Cost-Based ISO/IEC 27002-Based Security Posture Enhancement Strategy ......................................................532 Contents ■ xix 11.7 Comparing the ISO/IEC 27002-Based Security Posture Enhancement Strategies .................................................................533 11.8 Summary .......................................................................................536 11.9 Review Questions ..........................................................................536 11.10 Workshops .....................................................................................537 Workshop 1...................................................................................537 Workshop 2...................................................................................537 References ................................................................................................537 12 Technical Security Enhancement Based on ISO/IEC 27001..............539 12.1 Introduction ..................................................................................539 12.2 How Organizations Interact with the Standards ............................541 12.3 General ISMS Framework ............................................................542 12.3.1 Scope of the ISMS ...........................................................543 12.3.2 How to Define the Scope of the ISMS .............................544 12.3.3 Security Policy .................................................................544 12.3.4 Risk Assessment ................................................................545 12.3.5 Risk Management ............................................................545 12.3.6 Choose Your Safeguards ...................................................545 12.3.7 Statement of Applicability ...............................................546 12.4 The ISMS Model ..........................................................................546 12.5 The Process Approach Ensures the Continual Improvement of the ISMS ...................................................................................549 12.6 Development of the Information Security Management System ...........................................................................................551 12.7 Design of the ISMS .......................................................................553 12.8 Security Inventory Needs ..............................................................554 12.9 The Integration of ISMS Subsystems .............................................560 12.10 Self-Assessment for Compliance ....................................................562 12.11 Revisiting ISMS Scoping ...............................................................571 12.11.1 ISMS Scoping ...................................................................571 12.11.2 ISMS Scope for Small Enterprises .....................................572 12.11.3 Enterprise Modeling for ISMS Scoping ............................573 12.11.3.1 Major Applications ...........................................573 12.11.3.2 General Support Systems and Limited Support Systems ...............................................574 12.11.4 Preparation for the Two-Tier Risk-Based Prioritization Approach ..........................................................................575 12.11.4.1 Algorithm for Scoping an ISMS .......................576 12.11.4.2 Tl-SRI/C Scheme ............................................577 12.11.4.3 Computing the Tl-SRI Index and the Tl-SRC Classes ................................................578 12.11.5 Example ............................................................................579 xx ■ Contents 12.12 Conclusion ....................................................................................583 12.13 Review Questions ..........................................................................584 12.14 Workshops.....................................................................................584 Workshop 1...................................................................................584 Workshop 2...................................................................................585 References ................................................................................................585 SECTION V SECURITY IMPLEMENTATION 13 Security Solutions ...............................................................................589 13.1 Introduction ..................................................................................590 13.2 Security Solutions ..........................................................................591 13.2.1 Security Management .......................................................592 13.2.1.1 Information Security Management System .......592 13.2.1.2 Simple Network Management ..........................593 13.2.2 Cryptographic Solutions ...................................................595 13.2.2.1 Cryptography ...................................................595 13.2.2.2 Main Cryptographic Mechanisms ....................596 13.2.2.3 Block and Stream Ciphers in Symmetric Cryptography ...................................................597 13.2.2.4 Digital Signatures .............................................598 13.2.2.5 Virtual Private Network ...................................599 13.2.3 Access Control ..................................................................603 13.2.3.1 What Is Access Control? ...................................603 13.2.3.2 Access Control Technologies ...........................604 13.2.3.3 Authentication ..................................................605 13.2.3.4 Biometrics .......................................................606 13.2.4 Data Traffic Control .........................................................607 13.2.5 Security Analysis .............................................................609 13.2.5.1 Need for Security Analysis ...............................609 13.2.5.2 Security Testing ...............................................609 13.2.5.3 Vulnerability Assessment ..................................610 13.2.5.4 Security Review ................................................611 13.2.5.6 Forensic Investigation .......................................611 13.2.5.7 Security Audit ..................................................611 13.2.6 Physical Security ...............................................................614 13.3 The NIST Security Solution Taxonomy. ........................................618 13.4 The ISO Security Solution Taxonomy ...........................................619 13.5 Summary .......................................................................................620 13.6 Review Questions ..........................................................................620 13.7 Workshops .....................................................................................621 Workshop 1...................................................................................621 Workshop 2...................................................................................621 Contents ■ xxi Workshop 3...................................................................................621 Workshop 4...................................................................................622 References................................................................................................ 622 14 The Common Criteria. ........................................................................623 14.1 The Birth of the Common Criteria ................................................623 14.1.1 TCSEC, ITSEC, and CC .................................................626 14.2 Common Uses of the CC ..............................................................629 14.3 The CC Document ........................................................................630 14.4.1 Security Enforcing Functions ...........................................632 14.4.2 Security Relevant Functions .............................................632 14.4.3 Trusted Computing Base (TCB) .......................................633 14.4.4 The Protection Profile (PP) ...............................................633 14.4.5 The Security Target (ST) ..................................................634 14.4.6 The Package ......................................................................636 14.5 The CC Security Approach ............................................................636 14.5.1 A Simple CC Framework ..................................................636 14.5.2 Evaluation ........................................................................638 14.5.3 CC Evaluation Assurance Levels ......................................638 14.5.3.1 EAL1: Functionally Tested ...............................638 14.5.3.2 EAL2: Structurally Tested ................................639 14.5.3.3 EAL3: Methodically Tested and Checked ........639 14.5.3.4 EAL4: Methodically Designed, Tested, and Reviewed ...................................................639 14.5.3.5 EAL5: Semiformally Designed and Tested ......640 14.5-3.6 EAL6: Semiformally Verified Design and Tested ..............................................................640 14.5.3.7 EAL7: Formally Verified Design and Tested ..............................................................640 14.6 Information Resource Evaluation Methodology ...........................640 14.6.1 Common Principles of Evaluations ..................................640 14.6.2 Methodology ....................................................................641 14.6.2.1 Government ....................................................642 14.6.2.2 The Developer .................................................642 14.6.2.3 The Evaluator ..................................................642 14.6.2.4 The Sponsor .....................................................642 14.6.2.5 Evaluation Process ...........................................642 14.7 CC Security Evaluation Programs ................................................644 14.8 The American Model of CC Evaluation Programs .........................649 14.8.1 The Trusted Product Evaluation Program (TPEP) ............650 14.8.2 The Trust Technology Assessment Program (TTAP) ........651 14.9 A National Model ..........................................................................651 14.9.1 Planning a National Evaluation Program .........................652 xxii ■ Contents 14.10 Some Other CC Evaluation Requirements ....................................653 14.10.1 Vendors .............................................................................653 14.10.2 NEP Evaluation Providers ................................................654 14.10.3 Authorization of Evaluation Facility .................................654 14.10.3.1 Impartiality ......................................................655 14.10.3.2 Personnel ..........................................................655 14.10.3.3 Reporting and Communication Capabilities .......................................................655 l4.10.3.4Monitoring .......................................................656 14.11 Minicase........................................................................................ 656 14.11.1 Planning the TEF .............................................................656 14.11.2 TEF Authorization ...........................................................657 14.11.3 TEF Operations ...............................................................658 14.11.3.1 TEF Relationship with Vendors ........................658 14.11.3.2 TEF Relationship with the NEP Oversight Board ................................................................661 14.11.3.3 NEF Support ....................................................661 14.11.4 NEF Maintenance ............................................................661 14.11.4.1 NEF Proficiency Test ........................................661 14.11.4.2 TEF On-Site Assessment ..................................662 14.12 Summary .......................................................................................662 14.13 Review Questions ..........................................................................663 14.14 Workshops ....................................................................................664 Workshop 1..................................................................................664 Workshop 2...................................................................................665 References ................................................................................................665 SECTION VI SECURITY REVIEW 15 Security Review through Security Audit ............................................669 15.1 Introduction ..................................................................................669 15.2 Security Audit Means Different Things to Different People ...........670 15.2.1 How Does NSA Define Security Audit? ...........................670 15.2.2 How Does Whatls.com Define Security Audit? ...............671 15.2.3 How Does the ATIS Define Security Audit? ....................672 15.2.4 How Does Wikipedia Define Security Audit? ..................673 15.3 Some Security Audit Activities ......................................................674 15.4 Our Definition of Security Audit ..................................................675 15.5 Main Features in Security Audit ....................................................676 15.5.1 Feature 1: A Security Audit Is a Systematic Process ..........677 15-5-2 Feature 2: A Security Audit Requires as an Independent Auditor .......................................................680 Contents ■ xxiii 15.5.3 Feature 3: A Security Audit Applies Established Criteria or Standards .......................................................680 15.5.4 Feature 4: A Security Audit Collects Evidence of Compliance with Controls, Policy, and Procedures, or Adequacy of Its Security Defense System .........................680 15.5.5 Feature 5: Detects Breaches ..............................................681 15.5.6 Feature 6: A Selective Audit Applies Selective Testing ......682 15.5.7 Feature 7: It Measures the Degree of Fairness of Owners Assertions in Representing the State of Complying with the Criteria or Standard, or Criteria Established, Given the Samples Taken ..............................682 15.5.8 Feature 8: A Security Audit Attests to the Adequacy of the Current Security Defense System ................................682 15.5.9 Feature 9: A Security Audit Measures the Basic and Residual Risk Positions of the Audited Company .............683 15.5.10 Feature 10: A Security Audit Recommends Corrective and Preventive Actions in a Risk-Driven Security Program That Ensures a Continual Improvement of the Security Position ...............................................................683 15.5.11 Feature 11: A Security Audit Communicates Findings to Owners .........................................................................683 15.5.12 Feature 12: A Security Audit Allows for Post-Audit .........684 15.6 Application Audit .........................................................................684 15.7 How Does Security Audit Relate to the Corporate Security Policy? ..........................................................................................684 15.8 Structure of a Security Audit .........................................................685 15.9 Security Audit versus IT Auditing ................................................686 15.10 Applicable Security-Related Standards ..........................................688 15.11 Security Audit Grades ...................................................................689 15.11.1 Grade 1: Internal Audit for Self Compliance ....................689 15.11.2 Grade 2: External Audit for Independent Compliance .....690 15.11.3 Grade 3: Certification by a Certifier .................................690 15.11.4 Grade 4: Accreditation of a Certifier .................................691 15.11.4.1 How to Initiate a Security Audit .......................691 15.12 Conclusion ....................................................................................692 15.13 Review Questions ..........................................................................692 15.14 Workshops .....................................................................................693 Workshop 1...................................................................................693 Workshop 2...................................................................................694 References ................................................................................................694 16 Privacy Rights, Information Technology, and HIPAA, ......................697 16.1 The Problem of Privacy ..................................................................697 xxiv ■ Contents 16.2 The Meaning of Privacy ....................................................-............698 16.3 HIPAA .............................................................................-............699 16.3.1 Purposes of HIPAA .............................................-............699 16.3.2 The Major Vulnerability Addressed by HIPAA -----............700 16.3.3 Health Information .............................................-............700 16.4 Regulatory Standards: The Privacy Rule ........................................701 16.4.1 Permitted Disclosures .......................................................702 16.4.2 Authorization ...................................................................703 16.4.3 Minimum Necessary ........................................................704 16.4.4 Electronic Data Interchange .............................................704 16.5 The HIPAA Security Rule .............................................................704 16.5.1 What Is the Security Rule? ................................._.............707 16.6 Administrative Safeguards ...............................................-.............707 16.6.1 Security Management Process ............................_.............707 16.6.2 Appoint a Security Officer .................................._.............708 16.6.3 Company Training ............................................._.............708 16.6.4 Amend Business Associate Agreements ...............,.............708 16.6.5 Contingency Plan .............................................................709 16.6.6 Physical and Technical Safeguards ....................................709 16.7 NIST on HIPAA ...........................................................................709 16.7.1 Security Goals and Objectives ..........................................710 16.7.2 NIST Risk Management Framework ................................710 16.7.3 Security Management Process ..........................._..............711 16.7.4 Assigned Security Responsibilities ....................._..............711 16.7.5 Workforce Security ............................................_..............712 16.7.6 Information Access Management ......................_..............712 16.7.7 Security Awareness and Training ......................._..............713 16.7.8 Security Incident Procedures ............................._..............713 16.7.9 Contingency Plan .............................................................713 16.7.10 Evaluation ........................................................................714 16.7.11 Business Associate Contracts and Other Arrangements ....714 16.7.12 Facility Access Controls ....................................................715 16.7.13 Workstation Use and Security ..........................................715 16.7.14 Controls ............................................................................715 16.7.14.1 Access Controls ................................................715 16.7.15 Person or Entity Authentication ......................._...............716 16.8 Conducting Effective Risk Analysis ..............................._...............716 16.8.1 vgm.com Risk Methodology ............................._...............717 16.8.1.1 Step 1: EPHI Boundary Definition ..,...............717 16.8.1.2 Step 2: Threat Identification .............................717 16.8.1.3 Step 3: Vulnerability Identification... ................718 16.8.1.4 Step 4: Security Control Analysis .....................718 16.8.1.5 Step 5: Risk Likelihood Determination ............718 Contents ■ xxv 16.8.1.6 Step 6: Impact Analysis ....................................719 16.8.1.7 Step 7: Risk Determination ..............................719 16.8.1.8 Step 8: Security Control Recommendations .....719 16.9 Summary .......................................................................................720 16.10 Review Questions ..........................................................................720 16.11 Workshops .....................................................................................721 Workshop 1...................................................................................721 Workshop 2...................................................................................721 References ................................................................................................721 SECTION VII CONTINUAL SECURITY 17 lhe Sarbanes— Oxley Act and IT Compliance ....................................725 17.1 Introduction ..................................................................................725 17.2 Methods of Doing Business ...........................................................726 17.2.1 Sole Proprietorship ...........................................................726 17.2.2 Partnership .......................................................................726 17.2.3 Limited Partnership (LP) ..................................................727 17.2.4 Limited Liability Partnership (LLP) .................................727 17.2.5 Limited Liability Company (LLC) ...................................727 17.2.6 Corporation ......................................................................728 17.3 Background of the Sarbanes-Oxley Act ........................................728 17.4 Sarbanes-Oxley Act of 2002.........................................................729 17.4.1 Purpose of Sarbanes-Oxley Act .......................................729 17.4.2 Creation of PCAOB .........................................................729 17.4.3 Securities ..........................................................................729 17.5 Major Provisions of SOX ...............................................................730 17.5.1 Registration and Inspection of Non-U.S. Public Accounting Firms ...........................................................,.730 17.5.2 Auditor Independence: Prohibition of Nonaudit Services .............................................................................731 17.5.3 Audit Committee Makeup ...............................................732 17.5 Λ Certifications by Principal Executive and Financial Officers .............................................................................732 17.5.5 OffBalance Sheet Transactions ........................................733 17.5.6 Conflict of Interest Provisions ...........................................734 17.5.7 Working Papers ................................................................734 17.5.8 Material Changes .............................................................735 17.6 Management Assessment of Internal Controls and IT Compliance ...................................................................................735 17.6.1 PCAOB and SEC Standards .............................................736 17.7 IT Compliance ..............................................................................737 17.7.1 CobiT4.1 Framework ......................................................739 xxvi ■ Contents 17.7.2 IT Processes: Plan and Organize ......................................740 17.7.3 IT Processes: Acquire and Implement ...............................741 17.7.4 IT Processes: Deliver and Support .......................................741 17.7.5 IT Processes: Monitor and Evaluate ..................................742 17.7.6 Integrating COSO and CobiT .........................................742 17.7.7 Internal Controls for Small Business .................................743 17.8 International Responses .................................................................744 17.9 Advantages to SOX Compliance ....................................................747 17.10 Foreign Whistleblowers and SOX ..................................................747 17.10.1 Working Papers ................................................................747 17.11 Reconciling SOX and European Conflicting Standards ................748 17.12 EU Corporate Governance Initiatives ............................................749 17.13 E.U. s Eighth Directive ..................................................................750 17.14 Planning IT Management for SOX: Delayed SOX Impact ............753 17.15 Conclusion ....................................................................................755 17.16 Review Questions ..........................................................................756 17.17 Workshops .....................................................................................756 Workshop 1...................................................................................756 Workshop 2...................................................................................756 Endnotes..................................................................................................756 References ................................................................................................757 18 Cyberterrorism and Homeland Security ............................................759 18.1 Introduction ..................................................................................760 18.2 Security Economic Intelligence .....................................................760 18.2.1 Imposed Infeasibility of Security ......................................762 18.2.2 Business Continuity Planning ..........................................763 18.2.3 Disaster Recovery Planning ..............................................764 18.3 Homeland Security ........................................................................765 18.4 Cyberterrorism in the Literature ....................................................766 18.4.1 Definitions of Cyberterrorism ...........................................766 18.4.2 Purposes and Types of Terrorism ......................................767 18.4.3 Means Used to Accomplish Terrorist Activities ................769 18.4.4 Forms of Cyberattacks and Terrorism ...............................770 18.4.5 How Real Is the Danger? ..................................................771 18.4.6 Advantages Cyberterrorism Brings to Its Perpetrators .......773 18.4.7 Where We Are in Combating Cyberterrorism ..................774 18.5 Cyberterrorism in the Real World: The FBI Perspective ................774 18.6 U.S. Legislative Enactments and Proposed Programs ....................778 18.7 U.S. Criminal Statutes Affecting the Internet ................................779 18.7-1 Fraud Statutes ...................................................................779 18.7.2 Other Applicable Statutes .................................................780 Contents ■ xxvii 18.8 Statutes and Executive Orders Concerned with Cyberterrorism ..............................................................................782 18.8.1 The USA Patriot Act of 2001............................................782 18.8.2 Summary of Provisions .....................................................783 18.8.3 Immigration Restrictions ..................................................784 18.8.4 Civil Liberty Implications .................................................785 18.8.5 Banking Provisions ...........................................................786 18.8.6 President Bush s Executive Order .....................................786 18.8.7 Privacy Rights versus Security Measures ...........................787 18.8.8 The U.S. Antiterrorism Assistance Program ......................787 18.9 International Initiatives .................................................................788 18.10 Individual European State Approaches to Security and Counterterrorism ...........................................................................791 18.10.1 The United Kingdom ........................................................791 18.10.2 France ...............................................................................792 18.10.3 Germany ..........................................................................793 18.10.4 Italy ..................................................................................793 18.10.5 Spain ................................................................................794 18.10.6 Tunisia ..............................................................................794 18.11 Other International Efforts ............................................................795 18.12 Summary .......................................................................................796 18.13 Review Questions ..........................................................................797 18.14 Workshops .....................................................................................797 Workshop 1...................................................................................797 Workshop 2...................................................................................797 Endnotes..................................................................................................798 References ................................................................................................805 Index ...........................................................................................................807
any_adam_object	1
author	Raggad, Bel G.
author_facet	Raggad, Bel G.
author_role	aut
author_sort	Raggad, Bel G.
author_variant	b g r bg bgr
building	Verbundindex
bvnumber	BV036117084
callnumber-first	Q - Science
callnumber-label	QA76
callnumber-raw	QA76.9.A25
callnumber-search	QA76.9.A25
callnumber-sort	QA 276.9 A25
callnumber-subject	QA - Mathematics
classification_rvk	ST 276
ctrlnum	(OCoLC)226357396 (DE-599)BVBBV036117084
dewey-full	005.8
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.8
dewey-search	005.8
dewey-sort	15.8
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01608nam a2200433zc 4500</leader><controlfield tag="001">BV036117084</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20100528 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">100412s2010 xxud\|\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="010" ind1=" " ind2=" "><subfield code="a">2009043226</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781420078541</subfield><subfield code="c">hardcover : alk. paper</subfield><subfield code="9">978-1-4200-7854-1</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)226357396</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV036117084</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">xxu</subfield><subfield code="c">US</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-355</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">QA76.9.A25</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 276</subfield><subfield code="0">(DE-625)143642:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Raggad, Bel G.</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Information security management</subfield><subfield code="b">concepts and practice</subfield><subfield code="c">Bel G. Raggad</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Boca Raton, Fla. [u.a.]</subfield><subfield code="b">CRC Press</subfield><subfield code="c">2010</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XXXV, 832 S.</subfield><subfield code="b">graph. Darst.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="0" ind2=" "><subfield code="a">An Auerbach book</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield><subfield code="x">Management</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Data protection</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="655" ind1=" " ind2="7"><subfield code="0">(DE-588)4123623-3</subfield><subfield code="a">Lehrbuch</subfield><subfield code="2">gnd-content</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="C">b</subfield><subfield code="5">DE-604</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Regensburg</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=019007169&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-019007169</subfield></datafield></record></collection>
genre	(DE-588)4123623-3 Lehrbuch gnd-content
genre_facet	Lehrbuch
id	DE-604.BV036117084
illustrated	Illustrated
indexdate	2024-07-09T22:12:25Z
institution	BVB
isbn	9781420078541
language	English
lccn	2009043226
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-019007169
oclc_num	226357396
open_access_boolean
owner	DE-355 DE-BY-UBR
owner_facet	DE-355 DE-BY-UBR
physical	XXXV, 832 S. graph. Darst.
publishDate	2010
publishDateSearch	2010
publishDateSort	2010
publisher	CRC Press
record_format	marc
series2	An Auerbach book
spelling	Raggad, Bel G. Verfasser aut Information security management concepts and practice Bel G. Raggad Boca Raton, Fla. [u.a.] CRC Press 2010 XXXV, 832 S. graph. Darst. txt rdacontent n rdamedia nc rdacarrier An Auerbach book Computer security Management Data protection Computersicherheit (DE-588)4274324-2 gnd rswk-swf Datensicherung (DE-588)4011144-1 gnd rswk-swf (DE-588)4123623-3 Lehrbuch gnd-content Computersicherheit (DE-588)4274324-2 s Datensicherung (DE-588)4011144-1 s b DE-604 Digitalisierung UB Regensburg application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=019007169&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Raggad, Bel G. Information security management concepts and practice Computer security Management Data protection Computersicherheit (DE-588)4274324-2 gnd Datensicherung (DE-588)4011144-1 gnd
subject_GND	(DE-588)4274324-2 (DE-588)4011144-1 (DE-588)4123623-3
title	Information security management concepts and practice
title_auth	Information security management concepts and practice
title_exact_search	Information security management concepts and practice
title_full	Information security management concepts and practice Bel G. Raggad
title_fullStr	Information security management concepts and practice Bel G. Raggad
title_full_unstemmed	Information security management concepts and practice Bel G. Raggad
title_short	Information security management
title_sort	information security management concepts and practice
title_sub	concepts and practice
topic	Computer security Management Data protection Computersicherheit (DE-588)4274324-2 gnd Datensicherung (DE-588)4011144-1 gnd
topic_facet	Computer security Management Data protection Computersicherheit Datensicherung Lehrbuch
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=019007169&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT raggadbelg informationsecuritymanagementconceptsandpractice

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge