Risks, controls, and security concepts and applications

Risks, controls, and security concepts and applications

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Raval, Vasant (VerfasserIn), Fichadia, Ashok (VerfasserIn)
Format: Buch
Sprache:English
Veröffentlicht: [Chichester] Wiley 2007
Ausgabe:1. ed.
Schlagworte:
Computer networks > Security measures
Computer security
Computersicherheit
Risikomanagement
Datensicherung
Online-Zugang:Inhaltsverzeichnis
Klappentext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!

MARC

LEADER 00000nam a2200000 c 4500
001 BV020040666
003 DE-604
005 20070412
007 t|
008 050922s2007 xx ad|| |||| 00||| eng d
020 |a 0471485799  |9 0-471-48579-9 
020 |a 9780471485797  |9 978-0-471-48579-7 
035 |a (OCoLC)85766845 
035 |a (DE-599)BVBBV020040666 
040 |a DE-604  |b ger  |e rakwb 
041 0 |a eng 
049 |a DE-355  |a DE-1051 
050 0 |a QA76.9.A25 
082 0 |a 005.8  |2 22 
084 |a ST 276  |0 (DE-625)143642:  |2 rvk 
100 1 |a Raval, Vasant  |e Verfasser  |4 aut 
245 1 0 |a Risks, controls, and security  |b concepts and applications  |c Raval Vasant ; Ashok Fichadia 
250 |a 1. ed. 
264 1 |a [Chichester]  |b Wiley  |c 2007 
300 |a XXII, 403 S.  |b Ill., graph. Darst. 
336 |b txt  |2 rdacontent 
337 |b n  |2 rdamedia 
338 |b nc  |2 rdacarrier 
650 4 |a Computer networks  |x Security measures 
650 4 |a Computer security 
650 0 7 |a Computersicherheit  |0 (DE-588)4274324-2  |2 gnd  |9 rswk-swf 
650 0 7 |a Risikomanagement  |0 (DE-588)4121590-4  |2 gnd  |9 rswk-swf 
650 0 7 |a Datensicherung  |0 (DE-588)4011144-1  |2 gnd  |9 rswk-swf 
689 0 0 |a Risikomanagement  |0 (DE-588)4121590-4  |D s 
689 0 1 |a Computersicherheit  |0 (DE-588)4274324-2  |D s 
689 0 2 |a Datensicherung  |0 (DE-588)4011144-1  |D s 
689 0 |C b  |5 DE-604 
700 1 |a Fichadia, Ashok  |e Verfasser  |4 aut 
856 4 2 |m Digitalisierung UB Regensburg  |q application/pdf  |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=013361756&sequence=000005&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA  |3 Inhaltsverzeichnis 
856 4 2 |m Digitalisierung UB Regensburg  |q application/pdf  |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=013361756&sequence=000006&line_number=0002&func_code=DB_RECORDS&service_type=MEDIA  |3 Klappentext 
943 1 |a oai:aleph.bib-bvb.de:BVB01-013361756 

Datensatz im Suchindex

_version_ 1819714861899186176
adam_text Contents Preface ►CHAPTER Enterprise Risk Management Security in practice Learning objectives Concept maps Introduction Enterprise risk management Business environment risk Business strategy risk Business process risk Business outcomes risk Business and information systems Organization structure Business processes Information systems Business processes and information systems Information systems assurance Assurance and risk management An information systems assurance approach Management s role in information systems assurance Summary Key words Multiple-choice questions Discussion questions Exercises ►CHAPTER Information Systems Concerns and Risks Security in practice Learning objectives Introduction Target system Target system boundary (perimeter) Target system communication Target system location and spread Target system control and security Risk Risk exposures Factors causing changes in risk Risk management Security, functionality, and usability Risk management and change Control systems Components of control systems Designing effective control systems Logical constructs of control systems Security in practice Common criteria Implications for assurance Summary Key words Multiple-choice questions Discussion questions Exercises ►CHAPTER Control and Security Frameworks Security in practice Learning objectives Introduction Protecting information assets Need for protecting information assets Vulnerabilities and threats Internal control and information security Definition of internal control Classification of internal controls Definition of information security Classification of information security measures Relationship between internal control and information security Internal control and information security objectives Internal control objectives Information security objectives Comparison of internal control and security objectives Relationship between internal control and security objectives Frameworks for control and security COBIT ISO COSO A comparison of frameworks Implementing a framework ix Contents Assurance Summary Key words Multiple-choice questions Discussion questions Exercises ►APPENDIX A Summary of Section ►APPENDIX Aksarben Furniture Mart (AFM) ►CHAPTER Systems Availability and Business Continuity Security in practice Learning objectives Introduction Systems availability and business continuity Systems availability Incident response Incidents Incident response team Nature of response Preventive measures Disaster recovery Postdisaster phases Disaster recovery planning Components of planning Assessing potential losses: disaster impact analysis Value-based recovery planning Finding criticality Disaster recovery strategies Recovery locations Disaster recovery teams Disaster readiness Business continuity planning 111 Business impact analysis 111 Business recovery Assurance considerations Method Content Live testing Summary Key words Multiple-choice questions Discussion questions Exercises ►CHAPTER Basic Cryptography Security in practice Learning objectives Introduction Basic concepts Meaning of cryptography Purposes of cryptography Terms and definitions Process components Method and key Using cryptography Secret key cryptography Basic approaches Method and key in secret key cryptography Cryptographic algorithms Advantages and limitations of secret key cryptography Cryptanalysis of secret key cryptography Current secret key algorithms Message digests Message digest methods Role in cryptography Public key cryptography Basic approach Method and key in PKC Current public key algorithms Advantages and limitations of public key cryptography Cryptanalysis of PKC Implications for assurance Summary Key words Multiple-choice questions Discussion questions Exercises ►CHAPTER Public Key Cryptography: Concepts and Applications Security in practice Learning objectives Introduction Distribution of secret keys Key distribution Key agreement Digital signature Trust in public keys Need for trust Contents <] xi Trust Sources and levels of trust Meeting requirements of trust Digital (public key) certificate Certification authority Trust levels in digital certificates Web trust models Public key infrastructure Infrastructure Nature and characteristics X.5O9 PKI applications Assurance considerations Summary Key words Multiple-choice questions Discussion questions Exercises ►CHAPTER Operating Systems Security Security in practice Learning objectives Introduction Operating systems primer Goals of operating systems Management concerns Common operating systems Common risks and controls Authentication Authorization Trust relationships Job scheduling File systems Software updates Assurance considerations Summary Key words Multiple-choice questions Discussion questions Exercises ►CHAPTER Application Security Security in practice Learning objectives Introduction Applications primer Application architecture Advantages of application tiers Management concerns Common risks and controls Boundary checking Input manipulation Application authentication Session management Change control and change management Application infrastructure Assurance considerations Summary Key words Multiple-choice questions Discussion questions Exercises ►CHAPTER Database Management Systems Security Security in practice Learning objectives Introduction Database management systems primer Need for databases Types of databases Management concerns Common risks and controls Authentication Trust relationships Networking within databases and with operating systems Insecure design of database applications Assurance considerations Summary Key words Multiple-choice questions Discussion questions Exercises ►CHAPTER Telecommunications Security Security in practice Learning objectives Introduction Telecommunications primer Public switched telephone network (PSTN) A closer look at PSTN Voice over IP networks The promise of VoIP networks Management concerns xii £> Contents Common risks and controls Direct inward system access Maintenance ports Silent monitoring Telecom scams Voice mail and conferencing systems VoIP security Assurance considerations Summary Key words Multiple-choice questions Discussion questions Exercises ►CHAPTER Network Security Security in practice Learning objectives Introduction Network primer OSI TCP/IP TCP/IP protocols IP addresses Ports Protocols, IP addresses, ports does it all fit? Goals of networks Management concerns Common risks and controls Clear-text transmissions Modems Virtual private networks Firewalls Wireless networks Denial of service attacks Simple network management protocol Assurance considerations Summary Key words Multiple-choice questions Discussion questions Exercises ►CHAPTER Web Security Security in practice Learning objectives Introduction Web primer Web client Transport mechanisms Web server Static and dynamic content Databases Management concerns Common risks and controls Web browsers Web servers Web applications Assurance considerations Summary Key words Multiple-choice questions Discussion questions Exercises ►CHAPTER Policy, Regulation, and Ethics Security in practice Learning objectives Introduction Policy, regulation, and ethics Organization and accountability Security policies Characteristics of a policy Classification of policies Policy development process Regulatory requirements Information assets protection Ethical behavior in organizations Frameworks for ethical behavior Business ethics Ethics and information technology Social engineering Threats Countermeasures Assurance considerations Security policy development, implementation, and enforcement Compliance with regulations Ethical behavior Summary Key words Multiple-choice questions Discussion questions Exercises Glossary Index L In today s networked world, security and risk control are no longer just the province of the IT department. Accountants and other business managers who are responsible for corpo¬ rate risk management must fully understand the control and security risks that can affect the financial health of the entire organization. Risks, Controls and Security: Concepts and Applications introduces you to today s control risks and how to manage them. Beginning with basic systems controls and security aware¬ ness, the book provides you with a clear comprehension of the concepts, issues, and techniques of information security in a networked environment. Moving from theory to application, you ll cover all the key security principles that are applicable to all businesses, including e-businesses: • • • • telecommunications • • Real-world problem scenarios and a wealth of pedagogical features tions, short exercises, example cases, and concept maps that help you visualize the material practice. Designed for practicing professionals as well as for students in accounting, business man¬ agement, and computer science, Risks, Controls and Security will prepare you well for meeting the challenge of protecting information assets.
any_adam_object 1
author Raval, Vasant
Fichadia, Ashok
author_facet Raval, Vasant
Fichadia, Ashok
author_role aut
aut
author_sort Raval, Vasant
author_variant v r vr
a f af
building Verbundindex
bvnumber BV020040666
callnumber-first Q - Science
callnumber-label QA76
callnumber-raw QA76.9.A25
callnumber-search QA76.9.A25
callnumber-sort QA 276.9 A25
callnumber-subject QA - Mathematics
classification_rvk ST 276
ctrlnum (OCoLC)85766845
(DE-599)BVBBV020040666
dewey-full 005.8
dewey-hundreds 000 - Computer science, information, general works
dewey-ones 005 - Computer programming, programs, data, security
dewey-raw 005.8
dewey-search 005.8
dewey-sort 15.8
dewey-tens 000 - Computer science, information, general works
discipline Informatik
edition 1. ed.
format Book
fullrecord <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01954nam a2200457 c 4500</leader><controlfield tag="001">BV020040666</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20070412 </controlfield><controlfield tag="007">t|</controlfield><controlfield tag="008">050922s2007 xx ad|| |||| 00||| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0471485799</subfield><subfield code="9">0-471-48579-9</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780471485797</subfield><subfield code="9">978-0-471-48579-7</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)85766845</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV020040666</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-355</subfield><subfield code="a">DE-1051</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">QA76.9.A25</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">22</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 276</subfield><subfield code="0">(DE-625)143642:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Raval, Vasant</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Risks, controls, and security</subfield><subfield code="b">concepts and applications</subfield><subfield code="c">Raval Vasant ; Ashok Fichadia</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">1. ed.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">[Chichester]</subfield><subfield code="b">Wiley</subfield><subfield code="c">2007</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XXII, 403 S.</subfield><subfield code="b">Ill., graph. Darst.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Risikomanagement</subfield><subfield code="0">(DE-588)4121590-4</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Risikomanagement</subfield><subfield code="0">(DE-588)4121590-4</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="C">b</subfield><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Fichadia, Ashok</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Regensburg</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&amp;doc_library=BVB01&amp;local_base=BVB01&amp;doc_number=013361756&amp;sequence=000005&amp;line_number=0001&amp;func_code=DB_RECORDS&amp;service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Regensburg</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&amp;doc_library=BVB01&amp;local_base=BVB01&amp;doc_number=013361756&amp;sequence=000006&amp;line_number=0002&amp;func_code=DB_RECORDS&amp;service_type=MEDIA</subfield><subfield code="3">Klappentext</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-013361756</subfield></datafield></record></collection>
id DE-604.BV020040666
illustrated Illustrated
indexdate 2024-12-23T18:22:02Z
institution BVB
isbn 0471485799
9780471485797
language English
oai_aleph_id oai:aleph.bib-bvb.de:BVB01-013361756
oclc_num 85766845
open_access_boolean
owner DE-355
DE-BY-UBR
DE-1051
owner_facet DE-355
DE-BY-UBR
DE-1051
physical XXII, 403 S. Ill., graph. Darst.
publishDate 2007
publishDateSearch 2007
publishDateSort 2007
publisher Wiley
record_format marc
spellingShingle Raval, Vasant
Fichadia, Ashok
Risks, controls, and security concepts and applications
Computer networks Security measures
Computer security
Computersicherheit (DE-588)4274324-2 gnd
Risikomanagement (DE-588)4121590-4 gnd
Datensicherung (DE-588)4011144-1 gnd
subject_GND (DE-588)4274324-2
(DE-588)4121590-4
(DE-588)4011144-1
title Risks, controls, and security concepts and applications
title_auth Risks, controls, and security concepts and applications
title_exact_search Risks, controls, and security concepts and applications
title_full Risks, controls, and security concepts and applications Raval Vasant ; Ashok Fichadia
title_fullStr Risks, controls, and security concepts and applications Raval Vasant ; Ashok Fichadia
title_full_unstemmed Risks, controls, and security concepts and applications Raval Vasant ; Ashok Fichadia
title_short Risks, controls, and security
title_sort risks controls and security concepts and applications
title_sub concepts and applications
topic Computer networks Security measures
Computer security
Computersicherheit (DE-588)4274324-2 gnd
Risikomanagement (DE-588)4121590-4 gnd
Datensicherung (DE-588)4011144-1 gnd
topic_facet Computer networks Security measures
Computer security
Computersicherheit
Risikomanagement
Datensicherung
url http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=013361756&sequence=000005&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=013361756&sequence=000006&line_number=0002&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv AT ravalvasant riskscontrolsandsecurityconceptsandapplications
AT fichadiaashok riskscontrolsandsecurityconceptsandapplications

Ähnliche Einträge