Information Security and Risk Management

Information Security and Risk Management

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Agrawal, Manish (VerfasserIn), Campoe, Alex (VerfasserIn), Pierce, Eric (VerfasserIn)
Format: Buch
Sprache:English
Veröffentlicht: Hoboken, NJ Wiley 2014
Schlagworte:
Risikomanagement
Unternehmen
Computersicherheit
Lehrbuch
Online-Zugang:Inhaltsverzeichnis
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!

MARC

LEADER 00000nam a2200000 c 4500
001 BV041363110
003 DE-604
005 20140522
007 t|
008 131016s2014 xx d||| |||| 00||| eng d
020 |a 9781118335895  |c pbk.  |9 978-1-118-33589-5 
035 |a (OCoLC)881138179 
035 |a (DE-599)BVBBV041363110 
040 |a DE-604  |b ger  |e aacr 
041 0 |a eng 
049 |a DE-355 
050 0 |a HB74.P8 
084 |a ST 276  |0 (DE-625)143642:  |2 rvk 
100 1 |a Agrawal, Manish  |e Verfasser  |0 (DE-588)138792003  |4 aut 
245 1 0 |a Information Security and Risk Management  |c Manish Agrawal; Alex Campoe; Eric Pierce 
264 1 |a Hoboken, NJ  |b Wiley  |c 2014 
300 |a XVIII, 414 S.  |b graph. Darst. 
336 |b txt  |2 rdacontent 
337 |b n  |2 rdamedia 
338 |b nc  |2 rdacarrier 
500 |a Includes bibliographical references and index 
650 0 7 |a Risikomanagement  |0 (DE-588)4121590-4  |2 gnd  |9 rswk-swf 
650 0 7 |a Unternehmen  |0 (DE-588)4061963-1  |2 gnd  |9 rswk-swf 
650 0 7 |a Computersicherheit  |0 (DE-588)4274324-2  |2 gnd  |9 rswk-swf 
655 7 |0 (DE-588)4123623-3  |a Lehrbuch  |2 gnd-content 
689 0 0 |a Unternehmen  |0 (DE-588)4061963-1  |D s 
689 0 1 |a Computersicherheit  |0 (DE-588)4274324-2  |D s 
689 0 2 |a Risikomanagement  |0 (DE-588)4121590-4  |D s 
689 0 |C b  |5 DE-604 
700 1 |a Campoe, Alex  |e Verfasser  |4 aut 
700 1 |a Pierce, Eric  |e Verfasser  |4 aut 
856 4 2 |m Digitalisierung UB Regensburg - ADAM Catalogue Enrichment  |q application/pdf  |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=026811420&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA  |3 Inhaltsverzeichnis 
943 1 |a oai:aleph.bib-bvb.de:BVB01-026811420 

Datensatz im Suchindex

DE-BY-UBR_call_number 40/ST 276 A277
DE-BY-UBR_katkey 5266281
DE-BY-UBR_location 40
DE-BY-UBR_media_number 069039860820
_version_ 1822751831884824576
adam_text Ust of Figures xi Prefoce xvii Chapter 1 — Introduction 1 Overview ................................................................................................................1 Professional utility ofinformation security knowledge .........................................1 Brief history ............................................................................................................5 Definition of information security ........................................................................11 Summary ..............................................................................................................14 Example case - Wikileaks, Cablegate, and free reign over classified networks ...........................................................................................14 Chapter review questions ......................................................................................15 Example case questions ........................................................................................16 Hands-on activity - Software Inspector, Steganography ......................................16 Critical thinking exercise: identifying CIA area(s) affected by sample real-life hacking incidents ....................................................................21 Design case ...........................................................................................................21 Chapter 2 — System Administration (Part 1) 26 Overview ..............................................................................................................26 Introduction ..........................................................................................................26 What is system administration? ............................................................................27 System administration and information security ..................................................28 Common system administration tasks ..................................................................29 System administration utilities .............................................................................33 Summary ..............................................................................................................37 Example case - T. J. Maxx ...................................................................................37 Chapter review questions ......................................................................................39 iv Table of Contents Example case questions ........................................................................................40 Hands-on Activity - Linux system installation ....................................................40 Critical thinking exercise - Google executives sentenced to prison over video .............................................................................................48 Design case ...........................................................................................................49 Chapter 3 — System Administration (Part 2) 51 Overview ..............................................................................................................51 Operating system structure ...................................................................................51 The command-line interface .................................................................................53 Files and directories ..............................................................................................53 Moving around the filesystem - pwd, cd.............................................................54 Listing files and directories ..................................................................................55 Shell expansions ...................................................................................................56 File management ..................................................................................................57 Viewing files .........................................................................................................59 Searching for files .................................................................................................60 Access control and user management ..................................................................61 Access control lists ...............................................................................................64 File ownership ......................................................................................................65 Editing files ...........................................................................................................66 Software installation and updates .........................................................................67 Accountmanagement ...........................................................................................72 Command-line user administration ......................................................................75 Example case - Northwest Florida State College ................................................77 Summary ..............................................................................................................78 Chapter review questions ......................................................................................78 Example case questions ........................................................................................79 Hands-on activity - basic Linux system administration .......................................79 Critical thinking exercise - offensive cyber effects operations (OCEO) ..........................................................................................80 Design Case ..........................................................................................................80 ТаЫе of Contents v Chapter 4 — The Basic Information Security Model 82 Overview ..............................................................................................................82 Introduction ..........................................................................................................82 Components of the basic information security model ..........................................82 Common vulnerabilities, threats, and controls .....................................................90 Example case - ILOVEYOU virus .......................................................................99 Summary ............................................................................................................100 Chapter review questions ....................................................................................100 Example case questions ......................................................................................101 Hands-on activity - web server security ............................................................101 Critical thinking exercise - the internet, American values, and security ........102 Design case .........................................................................................................103 Chapter 5 — Asset Identification and Characterization 104 Overview ............................................................................................................104 Assets overview ..................................................................................................104 Determining assets that are important to the organization .................................105 Asset types ..........................................................................................................109 Asset characterization .........................................................................................114 IT asset life cycle and asset identification ..........................................................119 System profiling .................................................................................................124 Asset ownership and operational responsibilities ...............................................127 Example case - Stuxnet ......................................................................................130 Summary ............................................................................................................130 Chapter review questions ....................................................................................131 Example case questions ......................................................................................131 Hands-on activity - course asset identification ..................................................132 Critical thinking exercise - uses of a hacked PC ...............................................132 Design case .........................................................................................................133 Chapter 6 — Threats and Vulnerabilities 135 Overview ............................................................................................................135 Introduction ........................................................................................................135 vi Table of Contents Threat models .....................................................................................................136 Threat agent ........................................................................................................137 Threat action .......................................................................................................149 Vulnerabilities .....................................................................................................162 Example case - Gozi ..........................................................................................167 Summary ............................................................................................................168 Chapter review questions ....................................................................................168 Example case questions ......................................................................................168 Hands-on activity - Vulnerability scanning .......................................................169 Critical thinking exercise - Iraq cyberwar plans in 2003...................................174 Design case .........................................................................................................174 Chapter 7 — Encryption Controls 176 Overview ............................................................................................................176 Introduction ........................................................................................................176 Encryption basics ...............................................................................................177 Encryption types overview .................................................................................181 Encryption types details .....................................................................................187 Encryption in use ................................................................................................194 Example case - Nation technologies ..................................................................197 Summary ............................................................................................................198 Chapter review questions ....................................................................................198 Example case questions ......................................................................................199 Hands-on activity - encryption ..........................................................................199 Critical thinking exercise - encryption keys embed business models .............................................................................................205 Design case .........................................................................................................206 Chapter 8 — Identity and Access Management 207 Overview ............................................................................................................207 Identity management ..........................................................................................207 Access management ...........................................................................................212 Authentication ....................................................................................................213 Table of Contents vii Single sign-on .....................................................................................................221 Federation ...........................................................................................................228 Example case - Markus Hess.............................................................................237 Summary ............................................................................................................239 Chapter review questions ....................................................................................239 Example case questions ......................................................................................240 Hands-on activity - identity match and merge ...................................................240 Critical thinking exercise - feudalism the security solution for the internet? .............................................................................................244 Design case .........................................................................................................245 Chapter 9 — Hardware and Software Controls 247 Overview ............................................................................................................247 Password management .......................................................................................247 Access control ....................................................................................................251 Firewalls .............................................................................................................252 Intrusion detection/prevention systems ..............................................................256 Patch management for operating systems and applications ...............................261 End-point protection ...........................................................................................264 Example case -AirTight networks .....................................................................266 Chapter review questions ....................................................................................270 Example case questions ......................................................................................270 Hands-on activity - host-based IDS (OSSEC) ...................................................271 Critical thinking exercise - extra-human security controls ................................275 Design case .........................................................................................................275 Chapter 10 — Shell Scripting 277 Overview ............................................................................................................277 Introduction ........................................................................................................277 Output redirection ...............................................................................................279 Text manipulation ...............................................................................................280 Variables .............................................................................................................283 Conditionals ........................................................................................................287 viii Table of Contents User input ...........................................................................................................290 Loops.................................................................................................................. 292 Putting it all together ..........................................................................................299 Example case - Max Butler ................................................................................301 Summary ............................................................................................................302 Chapter review questions ....................................................................................303 Example case questions ......................................................................................303 Hands-on activity - basic scripting ....................................................................303 Critical thinking exercise - script security .........................................................304 Design case .........................................................................................................305 Chapter 11 — Incident Handling 306 Introduction ........................................................................................................306 Incidents overview ..............................................................................................306 Incident handling ................................................................................................307 The disaster .........................................................................................................327 Example case - on-campus piracy .....................................................................328 Summary ............................................................................................................330 Chapter review questions ....................................................................................330 Example case questions ......................................................................................331 Hands-on activity - incident timeline using OSSEC .........................................331 Critical thinking exercise - destruction at the EDA ...........................................331 Design case .........................................................................................................332 Chapter 12 — Incident Analysis 333 Introduction ........................................................................................................333 Log analysis ........................................................................................................333 Event criticality ..................................................................................................337 General log configuration and maintenance .......................................................345 Live incident response ........................................................................................347 Timelines ............................................................................................................350 Other forensics topics .........................................................................................352 Example case - backup server compromise .......................................................353 Table of Contents ix Chapter review questions ....................................................................................355 Example case questions ......................................................................................356 Hands-on activity - server log analysis ..............................................................356 Critical thinking exercise - destruction at the EDA ...........................................358 Design case .........................................................................................................358 Chapter 13 — Policies, Standards, and Guidelines 360 Introduction ........................................................................................................360 Guiding principles ..............................................................................................360 Writing a policy ..................................................................................................367 Impact assessment and vetting ...........................................................................371 Policy review ......................................................................................................373 Compliance .........................................................................................................374 Key policy issues ................................................................................................377 Example case - HB Gary ...................................................................................378 Summary ............................................................................................................379 Reference ............................................................................................................379 Chapter review questions ....................................................................................379 Example case questions ......................................................................................380 Hands-on activity - create an AUP .....................................................................380 Critical thinking exercise - Aaron Swartz ..........................................................380 Design case .........................................................................................................381 Chapter 14 — IT Risk Analysis and Risk Management 382 Overview ............................................................................................................382 Introduction ........................................................................................................382 Risk management as a component of organizational management ..................................................................................................383 Risk-management framework ............................................................................384 The NIST 800-39 framework .............................................................................385 Risk assessment ..................................................................................................387 Other risk-management frameworks ..................................................................389 IT general controls for Sarbanes-Oxley compliance .........................................391 χ Table of Contents Compliance versus risk management .................................................................398 Selling security ...................................................................................................399 Example case - online marketplace purchases ...................................................399 Summary ............................................................................................................400 Chapter review questions ....................................................................................400 Hands-on activity - risk assessment using lsof .................................................401 Critical thinking exercise - risk estimation biases .............................................403 Design case .........................................................................................................403 Appendix A — Password List for the Linux Virtual Machine 404 Glossary 405 Index 413
any_adam_object 1
author Agrawal, Manish
Campoe, Alex
Pierce, Eric
author_GND (DE-588)138792003
author_facet Agrawal, Manish
Campoe, Alex
Pierce, Eric
author_role aut
aut
aut
author_sort Agrawal, Manish
author_variant m a ma
a c ac
e p ep
building Verbundindex
bvnumber BV041363110
callnumber-first H - Social Science
callnumber-label HB74
callnumber-raw HB74.P8
callnumber-search HB74.P8
callnumber-sort HB 274 P8
callnumber-subject HB - Economic Theory and Demography
classification_rvk ST 276
ctrlnum (OCoLC)881138179
(DE-599)BVBBV041363110
discipline Informatik
format Book
fullrecord <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01714nam a2200421 c 4500</leader><controlfield tag="001">BV041363110</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20140522 </controlfield><controlfield tag="007">t|</controlfield><controlfield tag="008">131016s2014 xx d||| |||| 00||| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781118335895</subfield><subfield code="c">pbk.</subfield><subfield code="9">978-1-118-33589-5</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)881138179</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV041363110</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-355</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">HB74.P8</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 276</subfield><subfield code="0">(DE-625)143642:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Agrawal, Manish</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)138792003</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Information Security and Risk Management</subfield><subfield code="c">Manish Agrawal; Alex Campoe; Eric Pierce</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Hoboken, NJ</subfield><subfield code="b">Wiley</subfield><subfield code="c">2014</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XVIII, 414 S.</subfield><subfield code="b">graph. Darst.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references and index</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Risikomanagement</subfield><subfield code="0">(DE-588)4121590-4</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Unternehmen</subfield><subfield code="0">(DE-588)4061963-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="655" ind1=" " ind2="7"><subfield code="0">(DE-588)4123623-3</subfield><subfield code="a">Lehrbuch</subfield><subfield code="2">gnd-content</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Unternehmen</subfield><subfield code="0">(DE-588)4061963-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Risikomanagement</subfield><subfield code="0">(DE-588)4121590-4</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="C">b</subfield><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Campoe, Alex</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Pierce, Eric</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Regensburg - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&amp;doc_library=BVB01&amp;local_base=BVB01&amp;doc_number=026811420&amp;sequence=000002&amp;line_number=0001&amp;func_code=DB_RECORDS&amp;service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-026811420</subfield></datafield></record></collection>
genre (DE-588)4123623-3 Lehrbuch gnd-content
genre_facet Lehrbuch
id DE-604.BV041363110
illustrated Illustrated
indexdate 2024-12-24T03:54:49Z
institution BVB
isbn 9781118335895
language English
oai_aleph_id oai:aleph.bib-bvb.de:BVB01-026811420
oclc_num 881138179
open_access_boolean
owner DE-355
DE-BY-UBR
owner_facet DE-355
DE-BY-UBR
physical XVIII, 414 S. graph. Darst.
publishDate 2014
publishDateSearch 2014
publishDateSort 2014
publisher Wiley
record_format marc
spellingShingle Agrawal, Manish
Campoe, Alex
Pierce, Eric
Information Security and Risk Management
Risikomanagement (DE-588)4121590-4 gnd
Unternehmen (DE-588)4061963-1 gnd
Computersicherheit (DE-588)4274324-2 gnd
subject_GND (DE-588)4121590-4
(DE-588)4061963-1
(DE-588)4274324-2
(DE-588)4123623-3
title Information Security and Risk Management
title_auth Information Security and Risk Management
title_exact_search Information Security and Risk Management
title_full Information Security and Risk Management Manish Agrawal; Alex Campoe; Eric Pierce
title_fullStr Information Security and Risk Management Manish Agrawal; Alex Campoe; Eric Pierce
title_full_unstemmed Information Security and Risk Management Manish Agrawal; Alex Campoe; Eric Pierce
title_short Information Security and Risk Management
title_sort information security and risk management
topic Risikomanagement (DE-588)4121590-4 gnd
Unternehmen (DE-588)4061963-1 gnd
Computersicherheit (DE-588)4274324-2 gnd
topic_facet Risikomanagement
Unternehmen
Computersicherheit
Lehrbuch
url http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=026811420&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv AT agrawalmanish informationsecurityandriskmanagement
AT campoealex informationsecurityandriskmanagement
AT pierceeric informationsecurityandriskmanagement

Ähnliche Einträge