Information Security and Auditing in the Digital Age
A Managerial and Practical Perspective
December 2003 Edition (REVISED: AUG 2004)
General book Information
The objective of this book is to provide a practical and managerial perspective on the information security issues vital in this digital age. The topics discussed include:
The salient features of this classroom tested book are:
1. Broad coverage of recent and relevant topics such as the following based on a systems approach to security:
2. A systematic approach to build total systems solutions that combine policies, procedures, risk analysis, threat assessment through attack trees, honeypots, and commercially available security packages to secure the IT assets (applications, databases, hosts) as well as the paths (the network) to these assets.
3. Discussion of security technologies (cryptography), authentication, authorization, accountability and availability with emphasis on intrusion detection, intrusion tolerance, and non-repudiation.
4. Discussion of how audits and controls can be used for continued compliance to a solution after deployment.
5. Case study orientation with numerous real-life examples and a single case study that is developed throughout to clarify and illustrate key points.
6. A mixture of management and technical issues for a balanced coverage of the topics.
7. Complete instructor materials (PowerPoint slides, course outline, project assignments) to support an academic or industrial course.
PART I: ANALYSIS AND APPROACH
Chapter 1: Information Security in the Digital Age -- An Overview
Chapter 2: Security Management: Polices, Requirements, and Organizational Issues
Chapter 3: A Systematic Methodology: Tying People, Processes, and Technologies
PART II: THE SECURITY TECHNOLOGIES
Chapter 4: Cryptography and Encryption
Chapter 5: Authorization, Authentication, Accountability, and Availability Technologies - The 4As
Chapter 6: Common Security Packages: PKI, VPN, SSL, PGP and Kerberos
PART III: PROTECTING THE PATH -DIGITAL NETWORK SECURITY
Chapter 7: Overview of IT Assets in Modern Digital Enterprises
Chapter 8: Network Security, Internet Security, and Firewalls
Chapter 9: Wireless Security: Wifi, Cellular and Satellite Security
PART IV: PROTECTING THE SITES - DISTRIBUTED SYSTEM SECURITY
Chapter 10: Web, Semantic Web, and XML Security
Chapter 11: Modern Distributed Platform, Web Services and .NET Security
Chapter 12: Application Security: Protecting e-Commerce and Mobile Applications
PART V: AUDITS, CONTROLS, AND CONSOLIDATION
Chapter 13: Audits and Controls for Security
Chapter 14: Security Policies for Audits and Controls
Chapter 15: Sample Audit and Control Checklist
Chapter 16: Building a Security Solution – The Wrap-up