New Book

Information Security and Auditing in the Digital Age

A Managerial and Practical Perspective

December 2003 Edition (REVISED: AUG 2004)

 

General book Information

• Author: Amjad Umar
• Publisher: NGE Solutions, Publication Date: Dec 2003, 440 pages
• Includes glossary of terms and index
• Price: $25 for ebook version, $39 for paperback

 

• Book objectives and salient features
• Table of contents

• Look inside the Book (Zip of the following PDF Files) -- Free
• Preface
• Suggested use in Courses
• Glossary of Terms
• Detailed Table of Contents
• Chapter 1: Information Security in the Digital Age -- An Overview (35 pages)
• Downloads of the text chapters (e-book version)
• Purchasing Instructions
• Instructor Corner for sample course outline, suggested projects, and lecture slides (PowerPoint)

 

 

BOOK OBJECTIVES AND SALIENT FEATURES

The objective of this book is to provide a practical and managerial perspective on the information security issues vital in this digital age. The topics discussed include:

• Management issues of policies, procedures, risks, controls, and requirements
• Practical review of security technologies such as cryptography, authentication, authorization, non-repuduation, and commercially available security packages (PKI, PGP, Kerberos, SSL, VPN)
• Securing wireless and wired networks by using the security technologies
• Securing applications, databases, and platforms by using the security technologies
• Examination of security risks associated with newer areas such as e-business, mobile applications, XML and Web Services, wireless communications, and application server.
• Audits and controls for continued secure operations
• A methodology that puts all of the above into a procedure

The salient features of this classroom tested book are:

1. Broad coverage of recent and relevant topics such as the following based on a systems approach to security:

• Wireless security that includes Wi-Fi security, cellular network security, satellite security, wireless home networking security, and wireless middleware security.
• Semantic Web security with a discussion of XML security.
• Web Services security, SAML (Security Assertion Markup Language) and .NET security.
• Internet security (Public Internet, Intranet, Extranet), firewalls, remote access and perimeter security.
• Application and database security with emphasis on modern issues such as e-commerce and mobile application security.

2. A systematic approach to build total systems solutions that combine policies, procedures, risk analysis, threat assessment through attack trees, honeypots, and commercially available security packages to secure the IT assets (applications, databases, hosts) as well as the paths (the network) to these assets.

3. Discussion of security technologies (cryptography), authentication, authorization, accountability and availability with emphasis on intrusion detection, intrusion tolerance, and non-repudiation.

4. Discussion of how audits and controls can be used for continued compliance to a solution after deployment.

5. Case study orientation with numerous real-life examples and a single case study that is developed throughout to clarify and illustrate key points.

6. A mixture of management and technical issues for a balanced coverage of the topics.

7. Complete instructor materials (PowerPoint slides, course outline, project assignments) to support an academic or industrial course.

 

 

 

TABLE OF CONTENTS

PART I: ANALYSIS AND APPROACH
Chapter 1: Information Security in the Digital Age -- An Overview
Chapter 2: Security Management: Polices, Requirements, and Organizational Issues
Chapter 3: A Systematic Methodology: Tying People, Processes, and Technologies

PART II: THE SECURITY TECHNOLOGIES
Chapter 4: Cryptography and Encryption
Chapter 5: Authorization, Authentication, Accountability, and Availability Technologies - The 4As
Chapter 6: Common Security Packages: PKI, VPN, SSL, PGP and Kerberos

PART III: PROTECTING THE PATH -DIGITAL NETWORK SECURITY
Chapter 7: Overview of IT Assets in Modern Digital Enterprises
Chapter 8: Network Security, Internet Security, and Firewalls
Chapter 9: Wireless Security: Wifi, Cellular and Satellite Security

PART IV: PROTECTING THE SITES - DISTRIBUTED SYSTEM SECURITY
Chapter 10: Web, Semantic Web, and XML Security
Chapter 11: Modern Distributed Platform, Web Services and .NET Security
Chapter 12: Application Security: Protecting e-Commerce and Mobile Applications

PART V: AUDITS, CONTROLS, AND CONSOLIDATION 

Chapter 13: Audits and Controls for Security

Chapter 14: Security Policies for Audits and Controls

Chapter 15: Sample Audit and Control Checklist

Chapter 16: Building a Security Solution – The Wrap-up