Cover Image

The InfoSec Handbook : An Introduction to Information Security.

Bibliographic Details
Main Author: Nayak, Umesha.
Other Authors: Rao, Umesh Hodeghatta.
Format: eBook
Language:English
Published: Berkeley, CA : Apress L. P., 2014.
Edition:1st ed.
Subjects:
Electronic books.
Online Access:Click to View
Table of Contents:
  • Intro
  • Contents at a Glance
  • Contents
  • About the Authors
  • Acknowledgments
  • Introduction
  • Part I: Introduction
  • Chapter 1: Introduction to Security
  • What is Security?
  • Why is Security Important?
  • What if You Do Not Care About Security?
  • The Evolution of the Computer and Information Security
  • Information Security Today
  • Applicable Standards and Certifications
  • The Role of a Security Program
  • Chapter 2: History of Computer Security
  • Introduction
  • Communication
  • World Wars and Their Influence on the Field of Security
  • Cypher Machine: Enigma
  • Bletchley Park
  • Code Breakers
  • Some Historical Figures of Importance: Hackers and Phreakers
  • Kevin Mitnick
  • Chapter Summary
  • Part II: Key Principles and Practices
  • Chapter 3: Key Concepts and Principles
  • Introduction
  • Security Threats
  • External and Internal Threats
  • Information Security Frameworks and Information Security Architecture
  • Information Security Management Systems Framework Provided by ISO/IEC 27001:2013
  • NIST Special Publication 800-39 complemented by 800-53
  • SABSA®
  • Pillars of Security
  • People
  • Organization of Information Security
  • The Need for Independence
  • Specific Roles and Responsibilities
  • Audit Committee or Information Security Committee at the Board Level
  • Information Security Sponsor or Champion
  • Chief Information Security Officer or Information Security Officer
  • Information Security Forum
  • Information Security Specialists
  • Project Managers
  • Data Owners
  • Data Custodians
  • Users of the data
  • Authority for Information Security
  • Policies, Procedures, and Processes
  • Technology
  • Information Security Concepts
  • CIA Triad
  • Confidentiality
  • Integrity
  • Availability
  • Parkerian Hexad
  • Implementation of Information Security
  • Risk Assessment
  • Planning and Architecture
  • Gap Analysis.
  • Integration and Deployment
  • Operations
  • Monitoring
  • Legal Compliance and Audit
  • Crisis Management
  • Principles of Information Security
  • Chapter Summary
  • Chapter 4: Access Controls
  • Introduction
  • Confidentiality and Data Integrity
  • Who Can Access the Data?
  • What is an Access Control?
  • Authentication and Authorization
  • Authentication and Access Control Layers
  • Administrative Access Controls (Layer)
  • Access Control Policy
  • Personnel related - jobs, responsibilities, and authorities
  • Segregation of duties
  • Supporting policies and procedure
  • Control Over Information Access to Trade Restricted Persons
  • Technical (Logical) Controls
  • Passwords
  • Smartcards
  • Encryption
  • Network Access
  • System Access
  • Physical Access Controls
  • Network Segregation
  • Perimeter Security
  • Security Guards
  • Badge Systems
  • Biometric Access Controls
  • Access Control Strategies
  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)
  • Role-Based Access Control (RBAC)
  • Attribute Based Access Control
  • Implementing Access Controls
  • Access Control Lists (ACLs)
  • File System ACLs
  • Network ACLs
  • AAA Framework
  • RADIUS and TACAS+
  • LDAP and Active Directory
  • IDAM
  • Chapter Summary
  • Chapter 5: Information Systems Management
  • Introduction
  • Risk
  • Incident
  • Disaster
  • Disaster Recovery
  • Business Continuity
  • Risk Management
  • Identification of Risk
  • Risk Analysis
  • Risk Responses
  • Execution of the Risk Treatment Plans
  • The Importance of Conducting a Periodic Risk Assessment
  • Incident Response
  • Incident Response Policy, Plan, and Processes
  • Incident Response Policy
  • Purpose and Scope of the Policy
  • Definition of Information Security Incidents and Related Terms 2
  • Organizational Structure, Roles, Responsibilities, and Authorities
  • Ratings of Incidents
  • Measurements.
  • Incident Response Plan
  • Purpose and Scope
  • Strategies, Goals, and Approach to Incident Response
  • Internal and External Communication Plan
  • Plan for the Incident Response Capability 2
  • Measurement of Incident Response Capability and its Effectiveness
  • Integration with the Other Plans of the Organization
  • Incident Response Processes
  • Incident Response Teams
  • Incident Response Team structuring based on distribution of the Responsibilities
  • Centralized Incident Response Teams 2
  • Distributed Incident Response Teams 2
  • Hybrid Incident Response Teams
  • Incident Response Team Structuring Based on who Constitutes the Teams
  • Fully Employee Constituted Incident Response Teams
  • Fully Outsourced Incident Response Teams
  • Hybrid Teams: Partially Constituted by Employees and Partially Constituted by Outsourced Contractors
  • Ensuring Effectiveness of Incident Response
  • Preparation 2
  • Incident Detection 2
  • Precursors and Indicators of Incidents 2
  • Sources of Precursors and Indicators
  • Analysis of the Incidents: 2
  • Incident Im pact Analysis and Prioritization of the Actions 2
  • Incident Documentation and Incident Notification 2
  • Incident Containment, Eradication, and Recovery 2
  • Containment Strategy 2
  • Evidence Gathering and Handling 2
  • Eradication and Recovery 2
  • Post Incident Analysis and Activities 2
  • Analysis of Learnings
  • Use of Incident Data 2
  • Disaster Recovery and Business Continuity
  • How to Approach Business Continuity Plan
  • Assign Clear Roles and Responsibilities
  • Sponsor
  • Project Manager
  • Business Continuity Planning Team
  • Life Cycle of Business Continuity Planning
  • Scoping
  • Plan for Formulation of Business Continuity Plan
  • Business Continuity Plan Kick-Off Meeting
  • Business Impact Analysis (BIA)
  • Business Continuity Plan Preparation
  • Business Continuity Plan Validation &amp.
  • Training
  • Up-to-date Maintenance of the BCP
  • Chapter Summary
  • Part III: Application Security
  • Chapter 6: Application and Web Security
  • Introduction
  • Software Applications
  • Completeness of the Inputs
  • Correctness of the Inputs
  • Completeness of Processing
  • Correctness of Processing
  • Completeness of the Updates
  • Correctness of the Updates
  • Preservation of the Integrity of the Data in Storage
  • Preservation of the Integrity of the Data while in Transmission
  • Importance of an Effective Application Design and Development Life Cycle
  • Important Guidelines for Secure Design and Development
  • Web Browsers, Web Servers, and Web Applications
  • Vulnerabilities in Web Browsers
  • Inappropriate Configuration
  • Unnecessary or Untrusted Add-ons
  • Malware or Executables run on the Web Browser
  • No Patching up or Carrying out the Security Updates
  • How to Overcome the Vulnerabilities of Web Browsers
  • Vulnerabilities of Web Servers
  • Default Users and Default Permissions are not changed
  • Sample files and scripts are not removed
  • Default Configuration is Not Changed
  • File and Directory Permissions are not Set Properly
  • Security Loop-Holes or Defects in the Web Server Software or Underlying Operating System
  • How to Overcome the Web Server Vulnerabilities
  • Web Applications
  • SQL Injection Attacks
  • Command Injection Attacks
  • Buffer Overflow Attacks
  • Cro ss-Site Scripting
  • Cookie Poisoning
  • Session Hijacking Attacks
  • How to Overcome Web Application Vulnerabilities
  • Secure Socket Layer (SSL) Security and Digital Certificate
  • Chapter Summary
  • Chapter 7: Malicious Software and Anti-Virus Software
  • Introduction
  • Malware Software
  • Introduction to Malware
  • Covert channels
  • Types of Malware in Detail
  • Spyware
  • Adware
  • Trojans
  • Viruses
  • Worms
  • Backdoors
  • Botnets
  • A Closer Look at Spyware.
  • Trojans and Backdoors
  • Rootkits
  • Viruses and Worms
  • Botnets
  • Brief History of Viruses, Worms, and Trojans
  • The Current Situation
  • Anti-Virus Software
  • Need for Anti-Virus Software
  • Top 5 Commercially Available Anti-Virus Software
  • Symantec Norton Anti-Virus Software
  • McAfee Anti- Virus
  • Kaspersky Anti- Virus
  • Bitdefender Anti- Virus
  • AVG Anti-Virus Software
  • A Few Words of Caution
  • Chapter Summary
  • Chapter 8: Cryptography
  • Introduction
  • Cryptographic Algorithms
  • Symmetric Key Cryptography
  • Key Distribution
  • Asymmetric Key Cryptography
  • Public Key Cryptography
  • RSA Algorithm
  • Advantages of Public Key Cryptography
  • Applications of PKC
  • Public Key Infrastructure (PKI)
  • Certificate Authority (CA)
  • Digital Certificate
  • Hash Function Cryptography
  • Popular Hashes
  • Digital Signatures
  • Summary of Cryptography Standard Algorithms
  • Disk / Drive Encryption
  • Attacks on Cryptography
  • Chapter Summary
  • Part IV: Network Security
  • Chapter 9: Understanding Networks and Network Security
  • Introduction
  • Networking Fundamentals
  • Computer Communication
  • Network and its Components
  • Network Protocols
  • OSI (Open Systems Interconnection) Reference Model
  • TCP/IP Model
  • Network Vulnerabilities and Threats
  • Vulnerabilities
  • Security Policy Weaknesses
  • Technology Weaknesses
  • Configuration Weaknesses
  • Threats
  • Attacks
  • Reconnaissance
  • Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)
  • Other Attacks on Networks
  • How to counter the Network Attacks
  • Chapter Summary
  • Chapter 10: Firewalls
  • Introduction
  • How Do You Protect a Network?
  • Firewall
  • Basic Functions of Firewall
  • Packet Filtering
  • How a packet filtering firewall works
  • TCP Layer
  • An Example of Packet Filtering Rules
  • Advantages and Disadvantages of Packet filtering.
  • Stateful Packet Filtering.

Similar Items