Principles of Information Security 6th Edition by Michael Whitman, Herbert Mattord ISBN 9781337405713 133740571X

Principles of Information Security 6th Edition by Michael Whitman, Herbert Mattord  – Ebook PDF Instant Download/Delivery: 9781337405713 ,133740571X
Full download Principles of Information Security 6th Edition after payment

Product details:
ISBN 10: 133740571X
ISBN 13: 9781337405713
Author: Michael Whitman, Herbert Mattord

Principles of Information Security 6th Edition Table of contents:

Chapter 1. Introduction to the Management of Information Security

Introduction to Security

CNSS Security Model

The Value of Information and the C.I.A. Triad

Key Concepts of Information Security: Threats and Attacks

The 12 Categories of Threats

Management and Leadership

Behavioral Types of Leaders

Management Characteristics

Governance

Solving Problems

Principles of Information Security Management

Planning

Policy

Programs

Protection

People

Projects

Additional Reading

Chapter Summary

Key Terms

Review Questions

Exercises

Closing Case

Chapter 2. Compliance: Law and Ethics

Introduction to Law and Ethics

Ethics in InfoSec

Ethics and Education

Deterring Unethical and Illegal Behavior

Professional Organizations and Their Codes of Conduct

Association for Computing Machinery (ACM)

International Information Systems Security Certification Consortium, Inc. (ISC)2

SANS

Information Systems Audit and Control Association (ISACA)

Information Systems Security Association (ISSA)

Information Security and Law

Types of Law

Relevant U.S. Laws

International Laws and Legal Bodies

State and Local Regulations

Standards Versus Law

Policy Versus Law

Organizational Liability and the Management of Digital Forensics

Key Law Enforcement Agencies

Managing Digital Forensics

Additional Reading

Chapter Summary

Key Terms

Review Questions

Exercises

Closing Case

Chapter 3. Governance and Strategic Planning for Security

The Role of Planning

Precursors to Planning

Strategic Planning

Creating a Strategic Plan

Planning Levels

Planning and the CISO

Information Security Governance

The ITGI Approach to Information Security Governance

NCSP Industry Framework for Information Security Governance

CERT Governing for Enterprise Security Implementation

ISO/IEC 27014:2013 Governance of Information Security

Security Convergence

Planning for Information Security Implementation

Implementing the Security Program using the SecSDLC

Additional Reading

Chapter Summary

Key Terms

Review Questions

Exercises

Closing Case

Chapter 4. Information Security Policy

Why Policy?

Policy, Standards, and Practices

Enterprise Information Security Policy

Integrating an Organization’s Mission and Objectives into the EISP

EISP Elements

Example EISP Elements

Issue-Specific Security Policy

Elements of the ISSP

Implementing the ISSP

System-Specific Security Policy

Managerial Guidance SysSPs

Technical Specification SysSPs

Guidelines for Effective Policy Development and Implementation

Developing Information Security Policy

Policy Distribution

Policy Reading

Policy Comprehension

Policy Compliance

Policy Enforcement

Policy Development and Implementation Using the SDLC

Software Support for Policy Administration

Other Approaches to Information Security Policy Development

SP 800-18, Rev. 1: Guide for Developing Security Plans for Federal Information Systems

A Final Note on Policy

Additional Reading

Chapter Summary

Key Terms

Review Questions

Exercises

Closing Case

Chapter 5. Developing the Security Program

Organizing for Security

Security in Large Organizations

Security in Medium-Sized Organizations

Security in Small Organizations

Placing Information Security Within an Organization

Components of the Security Program

Staffing the Security Function

Information Security Professional Credentials

Entering the Information Security Profession

Implementing Security Education, Training, and Awareness (SETA) Programs

Security Education

Security Training

Security Awareness

Project Management in Information Security

Projects Versus Processes

Organizational Support for Project Management

PMBOK Knowledge Areas

Project Management Tools

Additional Reading

Chapter Summary

Key Terms

Review Questions

Exercises

Closing Case

Chapter 6. Risk Management: Assessing Risk

Introduction to the Management of Risk in Information Security

Knowing Yourself and Knowing the Enemy

The Information Security Risk Management Framework

Roles of Communities of Interest in Managing Risk

Executive Governance and Support

Framework Design

Framework Implementation

Framework Monitoring and Review

Continuous Improvement

The Risk Management Process

RM Process Preparation—Establishing the Context

Risk Assessment: Risk Identification

Risk Assessment: Risk Analysis

Risk Evaluation

Risk Treatment/Risk Control

Process Communications, Monitoring, and Review

Additional Reading

Chapter Summary

Key Terms

Review Questions

Exercises

Closing Case

Chapter 7. Risk Management: Treating Risk

Introduction to Risk Treatment

Risk Treatment Strategies

Managing Risk

Feasibility and Cost-benefit Analysis

Other Methods of Establishing Feasibility

Alternatives to Feasibility Analysis

Recommended Alternative Risk Treatment Practices

Alternative Risk Management Methodologies

The OCTAVE Methods

Microsoft Risk Management Approach

FAIR

ISO Standards for InfoSec Risk Management

NIST Risk Management Framework (RMF)

Other Methods

Selecting the Best Risk Management Model

Additional Reading

Chapter Summary

Key Terms

Review Questions

Exercises

Closing Case

Chapter 8. Security Management Models

Introduction to Blueprints, Frameworks, and Security Models

Security Management Models

The ISO 27000 Series

NIST Security Publications

Control Objectives for Information and Related Technology

Committee of Sponsoring Organizations

Information Technology Infrastructure Library

Information Security Governance Framework

Security Architecture Models

TCSEC and the Trusted Computing Base

Information Technology System Evaluation Criteria

The Common Criteria

Access Control Models

Categories of Access Controls

Other Forms of Access Control

Academic Access Control Models

Bell-LaPadula Confidentiality Model

Biba Integrity Model

Clark-Wilson Integrity Model

Graham-Denning Access Control Model

Harrison-Ruzzo-Ullman Model

Brewer-Nash Model (Chinese Wall)

Additional Reading

Chapter Summary

Key Terms

Review Questions

Exercises

Closing Case

Chapter 9. Security Management Practices

Introduction to Security Practices

Security Employment Practices

Hiring

Contracts and Employment

Security Expectations in the Performance Evaluation

Termination Issues

Personnel Security Practices

Security of Personnel and Personal Data

Security Considerations for Temporary Employees, Consultants, and Other Workers

Information Security Performance Measurement

InfoSec Performance Management

Building the Performance Measurement Program

Specifying InfoSec Measurements

Collecting InfoSec Measurements

Implementing InfoSec Performance Measurement

Reporting InfoSec Performance Measurements

Benchmarking

Standards of Due Care/Due Diligence

Recommended Security Practices

Selecting Recommended Practices

Limitations to Benchmarking and Recommended Practices

Baselining

Support for Benchmarks and Baselines

ISO Certification

Additional Reading

Chapter Summary

Key Terms

Review Questions

Exercises

Closing Case

Chapter 10. Planning for Contingencies

Introduction to Contingency Planning

Fundamentals of Contingency Planning

Components of Contingency Planning

Business Impact Analysis

Contingency Planning Policies

Incident Response

Getting Started

Incident Response Policy

Incident Response Planning

Detecting Incidents

Reacting to Incidents

Recovering from Incidents

Disaster Recovery

The Disaster Recovery Process

Disaster Recovery Policy

Disaster Classification

Planning to Recover

Responding to the Disaster

Simple Disaster Recovery Plan

Business Continuity

Business Continuity Policy

Continuity Strategies

Timing and Sequence of CP Elements

Crisis Management

Business Resumption

Testing Contingency Plans

Final Thoughts on CP

Additional Reading

Chapter Summary

Key Terms

Review Questions

Exercises

Closing Case

Chapter 11. Security Maintenance

Introduction to Security Maintenance

Security Management Maintenance Models

NIST SP 800-100, Information Security Handbook: A Guide for Managers

The Security Maintenance Model

Additional Reading

Chapter Summary

Key Terms

Review Questions

Exercises

Closing Case

Chapter 12. Protection Mechanisms

Introduction to Protection Mechanisms

Access Controls and Biometrics

Managing Network Security

Firewalls

Intrusion Detection and Prevention Systems

Wireless Networking Protection

Scanning and Analysis Tools

Managing Server-Based Systems with Logging

Managing Security for Emerging Technologies

Cryptography

Encryption Operations

Using Cryptographic Controls

Managing Cryptographic Controls

Additional Reading

Chapter Summary

Key Terms

Review Questions

Exercises

Closing Case

Appendix

People also search for Principles of Information Security 6th Edition:

basic principles of information security

fundamental principles of information security

state the three key principles of information security

state the three key principles of information security

Tags:

Michael Whitman,Herbert Mattord,Information Security