Read more
Informationen zum Autor STUART JACOBS is a Lecturer at Boston University, teaching graduate courses on Network and Computer Security and Enterprise Information Security, along with advising on security curricula issues. Mr. Jacobs also serves as an Industry Security Subject Matter Expert for the Alliance for the Telecommunications Industry Solutions (ATIS) and as the Technical Editor of the ATIS Technical Report "Information and Communications Security for NGN Converged Services IP Networks and Infrastructure" and ITU-T M.3410, "Guidelines and Requirements for Security Management Systems". He holds an MSc degree and CISSP Certification, and is a member of IEEE and IEEE Computer Society, Association for Computing Machinery (ACM), International Information Systems Security Certification Consortium (ISC)2, Information Systems Security Association (ISSA) and InfraGuard. Klappentext Engineering Information Security covers all aspects of information security using a systematic engineering approach and focuses on the viewpoint of how to control access to information.* Includes a discussion about protecting storage of private keys, SCADA, Cloud, Sensor, and Ad Hoc networks* Covers internal operations security processes of monitors, review exceptions, and plan remediation* Over 15 new sections* Instructor resources such as lecture slides, assignments, quizzes, and a set of questions organized as a final examIf you are an instructor and adopted this book for your course, please email ieeeproposals@wiley.com to get access to the additional instructor materials for this book. Zusammenfassung Engineering Information Security covers all aspects of information security using a systematic engineering approach and focuses on the viewpoint of how to control access to information. Inhaltsverzeichnis Preface and Acknowledgments xxiii About the Companion Website xxvii 1 What Is Security? 1 1.1 Introduction 1 1.2 The Subject of Security 2 1.2.1 Branches of Security 2 1.2.2 Defining Security by Function 5 1.2.3 The Common Body of Knowledge (CBK) Security Domains 8 1.3 A Twenty-First Century Tale 15 1.3.1 The Actors 15 1.3.2 What Actually Occurred 17 1.3.3 How Could All This Have Been Prevented? 19 1.3.4 They Did Not Live Happily Ever After 20 1.4 Why Are You Important to Computer Security? 21 1.4.1 What Are the Threats to Your Computer? 22 1.4.2 As a User, What to Do? 23 1.4.3 The Reality of Cybercrime and Cyberwarfare 23 1.5 End of the Beginning 25 1.6 Chapter Summary 29 1.7 Further Reading and Resources 30 2 Systems Engineering 31 2.1 So What Is Systems Engineering? 31 2.1.1 Similar Systems Engineering Process 32 2.1.2 Another Systems Engineering View 38 2.1.3 Process Variations 41 2.2 Process Management 41 2.2.1 ISO 9000 Processes and Procedures 41 2.2.2 Capability Maturity Model (CMM) 43 2.3 Organization Environments 46 2.3.1 Economic, Legal, and Political Contexts 47 2.3.2 Business/Organizational Types 52 2.3.3 National Critical Infrastructure 56 2.4 Chapter Summary 59 2.5 Further Reading and Resources 59 3 Foundation Concepts 61 3.1 Security Concepts and Goals 62 3.1.1 Subjects and Objects 63 3.1.2 What Is Trust? 63 3.1.3 Domains, Security, and Trust 64 3.1.4 Security Goals/Objectives 65 3.1.5 X.800 Security Services 66 3.1.6 A Modern Definition of Security Services 69 3.2 Role of Cryptography in Information Security 77 3.2.1 Cryptographic Hash Algorithms 81 3.2.2 Encryption Algorithms 86 3.2.3 Cryptanalysis and Other Key Issues 101 3.2.4 Key Management 108 3.2.5 Cryptographic Authentication 112 3.3 Key Management Revisited 120
