Engineering Information Security - The Application of Systems Engineering Concepts to Achieve

Read more

Informationen zum Autor Stuart Jacobs is Principal Consultant for YCS Consulting LLC and a Lecturer at Boston University Metropolitan College. He serves as an Industry Security Subject Matter Expert for the Telecommunications Management and Operations Committee (TMOC) of the Alliance for the Telecommunications Industry Solutions (ATIS). Mr. Jacobs has also served as a technical editor of ATIS Joint Committee Technical Reports and ITU-T Recommendations. Klappentext Information security is the act of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. This book discusses why information security is needed and how security problems can have widespread impacts. It covers the complete security lifecycle of products and services, starting with requirements and policy development and progressing through development, deployment, and operations, and concluding with decommissioning. Professionals in the sciences, engineering, and communications fields will turn to this resource to understand the many legal, technical, competitive, criminal and consumer forces and influences that are rapidly changing our information dependent society.For solution manual, contact ieeepress@ieee.org Zusammenfassung Information security is the act of protecting information from unauthorized access! use! disclosure! disruption! modification! or destruction. This book discusses why information security is needed and how security problems can have widespread impacts. It covers the complete security lifecycle of products and services! starting with requirements and policy development and progressing through development! deployment! and operations! and concluding with decommissioning. Professionals in the sciences! engineering! and communications fields will turn to this resource to understand the many legal! technical! competitive! criminal and consumer forces and influences that are rapidly changing our information dependent society.For solution manual! contact ieeepress@ieee.org Inhaltsverzeichnis Preface and Acknowledgments xxiii1 WHAT IS SECURITY? 11.1 Introduction 11.2 The Subject of Security 21.3 A Twenty-First Century Tale 151.4 Why are You Important to Computer Security? 211.5 End of the Beginning 231.6 Chapter Summary 251.7 Further Reading and Resources 261.8 Questions 261.9 Exercises 272 SYSTEMS ENGINEERING 292.1 So What Is Systems Engineering? 292.2 Process Management 372.3 Organization Environments 442.4 Chapter Summary 562.5 Further Reading and Resources 572.6 Questions 572.7 Exercises 583 FOUNDATION CONCEPTS 593.1 Security Concepts and Goals 603.2 Role of Cryptology in Information Security 793.3 Key Management Revisited 1113.4 Chapter Summary 1133.5 Further Reading and Resources 1133.6 Questions 1143.7 Exercises 1174 AUTHENTICATION OF SUBJECTS 1194.1 Authentication Systems 119Status Verification 1384.2 Human Authentication 1504.3 Chapter Summary 1634.4 Further Reading and Resources 1634.5 Questions 1644.6 Exercises 1665 SECURITY SYSTEMS ENGINEERING 1675.1 Security Policy Development 1685.2 Senior Management Oversight and Involvement 1685.3 Security Process Management and Standards 1685.4 Information Security Systems Engineering Methodology 1855.5 Requirements Analysis and Decomposition 2185.6 Access Control Concepts 2215.7 Security Modeling and Security-Related Standards 2285.8 Chapter Summary 2425.9 Questions 2435.10 Exercises 2466 TRADITIONAL NETWORK CONCEPTS 2496.1 Networking Architectures 2496.2 Types of Networks 2546.3 Network Protocols 259Signaling and Control Application Protocols 3236.4 Chapter Summary 3326.5 Further Reading and Resources 3326.6 Questions 3326.7 Exercises 3347 NEXT-GENERATION NETWORKS 3357.1 Framework and Topology of the NGN 3367.2 The NGN Functional Reference Model 3437.3 Relationship between ...

List of contents

Preface and Acknowledgments xxiii

1 WHAT IS SECURITY? 1

1.1 Introduction 1

1.2 The Subject of Security 2

1.3 A Twenty-First Century Tale 15

1.4 Why are You Important to Computer Security? 21

1.5 End of the Beginning 23

1.6 Chapter Summary 25

1.7 Further Reading and Resources 26

1.8 Questions 26

1.9 Exercises 27

2 SYSTEMS ENGINEERING 29

2.1 So What Is Systems Engineering? 29

2.2 Process Management 37

2.3 Organization Environments 44

2.4 Chapter Summary 56

2.5 Further Reading and Resources 57

2.6 Questions 57

2.7 Exercises 58

3 FOUNDATION CONCEPTS 59

3.1 Security Concepts and Goals 60

3.2 Role of Cryptology in Information Security 79

3.3 Key Management Revisited 111

3.4 Chapter Summary 113

3.5 Further Reading and Resources 113

3.6 Questions 114

3.7 Exercises 117

4 AUTHENTICATION OF SUBJECTS 119

4.1 Authentication Systems 119

Status Verification 138

4.2 Human Authentication 150

4.3 Chapter Summary 163

4.4 Further Reading and Resources 163

4.5 Questions 164

4.6 Exercises 166

5 SECURITY SYSTEMS ENGINEERING 167

5.1 Security Policy Development 168

5.2 Senior Management Oversight and Involvement 168

5.3 Security Process Management and Standards 168

5.4 Information Security Systems Engineering Methodology 185

5.5 Requirements Analysis and Decomposition 218

5.6 Access Control Concepts 221

5.7 Security Modeling and Security-Related Standards 228

5.8 Chapter Summary 242

5.9 Questions 243

5.10 Exercises 246

6 TRADITIONAL NETWORK CONCEPTS 249

6.1 Networking Architectures 249

6.2 Types of Networks 254

6.3 Network Protocols 259

Signaling and Control Application Protocols 323

6.4 Chapter Summary 332

6.5 Further Reading and Resources 332

6.6 Questions 332

6.7 Exercises 334

7 NEXT-GENERATION NETWORKS 335

7.1 Framework and Topology of the NGN 336

7.2 The NGN Functional Reference Model 343

7.3 Relationship between NGN Transport and Service Domains 351

7.4 Enterprise Role Model 353

7.5 Security Allocation within the NGN Transport Stratum Example 356

7.6 Converged Network Management (TMN and eTOM) 357

7.7 General Network Security Architectures 364

7.8 Chapter Summary 368

7.9 Further Reading and Resources 368

7.10 Exercises 370

8 GENERAL COMPUTER SECURITY ARCHITECTURE 371

8.1 The Hardware Protects the Software 372

8.2 The Software Protects Information 386

8.3 Element Security Architecture Description 388

8.4 Operating System (OS) Structure 397

8.5 Security Mechanisms for Deployed Operating Systems (OSs) 399

8.6 Chapter Summary 421

8.7 Further Reading and Resources 425

8.8 Questions 425

8.9 Exercises 426

9 COMPUTER SOFTWARE SECURITY 427

9.1 Specific Operating Systems (OSs) 427

9.2 Applications 459

9.3 Example Detailed Security Requirements for Specific Operating Systems and Applications 474

9.4 Chapter Summary 476

9.5 Further Reading and Resources 477

9.6 Questions 477

9.7 Exercises 478

10 SECURITYSYSTEMS DESIGN--DESIGNINGNETWORKSECURITY 479

10.1 Introduction 479

10.2 Security Design for Protocol Layer 1 482

10.3 Layer 2--Data Link Security Mechanisms 485

10.4 Security Design for Protocol Layer 3 493

10.5 IP Packet Authorization and Access Control 525

10.6 Chapter Summary 538

10.7 Further Reading and Resources 538

10.8 Questions 539

10.9 Exercises 541

11 TRANSPORT AND APPLICATION SECURITY DESIGN AND USE 543

11.1 Layer 4--Transport Security Protocols 543

11.2 Layer 5--User Service Application Protocols 553

11.3 Chapter Summary 603

11.4 Further Reading and Resources 603

11.5 Questions 604

11.6 Exercises 605

12 SECURING MANAGEMENT AND MANAGING SECURITY 607

12.1 Securing Management Applications 607

12.2 Operation, Administration, Maintenance, and Decommissioning 625

12.3 Systems Implementation or Procurement 647

12.4 Chapter Summary 657

12.5 F