The InfoSec Handbook
An Introduction to Information Security
(Sprache: Englisch)
The InfoSec Handbook offers the reader an organized layout of information that is easily read and understood. Allowing beginners to enter the field and understand the key concepts and ideas, while still keeping the experienced readers updated on topics and...
Voraussichtlich lieferbar in 3 Tag(en)
versandkostenfrei
Buch (Kartoniert)
48.14 €
Produktdetails
Produktinformationen zu „The InfoSec Handbook “
Klappentext zu „The InfoSec Handbook “
The InfoSec Handbook offers the reader an organized layout of information that is easily read and understood. Allowing beginners to enter the field and understand the key concepts and ideas, while still keeping the experienced readers updated on topics and concepts. It is intended mainly for beginners to the field of information security, written in a way that makes it easy for them to understand the detailed content of the book. The book offers a practical and simple view of the security practices while still offering somewhat technical and detailed information relating to security. It helps the reader build a strong foundation of information, allowing them to move forward from the book with a larger knowledge base.
Security is a constantly growing concern that everyone must deal with. Whether its an average computer user or a highly skilled computer user, they are always confronted with different security risks. These risks range in danger and should always be dealt with accordingly. Unfortunately, not everyone is aware of the dangers or how to prevent them and this is where most of the issues arise in information technology (IT). When computer users do not take security into account many issues can arise from that like system compromises or loss of data and information. This is an obvious issue that is present with all computer users.
This book is intended to educate the average and experienced user of what kinds of different security practices and standards exist. It will also cover how to manage security software and updates in order to be as protected as possible from all of the threats that they face.
Inhaltsverzeichnis zu „The InfoSec Handbook “
Section I- Introduction
Chapter 1: Introduction to Security
1. What is Security?
a. Why is it Important?
2. Information Security today
3. What to take from this book
4. How to read this book
a. Book Description
i. Sections
1. Chapters
ii. Appendices
Chapter 2: History of Computer Security
1. Introduction
2. Communication
a. Caesar Cipher
3. World Wars
- War has always influenced technical advancements. Explain how the world wars, WWII in particular, have made the security field grow.
a. Cipher machines
i. Enigma Machine
ii. Hagelin
b. Code Breakers
4. Historical Figures
- This is just to show the reader some of the big names that have appeared. Besides the listed figures, you can add other significant figures.
a. John Draper (Captain Crunch)
b. Kevin Mitnick
5. Chapter Summary
Section II
- Key Principles &
- Practices
Chapter 3: Section Introduction
1. General Introduction
- All of the following chapters in this section will discuss the general practices and key concepts involved in information security. This includes methods used to maintain a high level of security like access controls as well as management information.
Chapter 4: Key Concepts and Principles
1. Introduction
2. Concepts
a. Concepts
i. CIA Triad
1. Confidentiality
2. Integrity
3. Availability
ii. Perkerain Hexad
1. Confidentiality
2. Possession or Control
3. Integrity
4. Authenticity
5. Availability
6. Utility
3. Principles
a. Organization
b. Cost-Effective
c. Explicit Responsibilities &
- Accountability
4. Chapter Summary
Chapter 5: Access Controls
1. Introduction
2. What is an Access Control?
- An explanation of what access controls are and how they are used in a typical situation.
3. Importance of Access Control
4. Access Control Models
a. Discretionary
b. Mandatory
c. Role-Based
d. Attribute-Based
5. Chapter Summary
Chapter 6: Information Systems Management
1. Introduction
2. Disaster Recovery &
- Business
... mehr
Continuity
a. Recovery Plan
b. Continuity Plan
c. Evaluation of Effectiveness
3. Risk Management
a. Risk Analysis
b. Threat Identification
c. Control Documentation
4. Incident Response
a. Incident Response Plan
i. Information Gathering
ii. Computer Security Incident Response Team (CSIRT)
iii. Evaluation of Effectiveness
5. Chapter Summary
Section III
- Application Security
Chapter 7: Section Introduction
1. General Introduction
- Introduce the reader to the actual software side of security. The worries of applications becoming outdated and vulnerable to attack. As well as cryptography which offers application level solutions to storing information safely.
Chapter 8: Malicious Software
1. Introduction
2. What is malware?
a. Description
- Simple explanation of what malware is (malicious software).
3. Propagation
a. Examples of how quickly it can spread
- This can be followed up by the 'Historical Malware' section.
4. Types
- Basic descriptions and single example of what each is and how they function.
a. Virus
b. Worm
c. Trojan
d. Botnet
e. Spyware
f. Adware
5. Historical Malware
6. Chapter Summary
Chapter 9: Anti-Virus
1. Introduction
2. Anti-Virus
- Explain what anti-virus is. The reader should understand already, but this should also explain why it is so important and what it protects the user from.
3. Benefits of using Anti-Virus
4. Managing Anti-Virus
- This will be a basic explanation of how you maintain an anti-virus
.a. Updates
5. Common Anti-Virus
- Talk about the different popular anti-virus options and what each offers.
a. Norton
b. AVG
c. Avast
d. Others
6. Chapter Summary
Chapter 10: Cryptography
1. Introduction
2. Cryptography
- Explain what cryptography is. Basic definitions and how it works in a simple scenario. The reader must understand it at a simple level before learning the more complex parts.
3. History of Cryptography
a. Historical Cryptography
i. Caesar cipher
ii. Scytale
b. Modern Cryptography
4. Application Usage
- Applications like TrueCrypt, list some that are popular and their usage.
5. Network Usage
- This is in terms of things like VPN's and HTTPS.
6. Keys
a. Symmetric
b. Asymmetric
7. Certificates
- Discuss how certificates can be used in cryptographic transactions.
8. Hashing algorithms
a. Examples
i. Secure Hash Algorithm
ii. Message-Digest Algorithm
9. File Encryption Tools
- Restate some of the tools discussed earlier and offer links to obtain them.
10. Chapter Summary
Section IV
- Network Security
Chapter 11: Section Introduction
1. General Introduction
- This section will discuss everything network related. The reader needs to understand the network and how it functions. This is followed by them understanding some of the more key points involved.
Chapter 12: Understanding the network
1. Introduction
- A pretty basic section to either explain how a network works to the reader or remind them some of the key points. This isn't meant to be a huge section explaining everything. Some of the key points involved in the process of things and that's all.
2. Basic networking
a. How does it work?
3. Models
- Explain the different models in detail, including images and examples to ensure they have a good grasp of them.
a. OSI Mode
l b. TCP/IP Model
4. Chapter Summary
Chapter 13: Firewalls
1. Introduction
- Basic section explaining firewalls and their functionality.
2. What does it do?
3. Why is it important?
4. Types
- There have been different generations throughout the years. Explain the different versions that have existed and how they are different.
a. Network Layer
i. Packet Filteringl
b. Transport Layer
i. Stateful Filterl
c. Application Layer
5. Custom Rules
6. Exceptions
7. Chapter Summary
Chapter 14: Intrusion Detection &
- Prevention Systems
1. Introduction
2. Purpose of IDS/IPS
- Explain the reasons for using and maintaining an IDS/IPS system as well as the importance of having them.
a. Uses for it
3. Detection Methodologies
- Talk about how the different methods work, which is the most common and why.
a. Signature-Based
b. Anomaly
c. Stateful Protocol Analysis
4. Types of IDS/IPS Technologies
- There are several different technologies that exist to perform the required tasks discussed. Describe some of the common ones that exist and how they function.
a. Network-Based
b. Wireless
c. Network Behavior Analysis
d. Host-Based
5. Chapter Summary
Chapter 15: Virtual Private Networks
1. Introduction
2. What is VPN?
- Give a lot of detail when explaining what a VPN actually is. Descriptive examples and images will also help the reader understand what they are and how they are used.
a. Cryptographic traffic
3. Usage
4. Types of VPN
- Explain the different types in good detail. How they work, what they are used for, etc.
a. Remote Access
b. Site-to-Site
5. Protocols
- Explain some of the protocols used to make VPN's effective.
6. Chapter Summary
Chapter 16: Data Backups &
- Cloud Computing
1. Introduction
2. Backup
- This section of the chapter will explain to the user the usage and benefits of backing up data. This is obviously followed by the cloud information, which will add to backups.
a. Benefits of using backup
b. Dangers of not having backup
c. Types
i. On-line
ii. Near-line
iii. Off-line
iv. Off-site
v. DRC (Data Recovery Centers)
3. Cloud Computing
- Here you will explain the benefits of the cloud, and how it is used. This includes for backup, as well as other services.
a. Deployment Models
i. Public
ii. Community
iii. Private
iv. Hybrid
b. Service Models
i. Infrastructure
ii. Platform
iii. Software
c. Issues
i. Privacy
ii. Compliance
- for regulations
4. Chapter Summary
Section V
- Physical Security
Chapter 17: Section Introduction
1. General Introduction
- This section is short, however it is still important for the reader to understand. They need to understand that there are other security risks that aren't all inside of the computer systems. There are physical methods of gaining access and they are very common and effective.
Chapter 18: Biometrics
1. Introduction
2. What is Biometrics?
a. Fact vs. Fiction (Misconceptions from movies and other media)
3. Increasing popularity
4. Functionality
a. Characteristics
- Characteristics that they all use. Explain them and their importance.
i. Universal
ii. Measurable
iii. Acceptance
b. Analysis
- Based on the biometric being used, the measurements are going to be different. However you can give the reader various examples of what some different biometrics use to measure and analyze the input.
i. Measurements
1. Examples
5. Multi-Biometric Systems
6. Issues &
- Controversy
7. Chapter Summary
Chapter 19: Social Engineering
1. Introduction
2. What is Social Engineering?
- The reader needs to understand how effective social engineering can be. It is something that happens more often than people think because of how easily and undetectable it can be.
a. Effectiveness
b. Risk
3. Techniques
- All of the techniques discussed need good examples of how they work and why.
a. Pretexting
b. Diverse Thief
c. Phishing
d. Vishing
e. Baiting
f. Tailgating
4. Notable Social Engineers -Interesting section for the reader to learn about some of the people who have become successful at social engineering and published their exploits.
5. Chapter Summary
Section VI
- Conclusion &
- Appendices
Chapter 20: Summary / Conclusion
1. Summary
- A final summary of the whole book. This will review over each section that was covered. Giving final bits of information and advice about each.
a. Section I
b. Section II
c. Section III
d. Section IV
e. Section V
2. Conclusion
- Short chapter concluding all of the information that has been gone over in the book.
3. Closing Statement
- Final chapter leading the book to a close. This will include the thanks to the reader for sticking though it. It will also give further reading suggestions to the reader in there is extra interest.
Appendix A: Glossary Appendix B: Resources
1. Books
2. Websites
Appendix C: References
a. Recovery Plan
b. Continuity Plan
c. Evaluation of Effectiveness
3. Risk Management
a. Risk Analysis
b. Threat Identification
c. Control Documentation
4. Incident Response
a. Incident Response Plan
i. Information Gathering
ii. Computer Security Incident Response Team (CSIRT)
iii. Evaluation of Effectiveness
5. Chapter Summary
Section III
- Application Security
Chapter 7: Section Introduction
1. General Introduction
- Introduce the reader to the actual software side of security. The worries of applications becoming outdated and vulnerable to attack. As well as cryptography which offers application level solutions to storing information safely.
Chapter 8: Malicious Software
1. Introduction
2. What is malware?
a. Description
- Simple explanation of what malware is (malicious software).
3. Propagation
a. Examples of how quickly it can spread
- This can be followed up by the 'Historical Malware' section.
4. Types
- Basic descriptions and single example of what each is and how they function.
a. Virus
b. Worm
c. Trojan
d. Botnet
e. Spyware
f. Adware
5. Historical Malware
6. Chapter Summary
Chapter 9: Anti-Virus
1. Introduction
2. Anti-Virus
- Explain what anti-virus is. The reader should understand already, but this should also explain why it is so important and what it protects the user from.
3. Benefits of using Anti-Virus
4. Managing Anti-Virus
- This will be a basic explanation of how you maintain an anti-virus
.a. Updates
5. Common Anti-Virus
- Talk about the different popular anti-virus options and what each offers.
a. Norton
b. AVG
c. Avast
d. Others
6. Chapter Summary
Chapter 10: Cryptography
1. Introduction
2. Cryptography
- Explain what cryptography is. Basic definitions and how it works in a simple scenario. The reader must understand it at a simple level before learning the more complex parts.
3. History of Cryptography
a. Historical Cryptography
i. Caesar cipher
ii. Scytale
b. Modern Cryptography
4. Application Usage
- Applications like TrueCrypt, list some that are popular and their usage.
5. Network Usage
- This is in terms of things like VPN's and HTTPS.
6. Keys
a. Symmetric
b. Asymmetric
7. Certificates
- Discuss how certificates can be used in cryptographic transactions.
8. Hashing algorithms
a. Examples
i. Secure Hash Algorithm
ii. Message-Digest Algorithm
9. File Encryption Tools
- Restate some of the tools discussed earlier and offer links to obtain them.
10. Chapter Summary
Section IV
- Network Security
Chapter 11: Section Introduction
1. General Introduction
- This section will discuss everything network related. The reader needs to understand the network and how it functions. This is followed by them understanding some of the more key points involved.
Chapter 12: Understanding the network
1. Introduction
- A pretty basic section to either explain how a network works to the reader or remind them some of the key points. This isn't meant to be a huge section explaining everything. Some of the key points involved in the process of things and that's all.
2. Basic networking
a. How does it work?
3. Models
- Explain the different models in detail, including images and examples to ensure they have a good grasp of them.
a. OSI Mode
l b. TCP/IP Model
4. Chapter Summary
Chapter 13: Firewalls
1. Introduction
- Basic section explaining firewalls and their functionality.
2. What does it do?
3. Why is it important?
4. Types
- There have been different generations throughout the years. Explain the different versions that have existed and how they are different.
a. Network Layer
i. Packet Filteringl
b. Transport Layer
i. Stateful Filterl
c. Application Layer
5. Custom Rules
6. Exceptions
7. Chapter Summary
Chapter 14: Intrusion Detection &
- Prevention Systems
1. Introduction
2. Purpose of IDS/IPS
- Explain the reasons for using and maintaining an IDS/IPS system as well as the importance of having them.
a. Uses for it
3. Detection Methodologies
- Talk about how the different methods work, which is the most common and why.
a. Signature-Based
b. Anomaly
c. Stateful Protocol Analysis
4. Types of IDS/IPS Technologies
- There are several different technologies that exist to perform the required tasks discussed. Describe some of the common ones that exist and how they function.
a. Network-Based
b. Wireless
c. Network Behavior Analysis
d. Host-Based
5. Chapter Summary
Chapter 15: Virtual Private Networks
1. Introduction
2. What is VPN?
- Give a lot of detail when explaining what a VPN actually is. Descriptive examples and images will also help the reader understand what they are and how they are used.
a. Cryptographic traffic
3. Usage
4. Types of VPN
- Explain the different types in good detail. How they work, what they are used for, etc.
a. Remote Access
b. Site-to-Site
5. Protocols
- Explain some of the protocols used to make VPN's effective.
6. Chapter Summary
Chapter 16: Data Backups &
- Cloud Computing
1. Introduction
2. Backup
- This section of the chapter will explain to the user the usage and benefits of backing up data. This is obviously followed by the cloud information, which will add to backups.
a. Benefits of using backup
b. Dangers of not having backup
c. Types
i. On-line
ii. Near-line
iii. Off-line
iv. Off-site
v. DRC (Data Recovery Centers)
3. Cloud Computing
- Here you will explain the benefits of the cloud, and how it is used. This includes for backup, as well as other services.
a. Deployment Models
i. Public
ii. Community
iii. Private
iv. Hybrid
b. Service Models
i. Infrastructure
ii. Platform
iii. Software
c. Issues
i. Privacy
ii. Compliance
- for regulations
4. Chapter Summary
Section V
- Physical Security
Chapter 17: Section Introduction
1. General Introduction
- This section is short, however it is still important for the reader to understand. They need to understand that there are other security risks that aren't all inside of the computer systems. There are physical methods of gaining access and they are very common and effective.
Chapter 18: Biometrics
1. Introduction
2. What is Biometrics?
a. Fact vs. Fiction (Misconceptions from movies and other media)
3. Increasing popularity
4. Functionality
a. Characteristics
- Characteristics that they all use. Explain them and their importance.
i. Universal
ii. Measurable
iii. Acceptance
b. Analysis
- Based on the biometric being used, the measurements are going to be different. However you can give the reader various examples of what some different biometrics use to measure and analyze the input.
i. Measurements
1. Examples
5. Multi-Biometric Systems
6. Issues &
- Controversy
7. Chapter Summary
Chapter 19: Social Engineering
1. Introduction
2. What is Social Engineering?
- The reader needs to understand how effective social engineering can be. It is something that happens more often than people think because of how easily and undetectable it can be.
a. Effectiveness
b. Risk
3. Techniques
- All of the techniques discussed need good examples of how they work and why.
a. Pretexting
b. Diverse Thief
c. Phishing
d. Vishing
e. Baiting
f. Tailgating
4. Notable Social Engineers -Interesting section for the reader to learn about some of the people who have become successful at social engineering and published their exploits.
5. Chapter Summary
Section VI
- Conclusion &
- Appendices
Chapter 20: Summary / Conclusion
1. Summary
- A final summary of the whole book. This will review over each section that was covered. Giving final bits of information and advice about each.
a. Section I
b. Section II
c. Section III
d. Section IV
e. Section V
2. Conclusion
- Short chapter concluding all of the information that has been gone over in the book.
3. Closing Statement
- Final chapter leading the book to a close. This will include the thanks to the reader for sticking though it. It will also give further reading suggestions to the reader in there is extra interest.
Appendix A: Glossary Appendix B: Resources
1. Books
2. Websites
Appendix C: References
... weniger
Autoren-Porträt von Umesha Nayak, Umesh Hodeghatta Rao
Umesha Nayak is a director?and principal consultant of MUSA software engineering pvt. Ltd. which is into systems / process / management consulting.? He has? 32 years experience,?? of which 11 years are in providing consultancy to?IT / manufacturing for other organizations from across the globe.? He is a master of science in software systems; master of arts in economics; CAIIB; certified information systems auditor (CISA) and certified risk and information systems control (CRISC) professional from ISACA, US; PGDFM; certified lead auditor for many of the standards, among others.?? He has worked extensively?in banking, software development, product design and development, project management, program management, information technology audits, information application audits, quality assurance, coaching, product reliability, human resource management, consultancy, etc.? He was vice president and corporate executive council member at Polaris software lab, Chennai prior to?his current assignment.? He also held various roles like head of quality, head of SEPG and head of strategic practice unit ? risks & treasury at Polaris software lab.? He started his journey with computers in 1981 with ICL mainframes and continued further with minis, pcs etc.? He was one of the founding members of the information systems auditing in the banking industry in India. He has effectively guided many organizations through successful ISO 9001/ISO 27001/CMMI certifications and?process improvements.?
Bibliographische Angaben
- Autoren: Umesha Nayak , Umesh Hodeghatta Rao
- 2014, 1st ed., XXIV, 392 Seiten, Maße: 19,1 x 23,5 cm, Kartoniert (TB), Englisch
- Verlag: Springer, Berlin
- ISBN-10: 1430263822
- ISBN-13: 9781430263821
- Erscheinungsdatum: 30.08.2014
Sprache:
Englisch
Kommentar zu "The InfoSec Handbook"
0 Gebrauchte Artikel zu „The InfoSec Handbook“
Zustand | Preis | Porto | Zahlung | Verkäufer | Rating |
---|
Schreiben Sie einen Kommentar zu "The InfoSec Handbook".
Kommentar verfassen