A strategy-based introduction to information security methods and techniques
1. Introduction & Definitions
2. Strategies and Security
3. Deception Strategies: Network Organization
4. Deception Strategies: Defensive technologies
5. Frustration Strategies: Footprint Minimization
6. Frustration Strategies: Formal verification
7. Resistance Strategies: Authentication & Permissions
8. Resistance Strategies: Encryption
9. Resistance Strategies: Partitioning & Need-to-Know
10. Resistance Strategies: Change management
11. Recognition Strategies: Network Analysis
12. Recognition Strategies: Intrusion Detection and Prevention
13. Recognition Strategies: Host-based recognition & Forensics
14. Recognition Strategies: Integrity detection
15. Recovery of Security
16. Summary: Certifications and Conclusions
Dr. Timothy Shimeall is an Adjunct Professor of the Heinz College of Carnegie Mellon University, with teaching and research interests focused in the area of information survivability. He is an active instructor in information security management and information warfare, and has led a variety of survivability-related independent studies. Tim is also a senior member of the technical staff with the CERT Network Situational Awareness Group of Carnegie Mellon’s Software Engineering Institute, where he is responsible for overseeing and participating in the development of analysis methods in the area of network systems security and survivability. This work includes development of methods to identify trends in security incidents and in the development of software used by computer and network intruders. Of particular interest are incidents affecting defended systems and malicious software that are effective despite common defenses. Prior to his time at Carnegie Mellon, Tim was an Associate Professor at the Naval Postgraduate School in Monterey, CA. Jonathan Spring is a member of the technical staff with the CERT Network Situational Awareness Group of the Software Engineering Institute, Carnegie Mellon University. He began working at CERT in 2009. He also serves as an adjunct professor at the University of Pittsburgh’s School of Information Sciences. His current research topics include monitoring cloud computing and DNS traffic analysis. He holds a Master’s degree in information security and a Bachelor’s degree in philosophy from the University of Pittsburgh.
"...this is a top-down approach to securing an organisation,
helping you to understand how all the pieces fit together...The
people most likely to benefit...are IT staff who don’t necessarily
have a great deal of experience in security." --Network
Security,December 1 2013
This work can best serve as a supplemental general resource to
accompany a more-technical work on information security
(IS)…overall, the text is well-written and engaging...Summing Up:
Recommended" --CHOICE,August 1 2014
"If you want to roll your sleeves up and do the computer equivalent
of getting your hands greasy under the bonnet, this book will take
you through hosts, firewalls, passwords, phishing and the like.
Thanks partly to case studies and profiles, the authors never
forget that infosec is about people, both the good guys and the
fraudsters and hackers." --Professional Security Magazine Online,
May 28, 2014
"The book provides a good balance between the broad aspects of
information security, privacy and risk management; without
overwhelming the novice with far too much minutiae…For those
looking for an introduction to the topic, that nonetheless provides
a comprehensive overview of the relevant areas, Introduction to
Information Security: A Strategic-Based Approach is an excellent
reference." --RSAConference.com, May 7, 2014
"As an American book, it covers US law on the subject…If you want
to roll your sleeves up and do the computer equivalent of getting
your hands greasy under the bonnet, this book will take you through
hosts, firewalls, passwords, phishing and the like. Thanks partly
to case studies and profiles, the authors never forget that infosec
is about people, both the good guys and the fraudsters and
hackers." --Professional Security Magazine Online, March 31,
2014
"Along with being an excellent discussion for the security
professional, this book is ideally suited for use as a textbook at
the undergraduate or graduate level,…For professionals and students
alike, the book offers two outstanding features throughout the
text: profiles of individuals who made important contributions to
the field, and descriptions of real-world attacks that led to many
of the technologies and methods discussed." --ComputingReviews.com,
February 25, 2014
Ask a Question About this Product More... |