did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780750673273

Information Assurance

by ;
  • ISBN13:

    9780750673273

  • ISBN10:

    0750673273

  • Format: Paperback
  • Copyright: 2002-06-03
  • Publisher: Elsevier Science
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
  • Complimentary 7-Day eTextbook Access - Read more
    When you rent or buy this book, you will receive complimentary 7-day online access to the eTextbook version from your PC, Mac, tablet, or smartphone. Feature not included on Marketplace Items.
List Price: $82.95 Save up to $0.41
  • Buy New
    $82.54
    Add to Cart Free Shipping Icon Free Shipping

    PRINT ON DEMAND: 2-4 WEEKS. THIS ITEM CANNOT BE CANCELLED OR RETURNED.

    7-Day eTextbook Access 7-Day eTextbook Access

Supplemental Materials

What is included with this book?

Summary

Written by two INFOSEC experts, this book provides a systematic and practical approach for establishing, managing and operating a comprehensive Information Assurance program. It is designed to provide ISSO managers, security managers, and INFOSEC professionals with an understanding of the essential issues required to develop and apply a targeted information security posture to both public and private corporations and government run agencies. There is a growing concern among all corporations and within the security industry to come up with new approaches to measure an organization's information security risks and posture. Information Assurance explains and defines the theories and processes that will help a company protect its proprietary information including: * The need to assess the current level of risk. * The need to determine what can impact the risk. * The need to determine how risk can be reduced. The authors lay out a detailed strategy for defining information security, establishing IA goals, providing training for security awareness, and conducting airtight incident response to system compromise. Such topics as defense in depth, configuration management, IA legal issues, and the importance of establishing an IT baseline are covered in-depth from an organizational and managerial decision-making perspective. * Experience-based theory provided in a logical and comprehensive manner. * Management focused coverage includes establishing an IT security posture, implementing organizational awareness and training, and understanding the dynamics of new technologies. * Numerous real-world examples provide a baseline for assessment and comparison.

Author Biography

Joseph G. Boyce, CISA, is a Senior Information Assurance (IA) Analyst within the Department of Defense (DoD) Dan W. Jennings has over 20 years of IT experience within the U.S. Department of Defense and has held security management positions within the U.S. European Command (USEUCOM) for the past 10 years

Table of Contents

Foreword xi
Preface xv
Acknowledgments xxi
I THE ORGANIZATIONAL IA PROGRAM: THE PRACTICAL AND CONCEPTUAL FOUNDATION 1(36)
IA and the Organization: The Challenges
3(10)
Chapter Objectives
3(1)
The Meaning and Significance of IA
3(1)
The Rights of Organizations
3(2)
The Contribution of Information and Information Technology (IT) to Achieving the Rights of Organizations
5(1)
The Emergence of New Challenges
6(5)
Summary
11(1)
References
11(2)
Basic Security Concepts, Principles, and Strategy
13(24)
Chapter Objectives
13(1)
Basic Security Concepts and Principles
13(17)
Basic Security Strategy
30(5)
Summary
35(1)
References
35(2)
II DEFINING THE ORGANIZATION'S CURRENT IA POSTURE 37(48)
Determining the Organization's IA Baseline
39(14)
Chapter Objectives
39(1)
Information Assurance Elements
39(13)
Summary
52(1)
References
52(1)
Determining IT Security Priorities
53(14)
Chapter Objectives
53(1)
Identifying Your Security Protection Priorities
53(11)
Measuring the Accomplishment of Organizational IA Needs
64(1)
Summary
65(1)
References
65(2)
The Organization's IA Posture
67(18)
Chapter Objectives
67(1)
Introduction
67(3)
The Process for Determining Organizational IA Posture
70(12)
Summary
82(1)
References
83(2)
III ESTABLISHING AND MANAGING AN IA DEFENSE IN DEPTH STRATEGY WITHIN AN ORGANIZATION 85(116)
Layer 1: IA Policies
87(8)
Chapter Objectives
87(1)
The Concept of Policy
87(1)
The Intent and Significance of IA Policies
88(2)
The Mechanics of Developing, Communicating, and Enforcing IA Policies
90(3)
Summary
93(1)
References
93(2)
Layer 2: IA Management
95(18)
Chapter Objectives
95(1)
Establishing an IA Management Program
95(12)
Managing IA
107(3)
Summary
110(1)
References
110(3)
Layer 3: IA Architecture
113(32)
Chapter Objectives
113(1)
The Objectives of the IA Architecture
113(1)
Knowledge Required to Design the IA Architecture
114(11)
The Design of the Organization's IA Architecture
125(11)
Allocation of Security Services and Security Mechanisms
136(6)
The Implementation of the Organization's IA Architecture
142(1)
Summary
143(1)
References
143(2)
Layer 4: Operational Security Administration
145(8)
Chapter Objectives
145(1)
Administering Information Systems Security
145(6)
Summary
151(1)
References
152(1)
Layer 5: Configuration Management
153(10)
Chapter Objectives
153(1)
The Necessity of Managing Changes to the IA Baseline
153(1)
Configuration Management: An Approach for Managing IA Baseline Changes
154(7)
Summary
161(1)
References
162(1)
Layer 6: Life-Cycle Security
163(8)
Chapter Objectives
163(1)
Security Throughout the System Life Cycle
163(7)
Summary
170(1)
Reference
170(1)
Layer 7: Contingency Planning
171(4)
Chapter Objectives
171(1)
Planning for the Worst
171(3)
Summary
174(1)
Reference
174(1)
Layer 8: IA Education, Training, and Awareness
175(6)
Chapter Objectives
175(1)
The Importance of IA Education, Training, and Awareness
175(1)
Implementation of Organizational IA Education, Training, and Awareness
176(3)
Summary
179(1)
References
179(2)
Layer 9: IA Policy Compliance Oversight
181(8)
Chapter Objective
181(1)
The Necessity of IA Policy Compliance Oversight
181(1)
The Implementers of IA Policy Compliance Oversight
181(1)
Mechanisms of IA Policy Compliance Oversight
182(5)
Summary
187(1)
References
188(1)
Layer 10: IA Incident Response
189(8)
Chapter Objectives
189(1)
Reacting and Responding to IA Incidents
189(6)
Summary
195(1)
References
196(1)
Layer 11: IA Reporting
197(4)
Chapter Objectives
197(1)
The Definition of Formal IA Reporting
197(1)
The Development of an IA Reporting Structure and Process
197(3)
Summary
200(1)
References
200(1)
APPENDICES 201(54)
Appendix A: Listing of IA Threats
203(6)
Threat Category
203(4)
Definitions
207(1)
Reference
208(1)
Appendix B: Listing of Threat Statuses
209(2)
Appendix C: Listing of Major Sources of Vulnerability Information
211(2)
General Sources of Vulnerability Information
211(1)
Vendor-Specific Security Information
211(1)
Vendor-Specific Security Patches
212(1)
Appendix D: IA Policy Web Sites
213(2)
Appendix E: IA Policy Basic Structure and Major Policy Subjects
215(6)
Basic Structure
215(1)
Major Policy Subjects
215(6)
Appendix F: Sample IA Manager Appointment Letter
221(2)
Appendix G: Sample Outline for IA Master Plan
223(2)
Appendix H: Things to Do to Improve Organizational IA Posture
225(4)
Life-Cycle Management
225(1)
Password and Access Controls
225(1)
System Auditing and Monitoring
226(1)
Security Operations/Management
226(1)
Configuration Management
227(1)
Contingency Planning
227(1)
Incident Response and Handling
227(2)
Appendix I: Information Assurance Self-Inspection Checklist
229(22)
Appendix J: Sample Outline for a Disaster Recovery Plan (DRP)
251(2)
References
252(1)
Appendix K: Sample Threat Response Matrix
253(2)
About the Authors 255(2)
Index 257

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program