Final Project

sepola
table4-3.html
Home>Computer Science homework help>Final Project
eTextbook: Management of Information Sec...
  • descriptionCover Page
  • descriptionTitle Page
  • descriptionCopyright Page
  • descriptionPreface
  • descriptionAuthor Team
  • descriptionAcknowledgments
  • descriptionOur Commitment
  • descriptionForeword
  • keyboard_arrow_rightChapter 1. Introduction to the Management of Infor...1
    • descriptionIntroduction to Security3
    • descriptionCNSS Security Model5
    • keyboard_arrow_rightThe Value of Information and the C.I.A. Triad7
      • descriptionConfidentiality8
      • descriptionIntegrity
      • descriptionAvailability
      • descriptionPrivacy9
      • descriptionIdentification
      • descriptionAuthentication
      • descriptionAuthorization
      • descriptionAccountability
    • descriptionKey Concepts of Information Security: Threats and ...10
    • keyboard_arrow_rightThe 12 Categories of Threats
      • descriptionCompromises to Intellectual Property12
      • descriptionDeviations in Quality of Service14
      • descriptionEspionage or Trespass15
      • descriptionForces of Nature19
      • descriptionHuman Error or Failure20
      • descriptionInformation Extortion
      • descriptionSabotage or Vandalism22
      • descriptionSoftware Attacks23
      • descriptionTechnical Hardware Failures or Errors
      • descriptionTechnical Software Failures or Errors29
      • descriptionTechnological Obsolescence34
      • descriptionTheft
      • descriptionSome or All of the Above35
    • descriptionWhat Is Management?36
    • keyboard_arrow_rightBehavioral Types of Leaders
      • descriptionManagement Characteristics37
      • descriptionPlanning38
      • descriptionOrganizing
      • descriptionLeading
      • descriptionControlling39
      • descriptionGovernance40
      • descriptionSolving Problems
      • descriptionStep 1: Recognize and Define the Problem
      • descriptionStep 2: Gather Facts and Make Assumptions
      • descriptionStep 3: Develop Possible Solutions41
      • descriptionStep 4: Analyze and Compare Possible Solutions
      • descriptionStep 5: Select, Implement, and Evaluate
    • keyboard_arrow_rightPrinciples of Information Security Management42
      • descriptionPlanning43
      • descriptionPolicy
      • descriptionPrograms
      • descriptionProtection44
      • descriptionPeople
      • descriptionProjects45
    • descriptionChapter Summary46
    • descriptionReview Questions47
    • descriptionExercises48
    • descriptionClosing Case49
  • keyboard_arrow_rightChapter 2. Compliance: Law and Ethics52
    • keyboard_arrow_rightInfoSec and the Law53
      • descriptionTypes of Law54
      • descriptionRelevant U.S. Laws55
      • descriptionInternational Laws and Legal Bodies72
      • descriptionState and Local Regulations73
      • descriptionPolicy versus Law
    • keyboard_arrow_rightEthics in InfoSec76
      • descriptionEthics and Education80
      • descriptionDeterring Unethical and Illegal Behavior83
    • keyboard_arrow_rightProfessional Organizations and Their Codes of Cond...
      • descriptionAssociation for Computing Machinery (ACM)
      • descriptionInternational Information Systems Security Certifi...84
      • descriptionSANS85
      • descriptionInformation Systems Audit and Control Association ...
      • descriptionInformation Systems Security Association (ISSA)86
    • keyboard_arrow_rightOrganizational Liability and the Need for Counsel87
      • descriptionKey Law Enforcement Agencies88
    • descriptionChapter Summary90
    • descriptionReview Questions91
    • descriptionExercises92
    • descriptionClosing Case93
  • keyboard_arrow_rightChapter 3. Governance and Strategic Planning for S...98
    • keyboard_arrow_rightThe Role of Planning100
      • descriptionPrecursors to Planning101
    • keyboard_arrow_rightStrategic Planning103
      • descriptionCreating a Strategic Plan
      • descriptionPlanning Levels105
      • descriptionPlanning and the CISO106
    • keyboard_arrow_rightInformation Security Governance108
      • descriptionThe ITGI Approach to Information Security Governan...109
      • descriptionNCSP Industry Framework for Information Security G...111
      • descriptionCERT Governing for Enterprise Security Implementat...113
      • descriptionISO/IEC 27014:2013 Governance of Information Secur...115
      • descriptionSecurity Convergence117
    • keyboard_arrow_rightPlanning for Information Security Implementation119
      • descriptionIntroduction to the Security Systems Development L...124
    • descriptionChapter Summary134
    • descriptionReview Questions135
    • descriptionExercises
    • descriptionClosing Case136
  • keyboard_arrow_downChapter 4. Information Security Policy140
    • keyboard_arrow_rightWhy Policy?141
      • descriptionPolicy, Standards, and Practices145
    • keyboard_arrow_rightEnterprise Information Security Policy
      • descriptionIntegrating an Organization’s Mission and Objectiv...
      • descriptionEISP Elements147
      • descriptionExample EISP Elements148
    • keyboard_arrow_downIssue-Specific Security Policy152
      • descriptionElements of the ISSP153
      • descriptionImplementing the ISSP155
    • keyboard_arrow_rightSystem-Specific Security Policy
      • descriptionManagerial Guidance SysSPs158
      • descriptionTechnical Specification SysSPs159
    • keyboard_arrow_rightGuidelines for Effective Policy Development and Im...163
      • descriptionDeveloping Information Security Policy
      • descriptionPolicy Distribution
      • descriptionPolicy Reading164
      • descriptionPolicy Comprehension165
      • descriptionPolicy Compliance
      • descriptionPolicy Enforcement166
      • descriptionPolicy Development and Implementation Using the Se...167
      • descriptionAutomated Tools171
      • descriptionOther Approaches to Information Security Policy De...172
      • descriptionSP 800-18, Rev. 1: Guide for Developing Security P...174
    • descriptionA Final Note on Policy
    • descriptionChapter Summary176
    • descriptionReview Questions177
    • descriptionExercises178
    • descriptionClosing Case179
  • keyboard_arrow_rightChapter 5. Developing the Security Program
    • keyboard_arrow_rightOrganizing for Security
      • descriptionSecurity in Large Organizations
      • descriptionSecurity in Medium-Sized Organizations
      • descriptionSecurity in Small Organizations
    • descriptionPlacing Information Security Within an Organizatio...
    • descriptionComponents of the Security Program
    • keyboard_arrow_rightInformation Security Roles and Titles
      • descriptionChief Information Security Officer
      • descriptionConvergence and the Rise of the True CSO
      • descriptionSecurity Managers
      • descriptionSecurity Administrators and Analysts
      • descriptionSecurity Technicians
      • descriptionSecurity Staffers and Watchstanders
      • descriptionSecurity Consultants
      • descriptionSecurity Officers and Investigators
      • descriptionHelp Desk Personnel
    • keyboard_arrow_rightImplementing Security Education, Training, and Awa...
      • descriptionSecurity Education
      • descriptionSecurity Training
      • descriptionTraining Techniques
      • descriptionSecurity Awareness
    • keyboard_arrow_rightProject Management in Information Security
      • descriptionProjects versus Processes
      • descriptionPMBOK Knowledge Areas
      • descriptionProject Management Tools
    • descriptionChapter Summary
    • descriptionReview Questions
    • descriptionExercises
    • descriptionClosing Case
  • keyboard_arrow_rightChapter 6. Risk Management: Identifying and Assess...250
    • keyboard_arrow_rightIntroduction to Risk Management251
      • descriptionKnowing Yourself252
      • descriptionKnowing the Enemy
      • descriptionAccountability for Risk Management253
    • keyboard_arrow_rightRisk Identification254
      • descriptionIdentification and Prioritization of Information A...255
      • descriptionThreat Assessment264
      • descriptionThe TVA Worksheet271
    • keyboard_arrow_rightRisk Assessment and Risk Appetite
      • descriptionAssessing Risk274
      • descriptionLikelihood
      • descriptionAssessing Potential Impact on Asset Value (Consequ...275
      • descriptionPercentage of Risk Mitigated by Current Controls
      • descriptionUncertainty
      • descriptionRisk Determination276
      • descriptionLikelihood and Consequences278
      • descriptionDocumenting the Results of Risk Assessment279
      • descriptionRisk Appetite281
    • descriptionChapter Summary282
    • descriptionReview Questions283
    • descriptionExercises284
    • descriptionClosing Case285
  • keyboard_arrow_rightChapter 7. Risk Management: Controlling Risk288
    • keyboard_arrow_rightIntroduction to Risk Control289
      • descriptionRisk Control Strategies290
      • descriptionDefense
      • descriptionTransference291
      • descriptionMitigation
      • descriptionAcceptance293
      • descriptionTermination
    • keyboard_arrow_rightManaging Risk295
      • descriptionFeasibility and Cost–Benefit Analysis298
      • descriptionOther Methods of Establishing Feasibility304
      • descriptionAlternatives to Feasibility Analysis306
    • keyboard_arrow_rightRecommended Risk Control Practices308
      • descriptionQualitative and Hybrid Measures
      • descriptionDelphi Technique309
      • descriptionThe OCTAVE Methods310
      • descriptionMicrosoft Risk Management Approach311
      • descriptionFAIR312
      • descriptionISO 27005 Standard for InfoSec Risk Management313
      • descriptionNIST Risk Management Model314
      • descriptionOther Methods
      • descriptionSelecting the Best Risk Management Model317
    • descriptionChapter Summary318
    • descriptionReview Questions319
    • descriptionExercises320
    • descriptionClosing Case322
  • keyboard_arrow_rightChapter 8. Security Management Models325
    • descriptionIntroduction to Blueprints, Frameworks, and Securi...326
    • keyboard_arrow_rightAccess Control Models327
      • descriptionCategories of Access Controls328
      • descriptionOther Forms of Access Control334
    • keyboard_arrow_rightSecurity Architecture Models
      • descriptionTrusted Computing Base335
      • descriptionInformation Technology System Evaluation Criteria
      • descriptionThe Common Criteria337
    • keyboard_arrow_rightAcademic Access Control Models
      • descriptionBell-LaPadula Confidentiality Model338
      • descriptionBiba Integrity Model339
      • descriptionClark-Wilson Integrity Model340
      • descriptionGraham-Denning Access Control Model
      • descriptionHarrison-Ruzzo-Ullman Model
      • descriptionBrewer-Nash Model (Chinese Wall)341
    • keyboard_arrow_rightOther Security Management Models
      • descriptionThe ISO 27000 Series342
      • descriptionNIST Security Publications346
      • descriptionControl Objectives for Information and Related Tec...352
      • descriptionCommittee of Sponsoring Organizations355
      • descriptionInformation Technology Infrastructure Library
      • descriptionInformation Security Governance Framework356
    • descriptionChapter Summary358
    • descriptionReview Questions359
    • descriptionExercises360
    • descriptionClosing Case
  • keyboard_arrow_rightChapter 9. Security Management Practices364
    • keyboard_arrow_rightIntroduction to Security Practices
      • descriptionBenchmarking365
      • descriptionStandards of Due Care/Due Diligence366
      • descriptionSelecting Recommended Practices369
      • descriptionLimitations to Benchmarking and Recommended Practi...370
      • descriptionBaselining371
      • descriptionSupport for Benchmarks and Baselines372
    • keyboard_arrow_rightPerformance Measurement in InfoSec Management
      • descriptionInfoSec Performance Management374
      • descriptionBuilding the Performance Measurement Program377
      • descriptionSpecifying InfoSec Measurements378
      • descriptionCollecting InfoSec Measurements379
      • descriptionImplementing InfoSec Performance Measurement382
      • descriptionReporting InfoSec Performance Measurements385
    • keyboard_arrow_rightTrends in Certification and Accreditation386
      • descriptionNIST SP 800-37, Rev. 1: Guide for Applying the Ris...387
    • descriptionChapter Summary392
    • descriptionReview Questions393
    • descriptionExercises
    • descriptionClosing Case394
  • keyboard_arrow_rightChapter 10. Planning for Contingencies398
    • keyboard_arrow_rightIntroduction to Contingency Planning399
      • descriptionFundamentals of Contingency Planning401
      • descriptionComponents of Contingency Planning405
      • descriptionBusiness Impact Analysis406
      • descriptionContingency Planning Policies412
    • keyboard_arrow_rightIncident Response
      • descriptionGetting Started413
      • descriptionIncident Response Policy414
      • descriptionIncident Response Planning415
      • descriptionDetecting Incidents420
      • descriptionReacting to Incidents423
      • descriptionRecovering from Incidents425
    • keyboard_arrow_rightDisaster Recovery432
      • descriptionThe Disaster Recovery Process434
      • descriptionDisaster Recovery Policy435
      • descriptionDisaster Classification436
      • descriptionPlanning to Recover438
      • descriptionResponding to the Disaster
      • descriptionSimple Disaster Recovery Plan439
    • keyboard_arrow_rightBusiness Continuity444
      • descriptionBusiness Continuity Policy445
      • descriptionContinuity Strategies447
      • descriptionTiming and Sequence of CP Elements448
    • descriptionCrisis Management450
    • descriptionBusiness Resumption451
    • keyboard_arrow_rightTesting Contingency Plans454
      • descriptionFinal Thoughts on CP455
    • keyboard_arrow_rightManaging Investigations in the Organization456
      • descriptionDigital Forensics Team
      • descriptionAffidavits and Search Warrants457
      • descriptionDigital Forensics Methodology458
      • descriptionEvidentiary Policy and Procedures461
      • descriptionLaw Enforcement Involvement462
    • descriptionChapter Summary463
    • descriptionReview Questions465
    • descriptionExercises466
    • descriptionClosing Case467
  • keyboard_arrow_rightChapter 11. Personnel and Security470
    • keyboard_arrow_rightIntroduction to Personnel and Security
      • descriptionStaffing the Security Function472
      • descriptionInformation Security Positions474
    • keyboard_arrow_rightInformation Security Professional Credentials
      • description(ISC)2 Certifications486
      • descriptionISACA Certifications490
      • descriptionGIAC Certifications493
      • descriptionEC-Council Certifications494
      • descriptionCompTIA Certifications496
      • descriptionISFCE Certifications497
      • descriptionCertification Costs498
      • descriptionEntering the Information Security Profession499
    • keyboard_arrow_rightEmployment Policies and Practices501
      • descriptionHiring502
      • descriptionContracts and Employment504
      • descriptionSecurity as Part of Performance Evaluation
      • descriptionTermination Issues505
      • descriptionPersonnel Security Practices507
      • descriptionSecurity of Personnel and Personal Data
      • descriptionSecurity Considerations for Temporary Employees, C...508
    • descriptionChapter Summary514
    • descriptionReview Questions515
    • descriptionExercises
    • descriptionClosing Case516
  • keyboard_arrow_rightChapter 12. Protection Mechanisms523
    • keyboard_arrow_rightIntroduction to Protection Mechanisms524
      • descriptionAccess Controls and Biometrics525
    • keyboard_arrow_rightManaging Network Security533
      • descriptionFirewalls534
      • descriptionIntrusion Detection and Prevention Systems545
      • descriptionRemote Access Protection549
      • descriptionWireless Networking Protection552
      • descriptionScanning and Analysis Tools555
      • descriptionManaging Server-Based Systems with Logging559
    • keyboard_arrow_rightCryptography564
      • descriptionEncryption Operations566
      • descriptionUsing Cryptographic Controls573
      • descriptionManaging Cryptographic Controls577
    • descriptionChapter Summary579
    • descriptionReview Questions580
    • descriptionExercises581
    • descriptionClosing Case582
  • descriptionAppendix584
Jump to Page Go menueTextbook: Management of Information Securitymenu_openeTextbook: Management of Information Securityhelp_outlineQuick Tour printPrint searchSearch bookAnnotations text_fieldsAccessibilitycloseAccessibility options Font SizeA
    A Text FontDefault Open Sans Lucida Sans Unicode Tahoma Trebuchet MS Georgia Verdana Times New Roman Arial sans-serif Segoe UI Background Color

    Default

    Normal

    Sepia

    Black

    Read Aloud

    Listen to this page

    replay_5 play_circle_filled forward_5 stop

    Reading speed

    Slow Normal Fast

    Voice

    Male - Australia Male - United Kingdom Female - United States Male - United States bookmark_borderBookmark more_vertTerms and Conditions Privacy Policy Help & Support keyboard_arrow_leftPrevious pageIssue-Specific Security Policy Next pageImplementing the ISSPkeyboard_arrow_right replay_5 play_circle_filled forward_5 stop cancel