Hilfe Warenkorb Konto Anmelden
 
 
   Schnellsuche   
     zur Expertensuche                      
Information Assurance - Security in the Information Environment
  Großes Bild
 
Information Assurance - Security in the Information Environment
von: Andrew Blyth, Gerald L. Kovacich
Springer-Verlag, 2006
ISBN: 9781846284892
264 Seiten, Download: 1497 KB
 
Format:  PDF
geeignet für: Apple iPad, Android Tablet PC's Online-Lesen PC, MAC, Laptop

Typ: A (einfacher Zugriff)

 

 
eBook anfordern
Inhaltsverzeichnis

  Second Edition Dedications 6  
  Quotations 7  
  Foreword 8  
  Second Edition Preface 10  
  Acknowledgements 14  
  Contents 15  
  Section 1 An Introduction to Information Assurance 16  
     1 What is Information Assurance? 17  
        1.1 Information Assurance and Its Subset: Information Security 17  
           1.1.1 Interruption, Interception, Modification and Fabrication 18  
           1.1.2 Information Assurance in Context 19  
        1.2 Information Warfare 21  
           1.2.1 Perspectives on Information Warfare 23  
           1.2.2 Nature of the Threat 24  
        1.3 Information Operations 25  
           1.3.1 The Physical Level 26  
           1.3.2 The Information Structure Level 27  
           1.3.3 Perceptual Level 27  
        1.4 Summary 29  
     2 The World of Information 30  
        2.1 What is Information? 30  
        2.2 Properties of Information 30  
        2.3 Information and Competitive Advantage 31  
           2.3.1 Proprietary Advantage 32  
           2.3.2 One-Step Ahead 32  
           2.3.3 Discontinuity 32  
           2.3.4 Implementation 33  
        2.4 Birth of the Internet and Cyber-Crime 33  
        2.5 Power of Information 35  
        2.6 Consumer-Provider Model of Information Usage 37  
           2.6.1 Generation, Validation and Propagation 38  
           2.6.2 Acquisition, Integration and Selection 38  
        2.7 Intelligence Model of Information Usage 39  
        2.8 Summary 41  
     3 The Theory of Risks 42  
        3.1 Threats, Vulnerabilities and Risks 42  
        3.2 Threats and Threat Agents 42  
           3.2.1 The Natural Threat Agents 45  
           3.2.2 The Unintentional Threat Agents 45  
           3.2.3 The Intentional Threat Agents 46  
        3.3 Threat Components Applying to Malicious Threats 48  
           3.3.1 Threat Agent 48  
           3.3.2 Capability 49  
           3.3.3 Threat Inhibitors 49  
           3.3.4 Threat Amplifiers 50  
           3.3.5 Threat Catalysts 51  
           3.3.6 Threat Agent Motivators 51  
        3.4 Vulnerabilities 52  
        3.5 Risk and Risk Management 57  
           3.5.1 Threat Matrix 60  
           3.5.2 Risk Management 61  
           3.5.3 Five Principles of Risk Management 61  
           3.5.4 Sixteen Successful Practices 61  
        3.6 Summary 64  
     4 The Information World of Crime 65  
        4.1 Introduction 65  
        4.2 Information Systems and Crime 66  
        4.3 Modus Operandi 67  
        4.4 Information Systems Crime Adversarial Matrix 68  
           4.4.1 Organisational Characteristics 69  
           4.4.2 Operational Characteristics 69  
           4.4.3 Behavioural Characteristics 70  
           4.4.4 Resource Characteristics 70  
        4.5 Motives of the Cyber Criminal 71  
           4.5.1 Power Assurance (aka Compensatory) 71  
           4.5.2 Power Assertive (aka Entitlement) 73  
           4.5.3 Anger Retaliatory 74  
           4.5.4 Sadistic 75  
           4.5.5 Profit Oriented 75  
        4.6 A Model of Information SystemsÌ Intrusions 76  
           4.6.1 Target Identification 77  
           4.6.2 Motivational Factors 78  
           4.6.3 Choice Criteria 79  
           4.6.4 Target Selection and Intelligence 79  
           4.6.5 Open Source Intelligence 80  
           4.6.6 Topology 81  
           4.6.7 The Deployment Decision 81  
           4.6.8 Vulnerability Management 81  
        4.7 Summary 82  
     5 IA Trust and Supply Chains 83  
        5.1 Introduction 83  
        5.2 Developing a Conceptual Model of Trust 84  
           5.2.1 NICE Model of Trust 85  
           5.2.2 Trust Footprint 87  
        5.3 Supply Chains 88  
        5.4 Analysis of Supply Chains 92  
           5.4.1 Primary Activities 93  
           5.4.2 Support Activities 94  
           5.4.3 Industry Value Chain Showing Strategic Alliances Between Organisations 94  
        5.5 Summary 96  
     6 Basic IA Concepts and Models 97  
        6.1 Introduction 97  
        6.2 IA Goals and Objectives 98  
        6.3 Three Basic Concepts 98  
           6.3.1 Access Controls 98  
           6.3.2 Individual Accountability 99  
           6.3.3 Audit Trails 100  
        6.4 The Information Value Model 101  
           6.4.1 Valuing Information 101  
           6.4.2 How to Determine the Value of Corporate Information 101  
           6.4.3 The Value of Information 102  
        6.5 Three Basic Categories of Information 103  
           6.5.1 Personal, Private Information 103  
           6.5.2 Business Information 104  
        6.6 Determining Information Value Considerations 105  
           6.6.1 Questions to Ask When Considering Information Value 106  
        6.7 Another View of Information Valuation 107  
           6.7.1 The Information Environment 107  
           6.7.2 Value of Information 108  
        6.8 The Need-To-Know Model 108  
        6.9 The Confidentiality-Integrity-Availability Model 110  
           6.9.1 Confidentiality 110  
           6.9.2 Integrity 110  
           6.9.3 Availability 110  
        6.10 The Protect-Detect-React-Deter Model 111  
           6.10.1 Protect 111  
           6.10.2 Detect 111  
           6.10.3 Case Example Ò Do not Rush to Judgement 113  
           6.10.4 React 114  
           6.10.5 Deter 115  
           6.10.6 Questions and Some Answers to Think About 115  
        6.11 IA Success Considerations 116  
        6.12 Summary 116  
     7 The Role of Policy in Information Assurance 117  
        7.1 Introduction 117  
        7.2 A Model of Policy Development 117  
        7.3 Types of IA Policies 118  
        7.4 Acceptable Usage Policy 120  
        7.5 Summary 121  
  Section 2 IA in the World of Corporations 122  
     8 The Corporate Security Officer 123  
        8.1 A Short History of the World of Corporate Security 123  
        8.2 The Corporate Security Officer 126  
        8.3 Corporate Security Duties and Responsibilities 127  
        8.4 Corporate Security Support Tools and Processes 128  
        8.5 The More Things Change the More They Don´t 129  
        8.6 Information Assurance: Whose Responsibility Is It? 130  
        8.7 Is IA a Corporate Security Responsibility? 131  
        8.8 Summary 133  
     9 Corporate Security Functions 134  
        9.1 Introduction 134  
        9.2 Corporate Security IA-Related Functions 135  
           9.2.1 Evaluate Current Security Requirements 135  
           9.2.2 Corporate Security Plan 136  
           9.2.3 Management Direction for Security Activities 136  
           9.2.4 Interface with Other Directors 137  
           9.2.5 Comply with Contractual, Customer and Regulatory Requirements 137  
           9.2.6 Corporate-Wide InfoSec Program 138  
           9.2.7 Corporate-Wide Crisis Management Program 138  
           9.2.8 Establish Common Security Processes 139  
           9.2.9 Provide Productive and Safe Working Environment 139  
           9.2.10 Corporate Security Measurement System 139  
           9.2.11 Common Managerial Accountabilities 140  
           9.2.12 Physically Secure Environment 140  
           9.2.13 Government Compliance Requirements 142  
           9.2.14 Corporate Management Guidance 142  
           9.2.15 Security Liaison Activities 143  
           9.2.16 Co-ordinate Corporate Security Policies and Procedures 143  
           9.2.17 Corporate-Wide Contingency Plan 144  
           9.2.18 Corporate Crisis Management Room 145  
           9.2.19 Corporate-Wide Security Measurement System 145  
           9.2.20 Law Enforcement Liaison 145  
           9.2.21 Chair Corporate Security Council 145  
           9.2.22 Corporate Security Policy and Procedures 146  
           9.2.23 CSO as IA Leader 147  
        9.3 Summary 147  
     10 IA in the Interest of National Security 148  
        10.1 Introduction 148  
           10.1.1 IA: A Definition 149  
           10.1.2 Levels of Protection 150  
           10.1.3 System Assurance 150  
        10.2 National Security Classified Information 150  
           10.2.1 An Example of National Security Information Impact 153  
        10.3 IA Requirements in the National Security Arena 153  
           10.3.1 IA Objective in the National Security Environment 155  
           10.3.2 Responsibilities 155  
           10.3.3 Collective IA Controls 156  
           10.3.4 Government Customer Approval Process 156  
           10.3.5 AIS Modes of Operation 157  
           10.3.6 The Appointment of the Defence Industry-Related CorporationÌs Focal Point for IA 158  
           10.3.7 Documenting and Gaining Government Customer Approval for Processing, Storing and Transmitting National Security Information 158  
        10.4 Summary 160  
        A Case Study 161  
     11 The Corporate IA Officer 165  
        11.1 The Corporate Information Assurance Officer1 165  
           11.1.1 CIAO Position 166  
           11.1.2 CIAO Duties and Responsibilities 166  
           11.1.3 Goals and Objectives 168  
           11.1.4 Leadership Position 169  
           11.1.5 Vision, Mission and Quality Statements 171  
        11.2 Summary 173  
     12 IA Organisational Functions 174  
        12.1 Determining Major IA Functions 174  
        12.2 IA Functions and Process Development 177  
           12.2.1 IA Requirements Function 177  
           12.2.2 IA Policy Function 178  
           12.2.3 IA Procedures Function 179  
           12.2.4 Systems IA Architecture Function 180  
           12.2.5 IA Awareness and Training Function 180  
           12.2.6 Access Control and Audit Records Analyses Functions 182  
           12.2.7 Evaluation of all Hardware, Firmware and Software Functions 184  
           12.2.8 Applying Risk Management Principles and Establishing a Risk Management Function 186  
           12.2.9 IA Tests and Evaluations Function 187  
           12.2.10 IA Non-Compliance Inquiries Process 188  
           12.2.11 IA Contingency Planning and Disaster Recovery Function 189  
        12.3 Summary 192  
     13 Incident Management and Response 194  
        13.1 Incident Triage 196  
        13.2 Incident Coordination 196  
        13.3 Incident Resolution 197  
        13.4 Proactive Activities 197  
           13.4.1 Information Provision and Sharing 197  
           13.4.2 Security Tools 198  
           13.4.3 Education and Training 198  
           13.4.4 Product and Services Evaluation 199  
           13.4.5 Site Security Auditing 199  
  Section 3 Technical Aspects of IA 200  
     14 IA and Software 201  
        14.1 Operating Systems and Trusted Systems 201  
           14.1.1 Security Policies 201  
           14.1.2 Models of Security 202  
           14.1.3 Security Methods of Operating Systems 204  
           14.1.4 Typical Operating System Flaws 205  
        14.2 Databases and Database Security 205  
           14.2.1 Physical Database Integrity 206  
           14.2.2 Logical Database Integrity 207  
           14.2.3 Element Integrity 208  
           14.2.4 Access Control 209  
           14.2.5 Auditability 210  
           14.2.6 User Authentication 210  
           14.2.7 Availability 211  
           14.2.8 Database Case Study 211  
        14.3 Application Software 212  
           14.3.1 Malicious Code 212  
           14.3.2 Viruses 217  
           14.3.3 Bots and Bot-Nets 218  
        14.4 Digital Tradecraft 219  
           14.4.1 Digital Tradecraft Defined 219  
           14.4.2 Digital Dead Drop 220  
        14.5 Steganography 221  
        14.6 Summary 222  
     15 Applying Cryptography to IA 223  
        15.1 Principles of Encryption 223  
        15.2 Symmetric Ciphers 225  
        15.3 Asymmetric Ciphers 225  
        15.4 Digital Signatures and Certificates 226  
        15.5 Key Management and Key Distribution 229  
        15.6 Summary 231  
     16 IA Technology Security 232  
        16.1 Biometrics 232  
           16.1.1 The Role and Function of Biometrics 232  
           16.1.2 Analysis of Basic Biometric Models 233  
           16.1.3 Fingerprint Verification 234  
           16.1.4 Iris Analysis 235  
           16.1.5 Facial Analysis 236  
           16.1.6 Hand Geometry 236  
           16.1.7 Speech Analysis 237  
           16.1.8 Hand-Written Signature Verification 237  
           16.1.9 Threats and Risks to Biometrics 238  
        16.2 EMP Weapons and HERF Guns 239  
        16.3 TEMPEST 239  
        16.4 Closed Circuit Television 241  
        16.5 Microsoft and Network Security 243  
        16.6 Summary 244  
     17 Security Standards 245  
        17.1 BS7799 and ISO17799 245  
        17.2 ISO13335 247  
        17.3 Common Criteria 248  
        17.4 Summary 250  
  Section 4 The Future and Final Comments 251  
     18 The Future, Conclusions and Comments 252  
        18.1 Information Assurance: Getting There 252  
           18.1.1 The New Threat of Terrorism 253  
        18.2 Welcome to the World of Constant Change 254  
           18.2.1 Changes in Societies 254  
           18.2.2 Economic, Global Competition 256  
           18.2.3 Technology 257  
           18.2.4 The IA Professional 260  
        18.3 Summary 261  
  Biography 262  
  Index 264  


nach oben


  Mehr zum Inhalt
Kapitelübersicht
Kurzinformation
Inhaltsverzeichnis
Leseprobe
Blick ins Buch
Fragen zu eBooks?

  Medientyp
  eBooks
  eJournal
  alle

  Navigation
Belletristik / Romane
Computer
Geschichte
Kultur
Medizin / Gesundheit
Philosophie / Religion
Politik
Psychologie / Pädagogik
Ratgeber
Recht
Reise / Hobbys
Sexualität / Erotik
Technik / Wissen
Wirtschaft

  Info
Hier gelangen Sie wieder zum Online-Auftritt Ihrer Bibliothek
© 2008-2020 ciando GmbH | Impressum | Kontakt | F.A.Q. | Datenschutz