Skip to main content

Information Security and IT Risk Management

Information Security and IT Risk Management

Manish Agrawal, Alex Campoe, Eric Pierce

ISBN: 978-1-118-33589-5 April 2014 432 Pages

 Paperback

In Stock

$154.95

Description

This new text provides students the knowledge and skills they will need to compete for and succeed in the information security roles they will encounter straight out of college.  This is accomplished by providing a hands-on immersion in essential system administration, service and application installation and configuration, security tool use, TIG implementation and reporting. 

It is designed for an introductory course on IS Security offered usually as an elective in IS departments in 2 and 4 year schools.  It is not designed for security certification courses.

Related Resources

Chapter 1: Introduction

Overview

Professional utility of information security knowledge

Brief history

Definition of information security

Summary

Example case – wikileaks, cablegate, and free reign over classified networks

Chapter review questions

Example case questions

Hands-on activity – software inspector, steganography

Critical thinking exercise: identifying CIA area(s) affected by sample real-life hacking incidents

Design case

Chapter 2: System Administration (Part 1)

Overview

Introduction

What is system administration?

System administration and information security

Common system administration tasks

System administration utilities

Summary

Example case - T J Maxx

Chapter review questions

Example case questions

Hands-on Activity – linux system installation

Critical thinking exercise – Google executives sentenced to

Prison over video

Design case

Chapter 3: System Administration (Part 2)

Overview

Operating system structure

The command-line interface

Files and Directories

Moving around the filesystem – pwd, cd

Listing files and directories

Shell Expansions

File Management

Viewing Files

Searching for fi les

Access control and user management

Access control lists

File ownership

Editing fi les

Software installation and updates

Account management

Command-line user administration

Example case – Northwest Florida State College

Summary

Chapter review questions

Example case questions

Hands-on activity–basic linux system administration

Critical thinking exercise – offensive cyber effects operations (OCEO)

Design Case

Chapter 4: The basic Information security model

Overview

Introduction

Components of the basic information security model

Common vulnerabilities, threats and controls

Example case – ILOVEYOU virus

Summary

Chapter review questions

Example case questions

Hands-on activity–web server security

Critical thinking exercise–the internet, "american values" and security

Design Case

Chapter 5: Asset Identification and Characterization

Overview

Assets overview

Determining assets that are important to the organization

Asset Types

Asset Characterization

IT asset lifecycle and asset identification

System profiling

Asset ownership and operational responsibilities

Example case–Stuxnet

Summary

Chapter review questions

Example case questions

Hands–on activity–course asset identification

Critical thinking exercise – uses of a hacked PC

Design case

Chapter 6: Threats and Vulnerabilities

Overview

Introduction

Threat models

Threat Agent

Threat Action

Vulnerabilities

Example case–Gozi

Summary

Chapter Review Questions

Example case questions

Hands-on activity–Vulnerability scanning

Critical thinking exercise–Iraq cyber war plans in 2003

Design case

Chapter 7: Encryption Controls

Overview

Introduction

Encryption basics

Encryption types overview

Encryption types details

Encryption in use

Example case – Nation technologies

Summary

Chapter review questions

Example case questions

Hands-on activity–encryption

Critical thinking exercise–encryption keys embed business models

Design case

Chapter 8: Identity and Access Management

Overview

Identity management

Access Management

Authentication

Single sign-on

Federation

Example case – markus hess

Summary

Chapter review questions

Example case questions

Hands-on activity – identity match and merge

Critical thinking exercise – feudalism the security solution for the internet?

Design case

Chapter 9: Hardware and Software Controls

Overview

Password management

Access control

Firewalls

Intrusion detection/prevention systems

Patch management for operating systems and applications

End point protection

Example case – AirTight Networks

Chapter review questions

Example case questions

Hands-on activity – host-based IDS (OSSEC)

Critical thinking exercise – extra-human security controls

Design case

Chapter 10: Shell Scripting

Overview

Introduction

Output redirection

Text manipulation

Variables

Conditionals

User input

Loops

Putting it all together

Example case–Max Butler

Summary

Chapter review questions

Example case questions

Hands-on Activity – basic scripting

Critical thinking exercise–script security

Design case

Chapter 11: Incident Handling

Introduction

Incidents overview

Incident handling

The disaster

Example case – on-campus piracy

Summary

Chapter review questions

Example case questions

Hands-on activity – incident timeline using OSSEC

Critical thinking exercise – destruction at the EDA

Design case

Chapter 12: Incident Analysis

Introduction

Log analysis

Event criticality

General log configuration and maintenance

Live Incident response

Timelines

Other forensics topics

Example case - backup server compromise

Chapter review questions

Example case questions

Hands-on activity – server log analysis

Critical thinking exercise – destruction at the EDA (contd.)

Design case

Chapter 13: Policies, Standards, and Guidelines

Introduction

Guiding principles

Writing a policy

Impact assessment and vetting

Policy review

Compliance

Key Policy Issues

Example case – H B Gary

Summary

Reference

Chapter review questions

Example case questions

Hands-on activity – create an AUP

Critical thinking exercise – aaron swartz

Design Case

Chapter 14: IT risk analysis and risk management

Overview

Introduction

Risk management as a component of organizational

management

Risk management framework

The NIST 800-39 framework

Risk assessment

Other risk management frameworks

IT general controls for sarbanes-oxley compliance

Compliance versus risk management

Selling security

Example case – online marketplace purchases

Summary

Chapter review questions

Hands-on activity – risk assessment using lsof

Critical thinking exercise – risk estimation biases

Design Case

Appendix A: Password List for the Linux Virtual Machine

Glossary

Index

  • Hands-on skills: Almost every chapter of the book will require students to dig into the black box that is a computer system using a Virtual Machine, downloadable from the BCS.  The Virtual Machine will provide a customized Linux distribution with common defects injected.  As part of their chapter exercises, students will be guided through the process of detecting and fixing these defects.
  • Information Security design case: A running case throughout the chapters will give students the opportunity to apply the skills learned in a chapter in a fictional organization. The organization will be loosely based on a typical state university.
  • Accessibility: Though the content in the book is highly technical, it is also quite accessible to virtually any student with a strong interest in technology and a willingness to learn technology. This is possible because the book is self-contained, and provides a quick introduction to background material such as IP addresses and port addresses that is necessary to complete the hands-on exercises.
  • Coverage of professionally important topics: The book focuses on skills needed by fresh college graduates entering the job market. Issues relevant to senior managers are highlighted to make students aware of the concerns of the managers they will encounter, instead of trying to help students take on senior managerial roles.
  • Relevance to practice: Two of the co-authors of the book are practicing administrators of the University of South Florida IT infrastructure. The second author of the book is the Director for Information Security at USF. In this role, he has personal responsibility for creating and implementing information security across the USF infrastructure. He also routinely hires fresh college graduates in his organization. With over 40,000 students, USF is one of the largest universities in the country, and the USF IT infrastructure is comparable in size and activity to many large IT systems. Therefore, he is in a very good position to cover topics from the perspective of a prospective recruiter of IS students.
    • The third author is the network manager with day-to-day responsibility for keeping USF’s networks running at peak performance. He is also one of the strongest technical hands on campus, with deep knowledge of protocols and products. As the network manager, he is the first to know of attacks reaching the campus, and also the frontline person responsible for preventing these attacks from causing damage on campus.
  • IS 2010 alignment: The book has been designed from the ground up to be aligned with the IS 2010 curriculum guidelines. Faculty adopting the book will be able to hit the ground running in regards to compliance with the guidelines.