Description

Most introductory texts provide a technology-based survey of methods and techniques that leaves the reader without a clear understanding of the interrelationships between methods and techniques. By providing a strategy-based introduction, the reader is given a clear understanding of how to provide overlapping defenses for critical information. This understanding provides a basis for engineering and risk-management decisions in the defense of information.

Information security is a rapidly growing field, with a projected need for thousands of professionals within the next decade in the government sector alone. It is also a field that has changed in the last decade from a largely theory-based discipline to an experience-based discipline. This shift in the field has left several of the classic texts with a strongly dated feel.

Key Features

  • Provides a broad introduction to the methods and techniques in the field of information security
  • Offers a strategy-based view of these tools and techniques, facilitating selection of overlapping methods for in-depth defense of information
  • Provides very current view of the emerging standards of practice in information security

Readership

Students in Intro to Security courses, Network and System Administrators, IT Professionals

Table of Contents

Acknowledgments

Legal Acknowledgments

Introduction

Approach of this Book

Classroom Use

Support Materials

Chapter 1. Motivation and Security Definitions

Information in this chapter

Introduction

Information Security and its Motivation

Terminology: Vulnerabilities of Software, Exploits, Malware, Intrusions, and Controls

Security Risk Management

How to use this Book

Summary

References

Chapter Review Questions

Chapter Exercises

Chapter 2. Strategies and Security

Information in this chapter

Introduction

Security Strategies

Attack Strategies

Defense Strategies

Security Controls

Summary

References

Chapter Review Questions

Chapter Exercises

Part 1: Deception

Chapter 3. Deception Strategies: Networks, Organization, and Structures

Information in this chapter

Introduction

How the Internet Works

Deception and Network Organization

Outsourcing

Application Hosting

Dynamic Addressing

Summary

Chapter Review Questions

Chapter Exercises

References

Chapter 4. Deception Strategies: Defensive Technologies

Information in this chapter

Introduction

Internet Protocols

Proxies and Gateways

Honeypots and Honeynets

Tarpits

Virtual Hosts

Summary

References

Chapter Review Questions

Chapter Exercises

Part 2: Frustration

Chapter 5. Frustration Strategies: Technical Controls

Information in this chapter

Introduction

Minimization Goals and Objectives

Asymmetry in Information Security

Host Hardening

Network Devices and Minimization

Network Architecture and Frustration

Summary

References

Chapter Rev

Details

No. of pages:
382
Language:
English
Copyright:
© 2014
Published:
Imprint:
Syngress
eBook ISBN:
9781597499729
Print ISBN:
9781597499699

About the authors

Timothy Shimeall

Dr. Timothy Shimeall is an Adjunct Professor of the Heinz College of Carnegie Mellon University, with teaching and research interests focused in the area of information survivability. He is an active instructor in information security management and information warfare, and has led a variety of survivability-related independent studies. Tim is also a senior member of the technical staff with the CERT Network Situational Awareness Group of Carnegie Mellon’s Software Engineering Institute, where he is responsible for overseeing and participating in the development of analysis methods in the area of network systems security and survivability. This work includes development of methods to identify trends in security incidents and in the development of software used by computer and network intruders. Of particular interest are incidents affecting defended systems and malicious software that are effective despite common defenses. Prior to his time at Carnegie Mellon, Tim was an Associate Professor at the Naval Postgraduate School in Monterey, CA.

Affiliations and Expertise

Timothy J. Shimeall, Ph.D. in Information and Computer Science, adjunct professor at Carnegie Mellon.

Jonathan Spring

Jonathan Spring is a member of the technical staff with the CERT Network Situational Awareness Group of the Software Engineering Institute, Carnegie Mellon University. He began working at CERT in 2009. He also serves as an adjunct professor at the University of Pittsburgh’s School of Information Sciences. His current research topics include monitoring cloud computing and DNS traffic analysis. He holds a Master’s degree in information security and a Bachelor’s degree in philosophy from the University of Pittsburgh.

Affiliations and Expertise

Software Engineering Institute, Carnegie Mellon University.

Reviews

"...this is a top-down approach to securing an organisation, helping you to understand how all the pieces fit together...The people most likely to benefit...are IT staff who don’t necessarily have a great deal of experience in security."--Network Security,December 1 2013

This work can best serve as a supplemental general resource to accompany a more-technical work on information security (IS)…overall, the text is well-written and engaging...Summing Up: Recommended"--CHOICE,August 1 2014 

"If you want to roll your sleeves up and do the computer equivalent of getting your hands greasy under the bonnet, this book will take you through hosts, firewalls, passwords, phishing and the like. Thanks partly to case studies and profiles, the authors never forget that infosec is about people, both the good guys and the fraudsters and hackers."--Professional Security Magazine Online, May 28, 2014

"The book provides a good balance between the broad aspects of information security, privacy and risk management; without overwhelming the novice with far too much minutiae…For those looking for an introduction to the topic, that nonetheless provides a comprehensive overview of the relevant areas, Introduction to Information Security: A Strategic-Based Approach is an excellent reference."--RSAConference.com, May 7, 2014

"As an American book, it covers US law on the subject…If you want to roll your sleeves up and do the computer equivalent of getting your hands greasy under the bonnet, this book will take you through hosts, firewalls, passwords, phishing and the like. Thanks partly to case studies and profiles, the authors never forget that infosec is about people, both the good guys and the fraudsters and hackers."--Professional Security Magazine Online, March 31, 2014