Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000010252349 | HV6773 K59 2008 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Explores the full range of issues - moral, ethical, social, legal, and technological - involved in developing firm controls and best practices to secure the ever growing information infrastructure upon which societies and individuals depend.
Reviews 1
Choice Review
Joseph Kizza (Univ. of Tennessee at Chattanooga) and Florence Kizza (writer) observe that online crimes are increasingly common, as the Internet has become ingrained in our lives and computer use has grown. They assert that this leads to a fear of using this infrastructure when there is ever more need to trust it. The Kizzas strive to offer a rationale for establishing trust. The first of four parts focuses on security through moral and ethical education. The second and longest section consists of ten chapters describing various hardware and software security threats and countermeasures. The third part discusses legal issues including computer crime and forensics. The final part is a single chapter about security best practices and possible future technology developments. This book's 17 chapters have a consistent style: an introduction describing what will be presented, often followed by relevant definitions, then the body of the chapter, a summary conclusion, and references. Neither a prior understanding of the Internet nor computer technology is needed to appreciate this book. Glossary of terms. Summing Up: Recommended. General readers. E. M. Aupperle emeritus, University of Michigan
Table of Contents
Preface | p. ix |
Acknowledgment | p. xiv |
Section I Security Through Moral and Ethical Education | |
Chapter I Building Trust in the Information Infrastructure | p. 1 |
Introduction | p. 1 |
Problems with Building Trust | p. 2 |
Steps to Building Trust | p. 7 |
Conclustion | p. 8 |
References | p. 9 |
Chapter II Need for Morality and Ethics | p. 10 |
Introduction | p. 10 |
Morality | p. 11 |
Ethics | p. 11 |
Codes of Professional Responsibility | p. 18 |
The Relevancy of Ethics in Modern Life | p. 20 |
Conclusion | p. 21 |
References | p. 21 |
Chapter III Building an Ethical Framework for Decision Making | p. 22 |
Introduction | p. 22 |
Principle of Duty of Care | p. 23 |
Work and Decision Making | p. 23 |
Pillars of a Working Life | p. 25 |
Need for an Ethical Education | p. 28 |
Decision Making and the Ethical Framework | p. 35 |
Conclusion | p. 39 |
References | p. 40 |
Chapter IV Security, Anonymity, and Privacy | p. 41 |
Introduction | p. 41 |
Security | p. 42 |
The Importance of Information Security | p. 49 |
Government and International Security Standards | p. 50 |
Information Security Evaluation Criteria | p. 53 |
Privacy | p. 56 |
Privacy and Security in Cyberspace | p. 59 |
Conclusion | p. 63 |
References | p. 64 |
Section II Security Through Innovative Hardware and Software Systems | |
Chapter V Software Standards, Reliability, Safety, and Risk | p. 66 |
Introduction | p. 66 |
The Role of Software in the Security of Computing Systems | p. 67 |
Software Standards | p. 70 |
Reliability | p. 76 |
Software Security | p. 79 |
Causes of Software Failures | p. 82 |
Conclusion | p. 86 |
References | p. 87 |
Chapter VI Network Basics and Securing the Network Infrastructure | p. 88 |
Introduction | p. 88 |
Computer Network Basics | p. 89 |
Network Protocols and Layering | p. 97 |
Network Services | p. 104 |
Network Connecting Devices | p. 108 |
Securing the Network Infrastructure: Best Practices | p. 114 |
Conclusion | p. 118 |
References | p. 118 |
Chapter VII Security Threats and Vulnerabilities | p. 119 |
Introduction | p. 119 |
Types of Threats and Vulnerabilities | p. 120 |
Sources of Information Security Threats | p. 122 |
Best Practices of Online Security | p. 133 |
Conclusion | p. 134 |
References | p. 134 |
Appendix Additional Reading | p. 135 |
Chapter VIII Security Policies and Risk Analysis | p. 137 |
Introduction | p. 137 |
Information Security Policy | p. 138 |
Aspects of Security Policies | p. 139 |
Building a Security Policy | p. 142 |
Types of Security Policies | p. 157 |
Conclusion | p. 160 |
References | p. 160 |
Chapter IX Security Analysis, Assessment, and Assurance | p. 161 |
Introduction | p. 161 |
Threat Identification | p. 162 |
Security by Analysis | p. 168 |
Security Assessment and Assurance | p. 171 |
Conclusion | p. 179 |
References | p. 179 |
Chapter X Access Control, Authentication, and Authorization | p. 180 |
Introduction | p. 180 |
Definitions | p. 181 |
Access Control | p. 181 |
Authentication | p. 191 |
Authorization | p. 203 |
Conclusion | p. 207 |
References | p. 207 |
Chapter XI Perimeter Defense: The Firewall | p. 209 |
Introduction | p. 209 |
Types of Firewalls | p. 212 |
Other Firewalls | p. 227 |
Virtual Private Network | p. 230 |
Firewall Issues Before Installation | p. 231 |
Configuration and Implementation of a Firewall | p. 232 |
Advantages of Firewalls | p. 234 |
Disadvantages of Firewalls | p. 235 |
Securing a Network by a Firewall | p. 236 |
Conclusion | p. 237 |
References | p. 238 |
Chapter XII Intrusion Detection and Prevention Systems | p. 239 |
Introduction | p. 239 |
Definitions | p. 240 |
Background of Intrusion Detection | p. 242 |
Basic Modules of an Intrusion Detection System | p. 243 |
Intrusion Detection Models | p. 244 |
Responses to Intrusion Detection Reports | p. 247 |
Types of Intrusion Detection Systems | p. 248 |
Challenges for Intrusion Detection | p. 254 |
Intrusion Prevention Systems (IPSs) | p. 255 |
Conclusion | p. 258 |
References | p. 258 |
Chapter XIII Security in Wireless Systems | p. 259 |
Introduction | p. 259 |
Types of Wireless Technology | p. 260 |
The Wireless Communication Infrastructure | p. 260 |
Wireless Local Area Network (WLAN): Wireless Fidelity (Wi-Fi) | p. 265 |
Security Issues in Wireless Systems | p. 270 |
Best Practices for Wi-Fi Security | p. 276 |
Conclusion | p. 278 |
References | p. 278 |
Chapter XIV Biometrics for Access Control | p. 280 |
Introduction | p. 280 |
History of Biometrics | p. 281 |
Biometric Authentication System | p. 282 |
Biometric Identifiers | p. 284 |
Advantages of Biometrics | p. 292 |
Disadvantages of Biometrics | p. 293 |
Why Biometrics are Not Truly Accepted | p. 294 |
The Future of Biometrics | p. 295 |
Conclusion | p. 296 |
References | p. 296 |
Section III Security Through the Legal System | |
Chapter XV Digital Evidence and Computer Crime | p. 298 |
Introduction | p. 298 |
Definitions | p. 299 |
Nature of Digital Evidence | p. 299 |
Importance of Digital Evidence | p. 300 |
Reliability of Digital Evidence | p. 301 |
The Need for Standardization | p. 302 |
Proposed Standards for the Exchange of Digital Evidence | p. 303 |
The Process of Digital Evidence Acquisition | p. 305 |
Investigative Procedures | p. 306 |
Conclusion | p. 316 |
References | p. 316 |
Chapter XVI Digital Crime Investigation and Forensics | p. 318 |
Definition | p. 318 |
Computer Forensics | p. 319 |
History of Computer Forensics | p. 319 |
Network Forensics | p. 320 |
Forensics Analysis | p. 321 |
Forensics Tools | p. 324 |
Conclusion | p. 334 |
References | p. 334 |
Section IV What Next? | |
Chapter XVII Trends in Information Assurance | p. 336 |
Introduction | p. 336 |
Global Information Assurance Initiatives and Trends | p. 337 |
National and International Information Security Initiatives | p. 342 |
Certification Programs | p. 350 |
Conclusion | p. 352 |
References | p. 353 |
Appendix Additional Reading | p. 354 |
Glossary of Terms | p. 355 |
About the Authors | p. 362 |
Index | p. 363 |