|  | Jacobs, Stuart
Engineering Information Security
The Application of Systems Engineering Concepts to Achieve Information Assurance
IEEE Press Series on Information and Communication Networks Security
 1. Edition June 2011
109.- Euro
2011. 728 Pages, Hardcover
ISBN 978-0-470-56512-4 - John Wiley & Sons
|
Sample Chapter
| Buy now   
E-Books are also available on all known E-Book shops.
|
| Short description
Information security is the act of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. This book discusses why information security is needed and how security problems can have widespread impacts. It covers the complete security lifecycle of products and services, starting with requirements and policy development and progressing through development, deployment, and operations, and concluding with decommissioning. Professionals in the sciences, engineering, and communications fields will turn to this resource to understand the many legal, technical, competitive, criminal and consumer forces and influences that are rapidly changing our information dependent society.
From the contents
Preface and Acknowledgments xxiii
1 WHAT IS SECURITY? 1
1.1 Introduction 1
1.2 The Subject of Security 2
1.3 A Twenty-First Century Tale 15
1.4 Why are You Important to Computer Security? 21
1.5 End of the Beginning 23
1.6 Chapter Summary 25
1.7 Further Reading and Resources 26
1.8 Questions 26
1.9 Exercises 27
2 SYSTEMS ENGINEERING 29
2.1 So What Is Systems Engineering? 29
2.2 Process Management 37
2.3 Organization Environments 44
2.4 Chapter Summary 56
2.5 Further Reading and Resources 57
2.6 Questions 57
2.7 Exercises 58
3 FOUNDATION CONCEPTS 59
3.1 Security Concepts and Goals 60
3.2 Role of Cryptology in Information Security 79
3.3 Key Management Revisited 111
3.4 Chapter Summary 113
3.5 Further Reading and Resources 113
3.6 Questions 114
3.7 Exercises 117
4 AUTHENTICATION OF SUBJECTS 119
4.1 Authentication Systems 119
Status Verification 138
4.2 Human Authentication 150
4.3 Chapter Summary 163
4.4 Further Reading and Resources 163
4.5 Questions 164
4.6 Exercises 166
5 SECURITY SYSTEMS ENGINEERING 167
5.1 Security Policy Development 168
5.2 Senior Management Oversight and Involvement 168
5.3 Security Process Management and Standards 168
5.4 Information Security Systems Engineering Methodology 185
5.5 Requirements Analysis and Decomposition 218
5.6 Access Control Concepts 221
5.7 Security Modeling and Security-Related Standards 228
5.8 Chapter Summary 242
5.9 Questions 243
5.10 Exercises 246
6 TRADITIONAL NETWORK CONCEPTS 249
6.1 Networking Architectures 249
6.2 Types of Networks 254
6.3 Network Protocols 259
Signaling and Control Application Protocols 323
6.4 Chapter Summary 332
6.5 Further Reading and Resources 332
6.6 Questions 332
6.7 Exercises 334
7 NEXT-GENERATION NETWORKS 335
7.1 Framework and Topology of the NGN 336
7.2 The NGN Functional Reference Model 343
7.3 Relationship between NGN Transport and Service Domains 351
7.4 Enterprise Role Model 353
7.5 Security Allocation within the NGN Transport Stratum Example 356
7.6 Converged Network Management (TMN and eTOM) 357
7.7 General Network Security Architectures 364
7.8 Chapter Summary 368
7.9 Further Reading and Resources 368
7.10 Exercises 370
8 GENERAL COMPUTER SECURITY ARCHITECTURE 371
8.1 The Hardware Protects the Software 372
8.2 The Software Protects Information 386
8.3 Element Security Architecture Description 388
8.4 Operating System (OS) Structure 397
8.5 Security Mechanisms for Deployed Operating Systems (OSs) 399
8.6 Chapter Summary 421
8.7 Further Reading and Resources 425
8.8 Questions 425
8.9 Exercises 426
9 COMPUTER SOFTWARE SECURITY 427
9.1 Specific Operating Systems (OSs) 427
9.2 Applications 459
9.3 Example Detailed Security Requirements for Specific Operating Systems and Applications 474
9.4 Chapter Summary 476
9.5 Further Reading and Resources 477
9.6 Questions 477
9.7 Exercises 478
10 SECURITYSYSTEMS DESIGN--DESIGNINGNETWORKSECURITY 479
10.1 Introduction 479
10.2 Security Design for Protocol Layer 1 482
10.3 Layer 2--Data Link Security Mechanisms 485
10.4 Security Design for Protocol Layer 3 493
10.5 IP Packet Authorization and Access Control 525
10.6 Chapter Summary 538
10.7 Further Reading and Resources 538
10.8 Questions 539
10.9 Exercises 541
11 TRANSPORT AND APPLICATION SECURITY DESIGN AND USE 543
11.1 Layer 4--Transport Security Protocols 543
11.2 Layer 5--User Service Application Protocols 553
11.3 Chapter Summary 603
11.4 Further Reading and Resources 603
11.5 Questions 604
11.6 Exercises 605
12 SECURING MANAGEMENT AND MANAGING SECURITY 607
12.1 Securing Management Applications 607
12.2 Operation, Administration, Maintenance, and Decommissioning 625
12.3 Systems Implementation or Procurement 647
12.4 Chapter Summary 657
12.5 Further Reading and Resources 657
12.6 Questions 657
12.7 Exercises 659
Appendix A: State Privacy Laws as of 2010 on CD
Appendix B: Example Company Security Policy on CD
Appendix C: Example Generic Security Requirements on CD
Appendix D: Significant Standards and Recommendations Related to Networking and Security on CD
Appendix E: Detailed Security Requirements on CD
Appendix F: RFP Security Analysis of ABC Proposal on CD
Appendix G: Security Statement of Work on CD
About the Author 661
Index 663
|
|
|
|
