Principles of Information Security

Last updated

Principles of Information Security is a textbook written by Michael Whitman and Herbert Mattord and published by Course Technology. [1]

Contents

It is in widespread use in higher education in the United States as well as in many English-speaking countries.[ citation needed ]

Editions

First edition

The initial edition of this text was published in 2002. [2]

Second edition

The second edition was published in 2004. [3]

Third edition

The third edition was published in 2008. The bound text contained 550 pages. [4]

Fourth edition

Publication Date: January 1, 2011; Authors: Michael E. Whitman, Herbert J. Mattord. ISBN   978-1-111-13821-9

Fifth edition

Publication date: November 18, 2014; Authors: Michael E. Whitman, Herbert J. Mattord. ISBN   978-1285448367

Sixth edition

Publication Date: January 2018; Authors: Michael E. Whitman, Herbert J. Mattord. ISBN   978-1337578769

Seventh edition

Publication Date: July 2021; Authors: Michael E. Whitman, Herbert J. Mattord. ISBN   9780357506493

Authors

Other book projects

Dr. Whitman and Professor Mattord, working with others have collaborated on the following projects:

Related Research Articles

Information security Protecting information by mitigating information risks

Information Security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized/inappropriate access to data, or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g. electronic or physical, tangible or intangible. Information security's primary focus is the balanced protection of the confidentiality, integrity, and availability of data while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a structured risk management process that involves:

Intrusion detection system A device or software application that monitors a network or systems for malicious activity

An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarms.

A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across a VPN may benefit from the functionality, security, and management of the private network. It provides access to resources inaccessible on the public network and is typically used for telecommuting workers. Encryption is common, although not an inherent part of a VPN connection.

An information system (IS) is a formal, sociotechnical, organizational system designed to collect, process, store, and distribute information. From a sociotechnical perspective, information systems are composed by four components: task, people, structure, and technology. Information systems can be defined as an integration of components for collection, storage and processing of data of which the data is used to provide information, contribute to knowledge as well as digital products that facilitate decision making.

CISSP is an independent information security certification granted by the International Information System Security Certification Consortium, also known as (ISC)².

Information technology (IT) governance is a subset discipline of corporate governance, focused on information technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organizations to focus value creation efforts on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. It has evolved from The Principles of Scientific Management, Total Quality Management and ISO 9001 Quality management system.

Backbone network

A backbone or core network is a part of a computer network which interconnects networks, providing a path for the exchange of information between different LANs or subnetworks. A backbone can tie together diverse networks in the same building, in different buildings in a campus environment, or over wide areas. Normally, the backbone's capacity is greater than the networks connected to it.

Psychiatric rehabilitation, also known as psych social rehabilitation, and sometimes simplified to psych rehab by providers, is the process of restoration of community functioning and well-being of an individual diagnosed in mental health or emotional disorder and who may be considered to have a psychiatric disability.

CloudNine Communications was a small Internet service provider (ISP) in Britain. After a crippling DDoS attack in January 2002, it was forced to sell its business to competitor Zetnet. CloudNine was one of Britain's original ISPs. It had been in business for six years.

Angela Orebaugh American computer scientist and author

Angela Orebaugh is a cyber technology and security author and researcher. In 2011, she was selected as Booz Allen Hamilton's first Cybersecurity Fellow. She is an assistant professor at the University of Virginia School of Continuing and Professional Studies, and serves there as the program director for certificates in cybersecurity.

Peter H. Gregory

Peter Hart Gregory, CISA, CISSP is an American information security advisor, computer security specialist, and writer. He is the author of several books on computer security and information technology.

Robert Slade

Robert Michael Slade, also known as Robert M. Slade and Rob Slade, is a Canadian information security consultant, researcher and instructor. He is the author of Robert Slade's Guide to Computer Viruses, Software Forensics, Dictionary of Information Security and co-author of Viruses Revealed. Slade is the author of thousands of technical book reviews, today published on the techbooks mailing list and in the RISKS Digest, and archived in his Internet Review Project. An expert on computer viruses and malware, he is also the Mr. Slade of "Mr. Slade's lists".

Joyce Farrell is the author of many programming books for Course Technology, a part of Cengage Learning. Her books are widely used as textbooks in higher education institutions. She was formerly a professor of computer information systems at Harper College in Palatine, Illinois, USA, and earlier taught computer information systems at the University of Wisconsin–Stevens Point and McHenry County College in Crystal Lake, Illinois.

Firewall (computing) Software or hardware-based network security system

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.

Factor Analysis of Information Risk (FAIR) is a taxonomy of the factors that contribute to risk and how they affect each other. It is primarily concerned with establishing accurate probabilities for the frequency and magnitude of data loss events. It is not a methodology for performing an enterprise risk assessment.

ipsectrace is a software tool designed by Wayne Schroeder to help profile IPsec connections in a packet capture (PCP) file. The program uses a command line interface to point at a PCP capture and informs the user about what is going on. It is somewhat inspired by tcptrace, which uses the same input of PCP files. Ipsectrace is only available for the Linux operating system. It is coded in C++ and is licensed under the GPL, effectively allowing anyone to modify and redistribute it.

<i>Administrative Behavior</i>

Administrative Behavior: a Study of Decision-Making Processes in Administrative Organization is a book written by Herbert A. Simon (1916–2001). It asserts that "decision-making is the heart of administration, and that the vocabulary of administrative theory must be derived from the logic and psychology of human choice", and it attempts to describe administrative organizations "in a way that will provide the basis for scientific analysis". The first edition was published in 1947; the second, in 1957; the third, in 1976; and the fourth, in 1997. As summarized in a 2001 obituary of Simon, the book "reject[ed] the notion of an omniscient 'economic man' capable of making decisions that bring the greatest benefit possible and substitut[ed] instead the idea of 'administrative man' who 'satisfices—looks for a course of action that is satisfactory'". Administrative Behavior laid the foundation for the economic movement known as the Carnegie School.

Information technology Computer-based technology

Information technology (IT) is the use of computers to create, process, store, and exchange all kinds of electronic data and information. IT is typically used within the context of business operations as opposed to personal or entertainment technologies. IT is considered to be a subset of information and communications technology (ICT). An information technology system is generally an information system, a communications system, or, more specifically speaking, a computer system – including all hardware, software, and peripheral equipment – operated by a limited group of IT users.

Eric Vanderburg

Eric Vanderburg is an American cyber security, storage networking and information technology professional and writer living in Cleveland, Ohio.

Risk Control Strategies are the defensive measures utilized by IT and InfoSec communities to limit vulnerabilities and manage risks to an acceptable level. There are a number of strategies that can be employed as one measure of defense or in a combination of multiple strategies together. A risk assessment is an important tool that should be incorporated in the process of identifying and determining the threats and vulnerabilities that could potentially impact resources and assets to help manage risk. Risk management is also a component of a risk control strategy because Nelson et al. (2015) state that "risk management involves determining how much risk is acceptable for any process or operation, such as replacing equipment".

References

  1. http://www.cengage.com/cengage/instructor.do?disciplinenumber=412&product_isbn=9781423901778&filter=Book&type=keyword_all&keyword_all=mattord&pageno=1&topicName=Search%20Results&dispnum=%5B%5D
  2. Whitman, M. E. & Mattord, H.J., Principles of Information Security, 2003 Course Technology, Boston, MA, ISBN   0-619-06318-1
  3. Whitman, M. E. & Mattord, H. J., Principles of Information Security, 2nd ed. 2005 Course Technology, Boston, MA, ISBN   0-619-21625-5
  4. Whitman, M. E. & Mattord, H. J., Principles of Information Security, 3rd ed. 2008 Course Technology, Boston, MA, ISBN   978-1-4239-0177-8