Today’s complex world of mobile platforms, cloud computing, and ubiquitous data access puts new security demands on every IT professional. Information Security: The Complete Reference, Second Edition (previously titled Network Security: The Complete Reference) is the only comprehensive book that offers vendor-neutral details on all aspects of information protection, with an eye toward the evolving threat landscape. Thoroughly revised and expanded to cover all aspects of modern information security—from concepts to details—this edition provides a one-stop reference equally applicable to the beginner and the seasoned professional.
Find out how to build a holistic security program based on proven methodology, risk analysis, compliance, and business needs. You’ll learn how to successfully protect data, networks, computers, and applications. In-depth chapters cover data protection, encryption, information rights management, network security, intrusion detection and prevention, Unix and Windows security, virtual and cloud security, secure application development, disaster recovery, forensics, and real-world attacks and countermeasures. Included is an extensive security glossary, as well as standards-based references. This is a great resource for professionals and students alike.
Key Features
- Understand security concepts and building blocks.
- Identify vulnerabilities and mitigate risk.
- Optimize authentication and authorization.
- Use IRM and encryption to protect unstructured data.
- Defend storage devices, databases, and software.
- Protect network routers, switches, and firewalls.
- Secure VPN, wireless, VoIP, and PBX infrastructure.
- Design intrusion detection and prevention systems.
- Develop secure Windows, Java, and mobile applications.
- Perform incident response and forensic analysis.
Contents
Part 1: Network Security Foundations
- 1 Overview
- 2 Risk Analysis and Defense Models
- 3 Security Policies
- 4 Security Organization
Part 2: Access Control
- 5 Security Management
- 6 Physical Security
- 7 Operational Security
- 8 Authentication and Authorization Controls
- 9 Data Security
Part 3: Network Security
- 10 Network Design Considerations
- 11 Network Device Security
- 12 Firewalls
- 13 Virtual Private Networks
- 14 Wireless Network Security
- 15 Intrusion Detection Systems
- 16 Integrity and Availability
- 17 Network Role-Based Security
- 18 Voice-Over-IP (VOIP) Security
Part 4: System Security
- 19 Operating System Security Models
- 20 Unix Security
- 21 Linux Security
- 22 Windows Security
Part 5: Application Security
- 23 Principles of Application Security
- 24 Controlling Application Behavior
- 25 Writing Secure Software
- 26 J2EE Security
- 27 Windows .NET Security
- 28 Database Security
Part 6: Planning and Response
- 29 Disaster Recovery and Business Continuity
- 30 Attacks and Countermeasures
- 31 Incident Response and Forensic Analysis
- 32 Legal, Regulatory, and Standards Compliance
About the Author
- Mark Rhodes-Ousley has 20 years of experience with every aspect of security, from program management to technology. That experience includes risk management, security policies, security management, technology implementation and operations, physical security, disaster recovery, and business continuity planning. He holds two core beliefs: that business processes are just as important as technology because security relies on people; and that security should be a business enabler with a goal of enhancing the customer experience. Mark is CISSP, CISM, and MCSE certified.
Book Details
- Paperback: 896 pages
- Publisher: McGraw-Hill Osborne Media; 2 edition (©2013)
- Language: English
- ISBN-10: 0071784357
- ISBN-13: 978-0071784351
- Product Dimensions: 7.3 x 1.8 x 9.1 inches
- List price: $70.00