BookPDF Available

Principles of Information Security, 4th edition

Authors:

Abstract

Specifically oriented to the needs of information systems students, PRINCIPLES OF INFORMATION SECURITY, 5e delivers the latest technology and developments from the field. Taking a managerial approach, this bestseller teaches all the aspects of information security-not just the technical control perspective. It provides a broad review of the entire field of information security, background on many related elements, and enough detail to facilitate understanding of the topic. It covers the terminology of the field, the history of the discipline, and an overview of how to manage an information security program. Current and relevant, the fifth edition includes the latest practices, fresh examples, updated material on technical security controls, emerging legislative issues, new coverage of digital forensics, and hands-on application of ethical issues in IS security. It is the ultimate resource for future business decision-makers.
A preview of the PDF is not available
... Intrusion Detection (ID) filed is concerned with developing resource and data security mechanizes [3]. IDSs could be classified to three main classes depending on how they monitor activity [2,5]. Host-based intrusion detection system (HIDS), which is designed to only check activity on a specific host [4]. ...
... Network-Based IDS (NIDS), which analyzes all received packets on a particular network segment looking for attacks [2]. Finally, Hybrid of HIDS and NIDS, where the data of the agent are combined with the previous two IDS types (HIDS and NIDS) [2,5]. Different techniques were used to detect and prevent computer networks intrusion attempts. ...
Conference Paper
Full-text available
Artificial immune system (AIS) is considered as an adaptive computational intelligence method that could be used for detecting and preventing current computer network threats. AIS generates Antibodies (self) competent in recognizing Antigen (non-self), which is considered as an anomaly technique. This paper aims to develop artificial immune system (AIS) that consists of two levels. Level one is developed using Genetic Algorithm, while level two is developed using C4.5 decision tree algorithm. The proposed system trained with clustered features that are selected from NSL-KDD cup data-set. Each level produces two antibodies (that could recognize Normal and Antigen access-records). The recognition accuracy of the developed system reaches 96%. The behavior of each level is studied. The best feature-set that suits each level is specified.
... The disadvantages of this type of IDS are that it can detect only signatures that are stored. Obfuscated attacks cannot be recognized by Signature based IDS [2]. The Figure. ...
... It is widely used to inspect attacks on application layer protocols like DNS, HTTP, SMTP, DHCP etc. The Figure.2 Below shows the working of Anomaly-Based IDS [2]. Each neuron is capable of transferring information from one to another. ...
... Software development is often characterised by the sequential or overlapping stages of the Waterfall project method. Some scholars advocate that by including security consideration throughout the System Development Life Cycle (SDLC) that more robust security architecture results (Whitman & Mattford, 2018). ...
Article
Both consumers and businesses are rapidly adopting IoT premised on convenience and control. Industry and academic literature talk about billions of embedded IoT devices being implemented with use-cases ranging from smart speakers in the home, to autonomous trucks, and trains operating in remote industrial sites. Historically information systems supporting these disparate use-cases have been categorised as Information Technology (IT) or Operational Technology (OT), but IoT represents a fusion between these traditionally distinct information security models. This paper presents a review of IEEE and Elsevier peer reviewed papers that identifies the direction in IoT education and training around information security. It concludes that the education/training still is largely distinct and is not addressing the needs of this hybrid IT and OT model. IoT is complex as it melds embedded systems and software in support of interaction with physical systems. While literature contains implementation specific research, papers that address appropriate methodologies and content around secure design are piecemeal in nature. We conclude that in the rush to find implementation specific strategies the overarching strategy around education and training of secure IoT design is not being adequately addressed. Consequently, we propose a novel approach to how IoT education training can better incorporate the topic of secure design at a foundational level.
... The advancement of wireless and mobile devices has brought the issue of security threats back into focus. The privacy issues breaches raised by digital technology are well documented by many authors including [1][2][3] . However, despite high percentage of concern about invasion of people privacy through new technology, they continue to deliver their sensitive data such as credit card details to smartphone. ...
Article
Objectives: This study investigates the attitudes towards using smartphone apps. in Jordan, while there exists some threats to mobile phone users' privacy. We also investigated user's awareness of the privacy and security threats when using smartphone applications. Methods/Analysis: A questioner was developed and distributed among random sample of Jordanian mobile users, Inferential Statistics (Regression and Correlation) techniques are used in the study, where Pearson correlation coefficient is calculated to model the relationships between dependent and explanatory variables. The regression was used because it can designate whether those relationships are strong or weak. Findings: The study revealed more than 90% of users have installed apps on their smartphones and about 83% of them did not read the apps privacy policy before the installation. The study found that Perceived Security and IT Expertise have a positive effect on Perceived Privacy, and that Attitude towards smartphone app and Perceived Usefulness shows significant effect on apps installation. In addition, the study found that Perceived Usefulness and Perceived Privacy both have significant positive relation with Attitude towards smartphone apps. Application: This research covers smartphone user's privacy related issue when using the phone to run Vice over Internet Protocol (VoIP) applications, and provides several recommendations to protect users' privacy.
... The advancement of wireless and mobile devices has brought the issue of security threats back into focus. The privacy issues breaches raised by digital technology are well documented by many authors including [1][2][3] . However, despite high percentage of concern about invasion of people privacy through new technology, they continue to deliver their sensitive data such as credit card details to smartphone. ...
Article
Full-text available
This study investigates the attitudes towards using smartphone apps. in Jordan, while there exists some threats to mobile phone users’ privacy. We also investigated user’s awareness of the privacy and security threats when using smartphone applications. Methods/Analysis: A questioner was developed and distributed among random sample of Jordanian mobile users, Inferential Statistics (Regression and Correlation) techniques are used in the study, where Pearson correlation co-efficient is calculated to model the relationships between dependent and explanatory variables. The regression was used because it can designate whether those relationships are strong or weak. Findings: The study revealed more than 90% of users have installed apps on their smartphones and about 83% of them did not read the apps privacy policy before the installation. The study found that Perceived Security and IT Expertise have a positive effect on Perceived Privacy, and that Attitude towards smartphone app and Perceived Usefulness shows significant effect on apps installation. In addition, the study found that Perceived Usefulness and Perceived Privacy both have significant positive relation with Attitude towards smartphone apps. Application: This research covers smartphone user’s privacy related issue when using the phone to run Vice over Internet Protocol (VoIP) applications,
... A policy is a plan or course of action that conveys instructions from an organization's senior management to those who make decisions, take actions, and perform other duties [Michael and Herbert, 2010]. Policies can also be designed to be issue specific, for example information security policies are policies that are designed provide guidelines to protect information resources of an organisation. ...
Thesis
Full-text available
Educational institutions are known to be at the heart of complex computing systems in any region in which they exist, especially in Africa. The existence of high end computing power, often connected to the Internet and to research network grids, makes educational institutions soft targets for attackers. Attackers of such networks are normally either looking to exploit the large computing resources available for use in secondary attacks or to steal Intellectual Property (IP) from the research networks to which the institutions belong. Universities also store a lot of information about their current students and staff population as well as alumni ranging from personal to financial information. Unauthorized access to such information violates statutory requirement of the law and could grossly tarnish the institutions name not to mention cost the institution a lot of money during post-incident activities. The purpose of this study was to investigate the information security practices that have been put in place by Research and Education Network of Uganda (RENU) member institutions to safe guard institutional data and systems from both internal and external security threats. The study was conducted on six member institutions in three phases, between the months of May and July 2011 in Uganda. Phase One involved the use of a customised quantitative questionnaire tool. The tool-originally developed by information security governance task-force of EDUCAUSE-was customised for use in Uganda. Phase Two involved the use of a qualitative interview guide in a sessions between the investigator and respondents. Results show that institutions rely heavily on Information and Communication Technology (ICT) systems and services and that all institutions had already acquired more than three information systems and had acquired and implemented some of the cutting edge equipment and systems in their data centres. Further results show that institutions have established ICT departments although staff have not been trained in information security. All institutions interviewed have ICT policies although only a few have carried out policy sensitization and awareness campaigns for their staff and students. i
... Many times people communicate or share their password with other people for multiple reasons. This weakens the security of the organizations [6]. To overcome this we propose new system which uses images along with password to provide authentication. ...
Conference Paper
Full-text available
Username and password are the most commonly used mechanism for authentication because of simplicity and convenience. However it suffers from few drawbacks like selection of weak passwords by the users, users disclosing their passwords etc. This weakens the security posture of the organizations. Hence we propose a new image based authentication system. Research suggests that use of images may be more effective in terms of security and ease of use for some application. This is because we, humans are good at recognizing images than remembering password. In this paper we describe new image based authentication system which can be used independently or along with current character based authentication system to improve security and usability. We implemented the said system along with current authentication system (username and password). We carried out the user survey. Around seventy users including students and faculty tested the system and gave their feedback. After analysis, One of the key outcome is that 97% were able to register with the system and 94% we able to successfully authenticate with the system. Results of the user feedback are presented and discussed in this paper.
Chapter
Full-text available
As a result of the growing reliance by public sector organisations on technological resources for capturing and processing information, protection of information in the public sector has become an issue of national concern. While considering the South African national strategy for protecting this state asset (‘information’) this paper contrasts existing local, provincial or national e-Government information security policies against the adopted national guidelines. The paper postulates that with sound policies and guidelines in place ‘interpretation and application’ remain as two barriers that pose a threat to state information. The main question addressed in this paper is whether e-Government information security policies adequately address prescribed key security components. To achieve a comprehensive understanding of the pillars underpinning the protection of national information security in South Africa, the authors followed systematic procedures for reviewing and evaluating existing e-Government information security policies. The objective of this paper is to investigate whether existing government information security policies are aligned to national policy or guidelines. This paper will contribute empirical evidence which supports the notion observed by the South African Auditor General that (Auditor-General 2012) security weaknesses in government departments and state entities are attributed to the lack of formally designed and implemented information security policies and standards. The results of this preliminary investigation indicate that although information security policies exist in the majority of state entities, there is no consistency in the application of the ‘security controls’, as outlined in the national guidelines.
Conference Paper
Full-text available
فرماندهي و كنترل به معني اعمال اختيار و هدايت از سوي يك فرمانده مشخص بر نيروهاي مامور براي تحقق ماموريت مي باشد. سياست هاي امنيتي مجموعه اي از قواعد و قوانيني است كه چگونگي حفظ امنيت كليه اجزاي سازمان را تعريف مي كند. اين سياست ها قوانيني هستند كه تعيين مي كنند چگونه براي استفاده از منابع و تخصيص صفات، تصميمات كنترل دسترسي اتخاذ مي گردد. در اين مقاله به بررسي دقيق روش هاي سياست گذاري امنيتي در سامانه هاي فرماندهي و كنترل پرداخته و متدولوژي ارائه مي گردد كه مي توان توسط آن سياست هاي كنترل دسترسي تبيين گردد. در اين مقاله روشي براي كنترل دسترسي چند وجهي ارائه مي گردد كه بر اساس كاربردها و نيازهاي امنيتي، مدل كنترل دسترسي مناسب با استفاده از سياستگذاري تبيين مي گردد. تدوين سياست هاي امنيتي باعث يكپارچگي چارچوب تصميم گيري در سطوح مختلف سامانه هاي فرماندهي و كنترل مي گردد. با ايجاد واحدهاي تدوين سياست هاي امنيتي، تمامي فعاليت ها و دستورالعمل ها در سامانه هاي فرماندهي و كنترل، بر اساس سياست هاي تعيين شده انجام مي گيرد
ResearchGate has not been able to resolve any references for this publication.