» » Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues

Download Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues epub

by Rayford Vaughn,Merrill Warkentin

Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues brings together authoritative authors to address one of the most pressing challenges in the IT field – how to create secure environments for the application of technology to serve future needs. This book bridges the gap between theory and practice, academia and industry, computer science and MIS. The chapters provide an integrated, holistic perspective on this complex set of challenges, supported with practical experiences of leading figures from all realms. Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues provides an excellent collection for corporate executives who are charged with securing their systems and data, students studying the topic of business information security, and those who simply have an interest in this exciting topic.
Download Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues epub
ISBN: 1591409128
ISBN13: 978-1591409120
Category: Engineering
Subcategory: Engineering
Author: Rayford Vaughn,Merrill Warkentin
Language: English
Publisher: Idea Group Publishing (March 6, 2006)
Pages: 406 pages
ePUB size: 1498 kb
FB2 size: 1308 kb
Rating: 4.1
Votes: 125
Other Formats: mbr lit rtf docx

helped with class
I took a class for A+ and CCNA, but never certified. I also took a class in Net+ and decided to go get certified there. I worked for about five months as a tech-support technician and have build a few computers. So, that's my background. With a BS in History I decided to go for a master degree in Information Systems see the connection right? Actually I'm looking to turn a hobby into a profession, naturally not having a BS in CIS or CS I was typically worried about the course. This book had been a tremendous help. I use this book more than any other individual book, to include the course books. My masters degree will be a management degree and that is what this book is geared the title indicates.

I knew about routers, networks, basic security like strong passwords, AND since I'm an army reservist I'm familiar the concept of Risk Management; however, I knew ZERO about E-Commerce, E-Business, Security Policies, planning and implementing IT Architecture, etc. This book took me through the whole gambit step by step. It has diagrams that are logical yet simple to understand. Do you know what Defense-in-Depth is? -or put another way- How about the concept of Security in Layers? This book will explain it from outside in, top to bottom, and front to back. What about encryption? What's new and what's obsolete? This book was published in 2006, so it's still pretty current.

The book breaks down a typical E-Business environment into easily understood models taking you from the customer outside the Internet or the corporate staff person logging onto a corporate a Business Logic Layer of web servers and application the Data Layer of database servers and directory servers. It covers security from outside the perimeter of firewalls and routers to hardening the internal database applications. You want to know what security access controls encompass? This books covers complete security domain profiles.

I will say that the matrix definition/method equations covered in Chapter VII were not exactly written at what I would call a beginners level, so I'm glad my classes haven't covered that. Wheew.

There are plenty of examples and definitions to illustrate covered materials. The chapters are as follows:

Ch I: A Model of Information Security Governance for E-Business

Ch II: IT Security Governance and Centralized Security Controls

Ch III: Case Study of Implemented Information Systems Security Policy

Ch IV: Malware and Antivirus Deployment for Enterprise Security

Ch V: The impact of the Sarbanes-Oxley (SOX) Act on Information Security

Ch VI: A Security Blueprint for E-Business Applications

Ch VII: Security Management for an E-Enterprise

Ch VIII: Implementing IT Security for Small & Medium Enterprises

Ch IX: E-Commerce Security

Ch X: The Survivability Principle: IT-Enabled Dispersal of Organizational Capitol

Ch XI: Security Engineering: IT is all about control and assurance objectives

Ch XII: High Assurance Products in IT Security

Ch XIII: The Demilitarized Zone as an Information Protection Network

Ch XIV: Software Security Engineering: Toward unifying software engineering and security engineering

Ch XV: Wireless Security

Ch XVI: Intrusion Detection and Response

Ch XVII: Deploying Honeynets

Ch XVIII: Steganography and Steganalysis

Ch XIX: Designing Secure Data Warehouses

Ch XX: Digital Forensics

Ch XXI: A Comparison of Authentication, Authorization, and Auditing in Windows and Linux

Ch XXII: Taxonomies of User-Authentication Methods in Computer Networks

Ch XXIII: Identity Management: A comprehensive approach to ensuring a secure network infrastructure

This book covers just about everything you need to know about what goes into developing a comprehensive security policy. At least for someone like me who has had no technical experience as a working IT professional in management writing security policies or as a technician employing vulnerability exploitation tools for penetration provided what I needed...and still does.