Principles of information security 6e pdf download

Discuss that enforcement of copyright laws has been attempted through a number of technical security mechanisms, such as digital watermarks, embedded code, and copyright codes. Explain that this category represents situations in which a product or service is not delivered to the organization as expected.

Internet Service Issues 1. Point out that Internet service, communications, and power irregularities are three sets of service issues that dramatically affect the availability of information and systems.

Describe Internet service issues: for organizations that rely heavily on the Internet and the Web to support continued operations, Internet service provider failures can considerably undermine the availability of information.

Many organizations have sales staff and telecommuters working at remote locations. When an organization places its Web servers in the care of a Web hosting provider, that provider assumes responsibility for all Internet services, as well as the hardware and operating system software used to operate the Web site.

Communications and Other Service Provider Issues 1. Describe communications and other service provider issues: other utility services can impact organizations as well.

Among these are telephone, water, wastewater, trash pickup, cable television, natural or propane gas, and custodial services. The loss of these services can impair the ability of an organization to function properly. Power Irregularities 1. Describe power irregularities: irregularities from power utilities are common and can lead to fluctuations, such as power excesses, power shortages, and power losses. In the U.

Explain that voltage levels can spike momentary increase , surge prolonged increase , sag momentary decrease , brownout prolonged drop in voltage , fault momentary complete loss of power or blackout a more lengthy loss of power. Note that because sensitive electronic equipment—especially networking equipment, computers, and computer-based systems—are susceptible to fluctuations, controls should be applied to manage power quality.

Espionage or Trespass 1. Explain that this threat represents a well-known and broad category of electronic and human activities that breach the confidentiality of information. Explain that when an unauthorized individual gains access to the information an organization is trying to protect, that act is categorized as a deliberate act of espionage or trespass. Point out that some information-gathering techniques are legal and are called competitive intelligence.

Note that instances of shoulder surfing occur at computer terminals, desks, ATM machines, smartphones, or other places where a person is accessing confidential information. Hackers 1. Discuss that the act of trespassing can lead to unauthorized, real, or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.

Discuss that the classic perpetrator of deliberate acts of espionage or trespass is the hacker. In the gritty world of reality, a hacker uses skill, guile, or fraud to attempt to bypass the controls placed around information that is the property of someone else.

The hacker frequently spends long hours examining the types and structures of the targeted systems. Remind students that there are generally two skill levels among hackers. The first is the expert hacker, who develops software scripts and program exploits used by the second category, the novice, or unskilled hacker. Explain that the expert hacker is usually a master of several programming languages, networking protocols, and operating systems and also exhibits a mastery of the technical environment of the chosen targeted system.

Point out to students that expert hackers have become bored with directly attacking systems and have turned to writing software. The software they write are automated exploits that allow novice hackers to become script kiddies or packet monkeys — hackers of limited skill who use expertly written software to exploit a system, but do not fully understand or appreciate the systems they hack. Discuss the term privilege escalation.

Explain that a common example of privilege escalation is called jailbreaking or rooting. Explain that password attacks fall under the category of espionage. Point out that attempting to guess or calculate a password is often called cracking.

Discuss how forces of nature, force majeure, or acts of God pose some of the most dangerous threats, because they are unexpected and can occur with very little warning.

Explain that these threats can disrupt not only the lives of individuals, but also the storage, transmission, and use of information. Since it is not possible to avoid many of these threats, management must implement controls to limit damage and also prepare contingency plans for continued operations. Discuss the following examples of force of nature threats: a. Fire b. Flood c. Earthquake d. Lightning e. Landslides or mudslides f. Tornados or severe windstorms g. Hurricanes, typhoons, and tropical depressions h.

Tsunamis i. Electrostatic discharge ESD j. Dust contamination k. Solar activity Human Error or Failure 1. Describe this category and note that includes the possibility of acts performed without intent or malicious purpose by an individual who is an employee of an organization.

Discuss the fact that employees constitute one of the greatest threats to information security, as they are the individuals closest to the organizational data. Employee mistakes can easily lead to the following: revelation of classified data, entry of erroneous data, accidental deletion or modification of data, storage of data in unprotected areas, and failure to protect information. Note that many threats can be prevented with controls, ranging from simple procedures, such as requiring the user to type a critical command twice, to more complex procedures, such as the verification of commands by a second party.

The most important aspect of any information Tip security program is to ensure that the organization has a comprehensive continuity planning process. Social Engineering 1. Note that within the context of information security, social engineering is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker.

Explain that people are the weakest link. You can have the best technology; firewalls, intrusion-detection systems, biometric devices Discuss the social engineering attack known as the advance-fee fraud AFF. Explain that phishing is an attempt to gain personal or financial information from an individual, usually by posing as a legitimate entity. Note that a variant is spear phishing, a label that applies to any highly targeted phishing attack.

While normal phishing attacks target as many recipients as possible, a spear phisher sends a message that appears to be from an employer, a colleague, or other legitimate correspondent, to a small group, or even one specific person. Discuss that phishing attacks use two primary techniques, often used in combination with one another: URL manipulation and Web site forgery. Point out another form of social engineering is called pretexting, which is sometimes referred to as phone phishing.

Information Extortion 1. Describe how the threat of information extortion involves the possibility of an attacker or trusted insider stealing information from a computer system and demanding compensation for its return or for an agreement to not disclose the information.

Extortion is common in credit card number theft. This category of threat involves the deliberate sabotage of a computer system or business, or acts of vandalism to either destroy an asset or damage the image of an organization.

Emphasize that these threats can range from petty vandalism by employees to organized sabotage against an organization. Online Activism 1. Compared to Web site defacement, vandalism within a network is more malicious in intent and less public. Explain that security experts are noticing a rise in another form of online vandalism, hacktivist or cyberactivist operations. A more extreme version is referred to as cyberterrorism. Compare cyberterrorism to more positive online activism, such as using Facebook, Twitter, etc.

Quick Quiz 1 1. True or False: The three communities of interest are general management, operations management, and information security management. Answer: False 2. Hackers of limited skill who use expertly written software to attack a system are known as which of the following? Which of the following occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it?

Information extortion b. Technological extortion c. Insider trading d. Information hording Answer: A 4. Which type of attacker will hack systems to conduct terrorist activities via network or Internet pathways? Cyberhackers b. Electronic terrorists c. Cyberterrorists d. Electronic hackers Answer: C 5. Answer: True Software Attacks 1. Emphasize that an attack is a deliberate act that exploits a vulnerability to compromise a controlled system. This attack can consist of specially crafted software that attackers trick users into installing on their systems.

Teaching You should pause now to ensure that students understand the difference between Tip threats, vulnerabilities, exploits, and attacks. Verify that students understand how these terms combine and transition. Malware 1. Describe malware as malicious code or malicious software. Point out that other attacks that use software, like redirect attacks and denial-of-service attacks, also fall under this threat. Note that the malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information.

Explain that the polymorphic, or multivector, worm is a state-of-the-art attack system. Point out that these attack programs use up to six known attack vectors to exploit a variety of vulnerabilities in commonly found information system devices.

Point out to students that when an attack makes use of malware that is not yet known by the anti-malware software companies, it is said to be a zero-day attack. Describe other forms of malware including covert software applications—bots, spyware, and adware—that are designed to work out of sight of users, or via an apparently innocuous user action.

Use Table to review some of the most dangerous malware attacks to date. Explain that a computer virus consists of code segments that perform malicious actions. Point out to students that one of the most common methods of virus transmission is via e-mail attachments. Mention that viruses can be classified by how they spread themselves. Discuss the most common types of information system viruses, which are the macro virus and the boot virus.

Explain the classification known as memory-resident and non-memory-resident viruses. Note that resident viruses are capable of reactivating when the computer is booted and continuing their actions until the system is shut down.

Worms 1. Describe worms as viruses that can continue replicating themselves until they completely fill available resources. Use Figure to discuss the Nimda and Sircam worms. Sign up Log in. Web icon An illustration of a computer application window Wayback Machine Texts icon An illustration of an open book.

Books Video icon An illustration of two cells of a film strip. Video Audio icon An illustration of an audio speaker. Audio Software icon An illustration of a 3. Software Images icon An illustration of two photographs. Images Donate icon An illustration of a heart shape Donate Ellipses icon An illustration of text ellipses. With the book's popularity among students, recently listed in the leading 3 of Security texts and the top 20 among all Computers publications, interest for this ISBN could be substantial so being economical now through our website by not splurging on full price is both cost effective and efficient.

Michael Whitman, Ph. He currently teaches graduate and undergraduate courses in Information Security. Previously, and Dr. Whitman served the U.

Herbert Mattord, Ph. Principles of Information Security, 6th Edition. Table of Contents. Morgan greer tarot book pdf. A song of ice and fire audio books free download. A song of ice and fire book pdf free download. Mills and boon books free pdf download. Dead and gone book online free. Concept and comment book download. Dc pandey optics and modern physics book pdf download.

Anna and the french kiss full book online free.