Information Security The Complete Reference, 2nd Edition

Develop and implement an effective end-to-end security program

Today’s complex world of mobile platforms, cloud computing, and ubiquitous data access puts new security demands on every IT professional. Information Security: The Complete Reference, Second Edition (previously titled Network Security: The Complete Reference) is the only comprehensive book that offers vendor-neutral details on all aspects of information protection, with an eye toward the evolving threat landscape. Thoroughly revised and expanded to cover all aspects of modern information security—from concepts to details—this edition provides a one-stop reference equally applicable to the beginner and the seasoned professional.

Find out how to build a holistic security program based on proven methodology, risk analysis, compliance, and business needs. You’ll learn how to successfully protect data, networks, computers, and applications. In-depth chapters cover data protection, encryption, information rights management, network security, intrusion detection and prevention, Unix and Windows security, virtual and cloud security, secure application development, disaster recovery, forensics, and real-world attacks and countermeasures. Included is an extensive security glossary, as well as standards-based references. This is a great resource for professionals and students alike.

• Understand security concepts and building blocks
• Identify vulnerabilities and mitigate risk
• Optimize authentication and authorization
• Use IRM and encryption to protect unstructured data
• Defend storage devices, databases, and software
• Protect network routers, switches, and firewalls
• Secure VPN, wireless, VoIP, and PBX infrastructure
• Design intrusion detection and prevention systems
• Develop secure Windows, Java, and mobile applications
• Perform incident response and forensic analysis

Table of Contents

Part I: Foundations
Chapter 1: Information Security Overview
Chapter 2: Risk Analysis
Chapter 3: Compliance with Standards, Regulations, and Laws
Chapter 4: Secure Design Principles
Chapter 5: Security Policies, Standards, Procedures, and Guidelines
Chapter 6: Security Organization
Chapter 7: Authentication and Authorization

Part II: Data Security
Chapter 8: Securing Unstructured Data
Chapter 9: Information Rights Management
Chapter 10: Encryption
Chapter 11: Storage Security
Chapter 12: Database Security

Part III: Network Security
Chapter 13: Secure Network Design
Chapter 14: Network Device Security
Chapter 15: Firewalls
Chapter 16: Virtual Private Networks
Chapter 17: Wireless Network Security
Chapter 18: Intrusion Detection and Prevention Systems
Chapter 19: Voice over IP (VoIP) and PBX Security

Part IV: Computer Security
Chapter 20: Operating System Security Models
Chapter 21: Unix Security
Chapter 22: Windows Security
Chapter 23: Securing Infrastructure Services
Chapter 24: Virtual Machines and Cloud Computing
Chapter 25: Securing Mobile Devices

Part V: Application Security
Chapter 26: Secure Application Design
Chapter 27: Writing Secure Software
Chapter 28: J2EE Security
Chapter 29: Windows .NET Security
Chapter 30: Controlling Application Behavior

Part VI: Security Operations
Chapter 31: Security Operations Management
Chapter 32: Disaster Recovery, Business Continuity, Backups, and High Availability
Chapter 33: Incident Response and Forensic Analysis

Part VII: Physical Security
Chapter 34: Physical Security