E-Book, Englisch, 234 Seiten
Trcek Managing Information Systems Security and Privacy
1. Auflage 2006
ISBN: 978-3-540-28104-7
Verlag: Springer Berlin Heidelberg
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, 234 Seiten
ISBN: 978-3-540-28104-7
Verlag: Springer Berlin Heidelberg
Format: PDF
Kopierschutz: 1 - PDF Watermark
The book deals with the management of information systems security and privacy, based on a model that covers technological, organizational and legal views. This is the basis for a focused and methodologically structured approach that presents 'the big picture' of information systems security and privacy, while targeting managers and technical profiles. The book addresses principles in the background, regardless of a particular technology or organization. It enables a reader to suit these principles to an organization's needs and to implement them accordingly by using explicit procedures from the book. Additionally, the content is aligned with relevant standards and the latest trends. Scientists from social and technical sciences are supposed to find a framework for further research in this broad area, characterized by a complex interplay between human factors and technical issues.
Autoren/Hrsg.
Weitere Infos & Material
1;Contents;10
2;1 Introduction - The Scope of the Work and its Methodology ;13
2.1;1.1 Defining Security and Privacy;14
2.2;1.2 The Importance of Standards;16
2.3;1.3 Technological Issues ;19
2.4;1.4 Organization and the Human Factor;20
2.5;1.5 Legal Frameworks;21
2.6;1.6 Before Proceeding Further;22
3;2 Organization, Security and Privacy;25
3.1;2.1 Recent History of the Field;25
3.2;2.2 Frameworks Level;27
3.2.1;2.2.1 Assets ;29
3.2.2;2.2.2 Threats;29
3.2.3;2.2.3 Vulnerabilities ;30
3.2.4;2.2.4 Risks and Impacts;30
3.2.5;2.2.5 Safeguards and Residual Risk;30
3.2.6;2.2.6 The Concept of Security Management Processes;31
3.3;2.3 Techniques for ISs Security Management ;31
3.3.1;2.3.1 Security Objectives and Strategies;32
3.3.2;2.3.2 Security Related Organizational Issues;33
3.3.3;2.3.3 Risk Analysis;33
3.3.4;2.3.4 Safeguards Selection, Security Policy Definition and its Realization;38
3.3.5;2.3.5 Supervision and Incident Handling ;39
3.4;2.4 Particular Implementations Level;39
3.4.1;2.4.1 General Hints for Selection of Safeguards;40
3.4.2;2.4.2 Organizational Safeguards;41
3.4.3;2.4.3 Personnel Security;41
3.4.4;2.4.4 Physical and Environmental Security ;42
3.4.5;2.4.5 Access Control, Communications and Operations Security;43
3.4.6;2.4.6 ISs Development, Maintenance, and Monitoring;45
3.4.7;2.4.7 Incident Handling;48
3.4.8;2.4.8 Business Continuity Planning;48
3.4.9;2.4.9 Compliance and Auditing ;49
3.4.10;2.4.10 Security Awareness;50
3.5;2.5 Standardized Safeguard Templates;51
3.5.1;2.5.1 Organizational Safeguard Templates;51
3.5.2;2.5.2 Technology Compliance Safeguards;51
4;3 Security Technology: Concepts and Models;54
4.1;3.1 Security Mechanisms;55
4.1.1;3.1.1 Pseudorandom Number Generators;55
4.1.2;3.1.2 One-way Hash Functions;56
4.1.3;3.1.3 Symmetric Algorithms;58
4.1.4;3.1.4 Asymmetric Algorithms;62
4.1.5;3.1.5 Steganography and Watermarking;65
4.2;3.2 Cryptographic Protocols ;67
4.2.1;3.2.1 A Brief Overview of Computer Communications;68
4.2.2;3.2.2 Security Services;70
4.2.3;3.2.3 Models of Security Services;70
4.2.4;3.2.4 The Relationships Between Security Services;75
4.3;3.3 Key Management;77
4.3.1;3.3.1 Key Generation;77
4.3.2;3.3.2 Key Distribution;77
4.3.3;3.3.3 Complementary Key Management Activities;79
4.4;3.4 Security Infrastructure;80
4.4.1;3.4.1 Public Key Infrastructure ;80
4.4.2;3.4.2 Authentication and Authorization Infrastructure;86
4.4.3;3.4.3 Network Layer Security - IPSec;89
4.4.4;3.4.4 Secure Sockets Layer and Transport Layer Security ;102
4.4.5;3.4.5 Secure/Multipurpose Internet Mail Extensions;106
4.4.6;3.4.6 One-time Password Systems;111
4.4.7;3.4.7 Firewalls;112
4.4.8;3.4.8 Intrusion Detection Systems;116
4.4.9;3.4.9 Extensible Markup Language Security ;118
4.4.10;3.4.10 Smart cards ;126
4.4.11;3.4.11 Biometrics Based Technology;128
4.5;3.5 Security Services as the Basis for e-Business Processes;131
4.6;3.5.1 Electronic Payment Systems;131
4.7;3.5.2 Web Services ;133
4.8;3.6 Privacy Enabling Technologies;142
4.9;3.7 A Different Paradigm - Wireless Networking;144
5;4 Legal Aspects of ISs Security and Privacy;147
5.1;4.1 Cryptography in General;147
5.2;4.2 Digital Signatures;150
5.3;4.3 Privacy Issues;151
5.3.1;4.3.1 Privacy and Electronic Communications;153
5.3.2;4.3.2 Workplace Privacy ;154
5.3.3;4.3.3 Spamming;155
5.3.4;4.3.4 Electronic Tracking Technologies;156
5.4;4.3.5 Identity Theft;156
5.5;4.4 ISs and Software Liability;156
5.6;4.5 Intellectual Property Rights ;158
5.7;4.6 Computer Forensics;159
6;5 Where Are We Headed?;161
7;6 Appendix;164
7.1;6.1 Brief Mathematical Preliminaries;165
7.1.1;6.1.1 Information Theory;165
7.1.2;6.1.2 Complexity Theory;170
7.1.3;6.1.3 Abstract Algebra;171
7.1.4;6.1.4 Number Theory;172
7.1.5;6.1.5 Computing Inverses and Exponentiation in Zn;176
7.1.6;6.1.6 Computational Complexities in Zn;177
7.2;6.2 Cryptographic Primitives;178
7.2.1;6.2.1 One-way Hash Functions;178
7.2.2;6.2.2 Pseudorandom Number Generators;183
7.2.3;6.2.3 Triple DES;184
7.2.4;6.2.4 RSA Algorithm;192
7.2.5;6.2.5 Diffie-Hellman Key Agreement;193
7.3;6.3 Formal Methods;194
7.3.1;6.3.1 Overview of Formal Methods ;194
7.3.2;6.3.2 Introduction to Logic BAN;195
7.3.3;6.3.3 Language Z Overview;202
7.3.4;6.3.4 Emerging Formal Methods ;207
7.4;6.4 Socio-Technical Systems Modeling and Simulation;207
7.4.1;6.4.1 Business Dynamics;208
7.4.2;6.4.2 Agent Technologies;214
8;7 Further Reading;218
9;8 Listing of the Simulation Model ;220
10;References.;222
