Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Get Free Quotes Post Your Requirements

Information security and it risk management agrawal pdf

19/12/2020 Client: saad24vbs Deadline: 7 Days

Information Security and IT Risk Management Manish Agrawal, Ph.D. Associate Professor Information Systems and Decision Sciences University of South Florida


Alex Campoe, CISSP Director, Information Security University of South Florida


Eric Pierce Associate Director, Information Security University of South Florida


Vice President and Executive Publisher Don Fowley Executive Editor Beth Lang Golub Editorial Assistant Jayne Ziemba Photo Editor Ericka Millbrand Associate Production Manager Joyce Poh Cover Designer Kenji Ngieng


This book was set by MPS Limited.


Founded in 1807, John Wiley & Sons, Inc. has been a valued source of knowledge and understanding for more than 200 years, helping people around the world meet their needs and fulfi ll their aspirations. Our company is built on a foundation of principles that include responsibility to the communities we serve and where we live and work. In 2008, we launched a Corporate Citizenship Initiative, a global effort to address the environmental, social, economic, and ethical challenges we face in our business. Among the issues we are addressing are carbon impact, paper specifi cations and procurement, ethical conduct within our business and among our vendors, and community and charitable support. For more information, please visit our website: www.wiley.com/go/citizenship.


Copyright © 2014 John Wiley & Sons, Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc. 222 Rosewood Drive, Danvers, MA 01923, website www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, (201)748-6011, fax (201)748-6008, website http://www.wiley.com/go/permissions.


Evaluation copies are provided to qualifi ed academics and professionals for review purposes only, for use in their courses during the next academic year. These copies are licensed and may not be sold or transferred to a third party. Upon completion of the review period, please return the evaluation copy to Wiley. Return instructions and a free of charge return mailing label are available at www.wiley.com/ go/returnlabel. If you have chosen to adopt this textbook for use in your course, please accept this book as your complimentary desk copy. Outside of the United States, please contact your local sales representative.


ISBN 978-1-118-33589-5 (paperback)


Printed in the United States of America 10 9 8 7 6 5 4 3 2 1


http://www.wiley.com/go/citizenship

http://www.copyright.com

http://www.wiley.com/go/permissions

http://www.wiley.com/go/returnlabel

http://www.wiley.com/go/returnlabel

iii


Table of Contents


List of Figures xi Preface xvii


Chapter 1 — Introduction 1


Overview ................................................................................................................ 1


Professional utility of information security knowledge ......................................... 1


Brief history ............................................................................................................ 5


Defi nition of information security ........................................................................ 11


Summary .............................................................................................................. 14


Example case – Wikileaks, Cablegate, and free reign over classifi ed networks ........................................................................................... 14


Chapter review questions...................................................................................... 15


Example case questions ........................................................................................ 16


Hands-on activity – Software Inspector, Steganography...................................... 16


Critical thinking exercise: identifying CIA area(s) affected by sample real-life hacking incidents.................................................................... 21


Design case ........................................................................................................... 21


Chapter 2 — System Administration (Part 1) 26


Overview .............................................................................................................. 26


Introduction .......................................................................................................... 26


What is system administration? ............................................................................ 27


System administration and information security .................................................. 28


Common system administration tasks .................................................................. 29


System administration utilities ............................................................................. 33


Summary .............................................................................................................. 37


Example case – T. J. Maxx ................................................................................... 37


Chapter review questions...................................................................................... 39


iv Table of Contents


Example case questions ........................................................................................ 40


Hands-on Activity – Linux system installation .................................................... 40


Critical thinking exercise – Google executives sentenced to prison over video ............................................................................................. 48


Design case ........................................................................................................... 49


Chapter 3 — System Administration (Part 2) 51


Overview .............................................................................................................. 51


Operating system structure ................................................................................... 51


The command-line interface ................................................................................. 53


Files and directories .............................................................................................. 53


Moving around the fi lesystem – pwd, cd ............................................................. 54


Listing fi les and directories .................................................................................. 55


Shell expansions ................................................................................................... 56


File management .................................................................................................. 57


Viewing fi les ......................................................................................................... 59


Searching for fi les ................................................................................................. 60


Access control and user management .................................................................. 61


Access control lists ............................................................................................... 64


File ownership ...................................................................................................... 65


Editing fi les ........................................................................................................... 66


Software installation and updates ......................................................................... 67


Account management ........................................................................................... 72


Command-line user administration ...................................................................... 75


Example case – Northwest Florida State College ................................................ 77


Summary .............................................................................................................. 78


Chapter review questions...................................................................................... 78


Example case questions ........................................................................................ 79


Hands-on activity – basic Linux system administration ....................................... 79


Critical thinking exercise – offensive cyber effects operations (OCEO) .......................................................................................... 80


Design Case .......................................................................................................... 80


Table of Contents v


Chapter 4 — The Basic Information Security Model 82


Overview .............................................................................................................. 82


Introduction .......................................................................................................... 82


Components of the basic information security model .......................................... 82


Common vulnerabilities, threats, and controls ..................................................... 90


Example case – ILOVEYOU virus ....................................................................... 99


Summary ............................................................................................................ 100


Chapter review questions.................................................................................... 100


Example case questions ...................................................................................... 101


Hands-on activity – web server security ............................................................ 101


Critical thinking exercise – the internet, “American values,” and security ........ 102


Design case ......................................................................................................... 103


Chapter 5 — Asset Identifi cation and Characterization 104


Overview ............................................................................................................ 104


Assets overview .................................................................................................. 104


Determining assets that are important to the organization ................................. 105


Asset types .......................................................................................................... 109


Asset characterization ......................................................................................... 114


IT asset life cycle and asset identifi cation .......................................................... 119


System profi ling ................................................................................................. 124


Asset ownership and operational responsibilities ............................................... 127


Example case – Stuxnet ...................................................................................... 130


Summary ............................................................................................................ 130


Chapter review questions.................................................................................... 131


Example case questions ...................................................................................... 131


Hands-on activity – course asset identifi cation .................................................. 132


Critical thinking exercise – uses of a hacked PC ............................................... 132


Design case ......................................................................................................... 133


Chapter 6 — Threats and Vulnerabilities 135


Overview ............................................................................................................ 135


Introduction ........................................................................................................ 135


vi Table of Contents


Threat models ..................................................................................................... 136


Threat agent ........................................................................................................ 137


Threat action ....................................................................................................... 149


Vulnerabilities..................................................................................................... 162


Example case – Gozi .......................................................................................... 167


Summary ............................................................................................................ 168


Chapter review questions.................................................................................... 168


Example case questions ...................................................................................... 168


Hands-on activity – Vulnerability scanning ....................................................... 169


Critical thinking exercise – Iraq cyberwar plans in 2003 ................................... 174


Design case ......................................................................................................... 174


Chapter 7 — Encryption Controls 176


Overview ............................................................................................................ 176


Introduction ........................................................................................................ 176


Encryption basics ............................................................................................... 177


Encryption types overview ................................................................................. 181


Encryption types details ..................................................................................... 187


Encryption in use ................................................................................................ 194


Example case – Nation technologies .................................................................. 197


Summary ............................................................................................................ 198


Chapter review questions.................................................................................... 198


Example case questions ...................................................................................... 199


Hands-on activity – encryption .......................................................................... 199


Critical thinking exercise – encryption keys embed business models ............................................................................................. 205


Design case ......................................................................................................... 206


Chapter 8 — Identity and Access Management 207


Overview ............................................................................................................ 207


Identity management .......................................................................................... 207


Access management ........................................................................................... 212


Authentication .................................................................................................... 213


Table of Contents vii


Single sign-on ..................................................................................................... 221


Federation ........................................................................................................... 228


Example case – Markus Hess ............................................................................. 237


Summary ............................................................................................................ 239


Chapter review questions.................................................................................... 239


Example case questions ...................................................................................... 240


Hands-on activity – identity match and merge ................................................... 240


Critical thinking exercise – feudalism the security solution for the internet? ............................................................................................. 244


Design case ......................................................................................................... 245


Chapter 9 — Hardware and Software Controls 247


Overview ............................................................................................................ 247


Password management ....................................................................................... 247


Access control .................................................................................................... 251


Firewalls ............................................................................................................. 252


Intrusion detection/prevention systems .............................................................. 256


Patch management for operating systems and applications ............................... 261


End-point protection ........................................................................................... 264


Example case – AirTight networks ..................................................................... 266


Chapter review questions.................................................................................... 270


Example case questions ...................................................................................... 270


Hands-on activity – host-based IDS (OSSEC) ................................................... 271


Critical thinking exercise – extra-human security controls ................................ 275


Design case ......................................................................................................... 275


Chapter 10 — Shell Scripting 277


Overview ............................................................................................................ 277


Introduction ........................................................................................................ 277


Output redirection ............................................................................................... 279


Text manipulation ............................................................................................... 280


Variables ............................................................................................................. 283


Conditionals ........................................................................................................ 287


viii Table of Contents


User input ........................................................................................................... 290


Loops .................................................................................................................. 292


Putting it all together .......................................................................................... 299


Example case – Max Butler ................................................................................ 301


Summary ............................................................................................................ 302


Chapter review questions.................................................................................... 303


Example case questions ...................................................................................... 303


Hands-on activity – basic scripting .................................................................... 303


Critical thinking exercise – script security ......................................................... 304


Design case ......................................................................................................... 305


Chapter 11 — Incident Handling 306


Introduction ........................................................................................................ 306


Incidents overview .............................................................................................. 306


Incident handling ................................................................................................ 307


The disaster ......................................................................................................... 327


Example case – on-campus piracy ..................................................................... 328


Summary ............................................................................................................ 330


Chapter review questions.................................................................................... 330


Example case questions ...................................................................................... 331


Hands-on activity – incident timeline using OSSEC ......................................... 331


Critical thinking exercise – destruction at the EDA ........................................... 331


Design case ......................................................................................................... 332


Chapter 12 — Incident Analysis 333


Introduction ........................................................................................................ 333


Log analysis ........................................................................................................ 333


Event criticality .................................................................................................. 337


General log confi guration and maintenance ....................................................... 345


Live incident response ........................................................................................ 347


Timelines ............................................................................................................ 350


Other forensics topics ......................................................................................... 352


Example case – backup server compromise ....................................................... 353


Table of Contents ix


Chapter review questions.................................................................................... 355


Example case questions ...................................................................................... 356


Hands-on activity – server log analysis .............................................................. 356


Critical thinking exercise – destruction at the EDA ........................................... 358


Design case ......................................................................................................... 358


Chapter 13 — Policies, Standards, and Guidelines 360


Introduction ........................................................................................................ 360


Guiding principles .............................................................................................. 360


Writing a policy .................................................................................................. 367


Impact assessment and vetting ........................................................................... 371


Policy review ...................................................................................................... 373


Compliance ......................................................................................................... 374


Key policy issues ................................................................................................ 377


Example case – HB Gary ................................................................................... 378


Summary ............................................................................................................ 379


Reference ............................................................................................................ 379


Chapter review questions.................................................................................... 379


Example case questions ...................................................................................... 380


Hands-on activity – create an AUP ..................................................................... 380


Critical thinking exercise – Aaron Swartz .......................................................... 380


Design case ......................................................................................................... 381


Chapter 14 — IT Risk Analysis and Risk Management 382


Overview ............................................................................................................ 382


Introduction ........................................................................................................ 382


Risk management as a component of organizational management .................................................................................................. 383


Risk-management framework ............................................................................ 384


The NIST 800-39 framework ............................................................................. 385


Risk assessment .................................................................................................. 387


Other risk-management frameworks .................................................................. 389


IT general controls for Sarbanes–Oxley compliance ......................................... 391


x Table of Contents


Compliance versus risk management ................................................................. 398


Selling security ................................................................................................... 399


Example case – online marketplace purchases ................................................... 399


Summary ............................................................................................................ 400


Chapter review questions.................................................................................... 400


Hands-on activity – risk assessment using lsof ................................................. 401


Critical thinking exercise – risk estimation biases ............................................. 403


Design case ......................................................................................................... 403


Appendix A — Password List for the Linux Virtual Machine 404 Glossary 405 Index 413


xi


List of Figures


Figure 1.1: Classifi cation of information security analysts 2


Figure 1.2: Time-consuming activities for information security professionals 4


Figure 1.3: Training needs identifi ed by information security professionals 4


Figure 1.4: ILOVEYOU virus 7


Figure 1.5: T.J. Maxx 8


Figure 1.6: Defaced Georgian foreign ministry website 9


Figure 1.7: Google-China offi ces 10


Figure 1.8: Online Software Inspector 17


Figure 1.9: PC audit report 18


Figure 1.10: Contents of Downloads folder for Steganography exercise 19


Figure 1.11: Commands to hide text fi les at the end of image fi les 19


Figure 1.12: Manipulated images among original images 20


Figure 1.13: Opening image fi les in Notepad 20


Figure 1.14: Secret message hidden at the end of the image fi le 21


Figure 1.15: Sunshine State University funding sources 23


Figure 1.16: Extract from the organization structure of Sunshine State University 24


Figure 2.1: Paul Ceglia 32


Figure 2.2: Windows desktop usage—April 2013 33


Figure 2.3: System Center Operation Manager 34


Figure 2.4: Unix family tree 36


Figure 2.5: Albert Gonzalez, at the time of his indictment in August 2009 38


Figure 2.6: T J Maxx sales (2005–2010) 39


Figure 2.7: Virtual machine structure 41


Figure 2.8: VirtualBox download page 41


Figure 2.9: VirtualBox installer welcome screen 42


Figure 2.10: Default install Location 42


Figure 2.11: VirtualBox install confi rmation 43


Figure 2.12: VirtualBox manager 43


Figure 2.13: Default setting for OS import 44


Figure 2.14: Virtual machine in Virtual machine manager 45


Figure 2.15: CPU error 45


xii List of Figures


Figure 2.16: Enabling PAE 46


Figure 2.17: Attach the VM to NAT 46


Figure 2.18: CentOS VM login screen 47


Figure 2.19: CentOS Linux desktop 47


Figure 2.20: Sunshine State University email infrastructure 50


Figure 3.1: Operating system structure 51


Figure 3.2: Reaching the command prompt window 53


Figure 3.3: Unix fi le hierarchy 54


Figure 3.4: vimtutor interface 67


Figure 3.5: Reaching users and groups manager 73


Figure 3.6: Adding users 74


Figure 3.7: Group manager 74


Figure 4.1: The basic information security model 83


Figure 4.2: Example CVE listing at the time of reporting 85


Figure 4.3: NVD entry for the CVE listing 86


Figure 4.4: ATLAS web interface 88


Figure 4.5: Phishing example 95


Figure 4.6: …



Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!
Answer.docx Turnitin Report.pdf Contact Writer For Solution Contact Writer For Solution

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed
Order Now

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed
Order Now

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed
Order Now

6 writers have sent their proposals to do this homework:

University Coursework Help
Helping Hand
Top Essay Tutor
Best Coursework Help
Homework Guru
Innovative Writer
Writer Writer Name Offer Chat
University Coursework Help

ONLINE

University Coursework Help

Hi dear, I am ready to do your homework in a reasonable price.

 $142 Chat With Writer
Helping Hand

ONLINE

Helping Hand

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

 $140 Chat With Writer
Top Essay Tutor

ONLINE

Top Essay Tutor

I have more than 12 years of experience in managing online classes, exams, and quizzes on different websites like; Connect, McGraw-Hill, and Blackboard. I always provide a guarantee to my clients for their grades.

 $145 Chat With Writer
Best Coursework Help

ONLINE

Best Coursework Help

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

 $140 Chat With Writer
Homework Guru

ONLINE

Homework Guru

Hi dear, I am ready to do your homework in a reasonable price and in a timely manner.

 $142 Chat With Writer
Innovative Writer

ONLINE

Innovative Writer

I have read and understood all your initial requirements, and I am very professional in this task, I would be the best choice for this project, I am a PhD writer with 6-7 years of experience and can deliver quality notes to tight deadlines. I can generally compile up to 10 pages of lecture notes per day. I am known as Unrivaled Quality, Written to Standard, providing Plagiarism-free woork, and Always on Time

 $135 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Post your homework

Similar Homework Questions

Graham's law worksheet with answers - What does macbeth reveal in his soliloquy - Case study interactive session management meet the new mobile workers - 24 hour postural management guidelines - The global economy hsc questions - North bromsgrove high school - Turtles at mon repos - Beowulf battle with grendel - Legislative worksheet sbar format how a bill becomes a law - Wilkins a zurn company demand forecasting case solution - Swerve ball argos - Lukewarm church of laodicea - How are tv shows written in an essay - Basic beryllium acetate structure - Disney’s Market Structures - How to read weld symbols - How to write an introduction to a discursive essay - Lbm/ft s to kg/ms - Murdoch deferred exam timetable - Tls1 gd2 wiring diagram - Org_behavior - Reflection, Discussion and Assignment - Ezra pound's rules of imagism - Ace inhibitors and nsaids the triple whammy - Work hard get smart no excuses worksheet answers - Sir lancelot rides slowly out of the castle - The opposite of 0 - Diva bingo memberships page - How does starbucks measure performance - Hyperion essbase admin guide - Discussion - Board certified chaplain competencies - Abercrombie and fitch wiki - Micro Economics - Emi sues 30 seconds to mars - 23/3 as a mixed number - 350 words - Armed crime squad victoria police - Environmental Science lab report - Identifying Relationships Between Variables assignment - Menschen a2 kursbuch answers - The force acting on the particle at point a is __________. - Moving average forecasting techniques do the following - Zipcar case study pdf - Sydney water sewerage diagram - Eye clinic cheltenham hospital - 1 pines lane elanora - Editing symbols for writing - Assignment on management functions - Project management multiple choice questions and answers - Is rest a rsa - How many skittles are in a 2.17 oz bag - Key events in pride and prejudice - Romeo and juliet plot line - Atomic spectra post lab answers - How to protect your company from being salted by union - How many syllables in snail - You shall know them vercors - Enron the smartest guys in the room ethical issues - Which of the following statements regarding standard test marketing is correct? - Total no of vedas - Confucius lives next door cliff notes - Antigone tragic flaw quotes - Project overview statement example - The taming of the shrew questions and answers - Seeing eye dog australia - School models issue number 4 - Kids savings account suncorp - Cybercrime such as Computer - LeaderAsChangeAgent_Assessment5 - RESEARCH PAPER - Organizational behaviour and analysis an integrated approach pdf - Victoria park infant school - How does place value help me divide - Starbucks password reset unsuccessful - Hal r varian intermediate microeconomics workbook pdf - Toms case study business strategy - Schematic dali lighting control wiring diagram - What are the aacn essentials - I am david book - 185 bonney ave clayfield - Similarities between maslow and erg theory - Italian musical term for slowly - White supremacy, Racism and Racial Formations - Stage 3 pdhpe units of work - Managerial economics froeb pdf - Netflix company mission statement - What sentence clarifies the focus of a paragraph - Evaluate the following numerical expressions - What factors might lead a person to select gender atypical activities and life roles? - 80 96 in simplest form - Electrical drawing symbols for buildings - Peter johnson 8000 police scanner - Sacrifice of isaac sculpture - King george iii vs george washington - Aprilaire humidifier installation manual - Toms shoes annual report 2015 - E-COMMERCE - What effect does the contrasedative have on mildred - Miss professor - Journal 2