Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Get Free Quotes Post Your Requirements

Information security and it risk management agrawal pdf

19/12/2020 Client: saad24vbs Deadline: 7 Days

Information Security and IT Risk Management Manish Agrawal, Ph.D. Associate Professor Information Systems and Decision Sciences University of South Florida


Alex Campoe, CISSP Director, Information Security University of South Florida


Eric Pierce Associate Director, Information Security University of South Florida


Vice President and Executive Publisher Don Fowley Executive Editor Beth Lang Golub Editorial Assistant Jayne Ziemba Photo Editor Ericka Millbrand Associate Production Manager Joyce Poh Cover Designer Kenji Ngieng


This book was set by MPS Limited.


Founded in 1807, John Wiley & Sons, Inc. has been a valued source of knowledge and understanding for more than 200 years, helping people around the world meet their needs and fulfi ll their aspirations. Our company is built on a foundation of principles that include responsibility to the communities we serve and where we live and work. In 2008, we launched a Corporate Citizenship Initiative, a global effort to address the environmental, social, economic, and ethical challenges we face in our business. Among the issues we are addressing are carbon impact, paper specifi cations and procurement, ethical conduct within our business and among our vendors, and community and charitable support. For more information, please visit our website: www.wiley.com/go/citizenship.


Copyright © 2014 John Wiley & Sons, Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc. 222 Rosewood Drive, Danvers, MA 01923, website www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, (201)748-6011, fax (201)748-6008, website http://www.wiley.com/go/permissions.


Evaluation copies are provided to qualifi ed academics and professionals for review purposes only, for use in their courses during the next academic year. These copies are licensed and may not be sold or transferred to a third party. Upon completion of the review period, please return the evaluation copy to Wiley. Return instructions and a free of charge return mailing label are available at www.wiley.com/ go/returnlabel. If you have chosen to adopt this textbook for use in your course, please accept this book as your complimentary desk copy. Outside of the United States, please contact your local sales representative.


ISBN 978-1-118-33589-5 (paperback)


Printed in the United States of America 10 9 8 7 6 5 4 3 2 1


http://www.wiley.com/go/citizenship

http://www.copyright.com

http://www.wiley.com/go/permissions

http://www.wiley.com/go/returnlabel

http://www.wiley.com/go/returnlabel

iii


Table of Contents


List of Figures xi Preface xvii


Chapter 1 — Introduction 1


Overview ................................................................................................................ 1


Professional utility of information security knowledge ......................................... 1


Brief history ............................................................................................................ 5


Defi nition of information security ........................................................................ 11


Summary .............................................................................................................. 14


Example case – Wikileaks, Cablegate, and free reign over classifi ed networks ........................................................................................... 14


Chapter review questions...................................................................................... 15


Example case questions ........................................................................................ 16


Hands-on activity – Software Inspector, Steganography...................................... 16


Critical thinking exercise: identifying CIA area(s) affected by sample real-life hacking incidents.................................................................... 21


Design case ........................................................................................................... 21


Chapter 2 — System Administration (Part 1) 26


Overview .............................................................................................................. 26


Introduction .......................................................................................................... 26


What is system administration? ............................................................................ 27


System administration and information security .................................................. 28


Common system administration tasks .................................................................. 29


System administration utilities ............................................................................. 33


Summary .............................................................................................................. 37


Example case – T. J. Maxx ................................................................................... 37


Chapter review questions...................................................................................... 39


iv Table of Contents


Example case questions ........................................................................................ 40


Hands-on Activity – Linux system installation .................................................... 40


Critical thinking exercise – Google executives sentenced to prison over video ............................................................................................. 48


Design case ........................................................................................................... 49


Chapter 3 — System Administration (Part 2) 51


Overview .............................................................................................................. 51


Operating system structure ................................................................................... 51


The command-line interface ................................................................................. 53


Files and directories .............................................................................................. 53


Moving around the fi lesystem – pwd, cd ............................................................. 54


Listing fi les and directories .................................................................................. 55


Shell expansions ................................................................................................... 56


File management .................................................................................................. 57


Viewing fi les ......................................................................................................... 59


Searching for fi les ................................................................................................. 60


Access control and user management .................................................................. 61


Access control lists ............................................................................................... 64


File ownership ...................................................................................................... 65


Editing fi les ........................................................................................................... 66


Software installation and updates ......................................................................... 67


Account management ........................................................................................... 72


Command-line user administration ...................................................................... 75


Example case – Northwest Florida State College ................................................ 77


Summary .............................................................................................................. 78


Chapter review questions...................................................................................... 78


Example case questions ........................................................................................ 79


Hands-on activity – basic Linux system administration ....................................... 79


Critical thinking exercise – offensive cyber effects operations (OCEO) .......................................................................................... 80


Design Case .......................................................................................................... 80


Table of Contents v


Chapter 4 — The Basic Information Security Model 82


Overview .............................................................................................................. 82


Introduction .......................................................................................................... 82


Components of the basic information security model .......................................... 82


Common vulnerabilities, threats, and controls ..................................................... 90


Example case – ILOVEYOU virus ....................................................................... 99


Summary ............................................................................................................ 100


Chapter review questions.................................................................................... 100


Example case questions ...................................................................................... 101


Hands-on activity – web server security ............................................................ 101


Critical thinking exercise – the internet, “American values,” and security ........ 102


Design case ......................................................................................................... 103


Chapter 5 — Asset Identifi cation and Characterization 104


Overview ............................................................................................................ 104


Assets overview .................................................................................................. 104


Determining assets that are important to the organization ................................. 105


Asset types .......................................................................................................... 109


Asset characterization ......................................................................................... 114


IT asset life cycle and asset identifi cation .......................................................... 119


System profi ling ................................................................................................. 124


Asset ownership and operational responsibilities ............................................... 127


Example case – Stuxnet ...................................................................................... 130


Summary ............................................................................................................ 130


Chapter review questions.................................................................................... 131


Example case questions ...................................................................................... 131


Hands-on activity – course asset identifi cation .................................................. 132


Critical thinking exercise – uses of a hacked PC ............................................... 132


Design case ......................................................................................................... 133


Chapter 6 — Threats and Vulnerabilities 135


Overview ............................................................................................................ 135


Introduction ........................................................................................................ 135


vi Table of Contents


Threat models ..................................................................................................... 136


Threat agent ........................................................................................................ 137


Threat action ....................................................................................................... 149


Vulnerabilities..................................................................................................... 162


Example case – Gozi .......................................................................................... 167


Summary ............................................................................................................ 168


Chapter review questions.................................................................................... 168


Example case questions ...................................................................................... 168


Hands-on activity – Vulnerability scanning ....................................................... 169


Critical thinking exercise – Iraq cyberwar plans in 2003 ................................... 174


Design case ......................................................................................................... 174


Chapter 7 — Encryption Controls 176


Overview ............................................................................................................ 176


Introduction ........................................................................................................ 176


Encryption basics ............................................................................................... 177


Encryption types overview ................................................................................. 181


Encryption types details ..................................................................................... 187


Encryption in use ................................................................................................ 194


Example case – Nation technologies .................................................................. 197


Summary ............................................................................................................ 198


Chapter review questions.................................................................................... 198


Example case questions ...................................................................................... 199


Hands-on activity – encryption .......................................................................... 199


Critical thinking exercise – encryption keys embed business models ............................................................................................. 205


Design case ......................................................................................................... 206


Chapter 8 — Identity and Access Management 207


Overview ............................................................................................................ 207


Identity management .......................................................................................... 207


Access management ........................................................................................... 212


Authentication .................................................................................................... 213


Table of Contents vii


Single sign-on ..................................................................................................... 221


Federation ........................................................................................................... 228


Example case – Markus Hess ............................................................................. 237


Summary ............................................................................................................ 239


Chapter review questions.................................................................................... 239


Example case questions ...................................................................................... 240


Hands-on activity – identity match and merge ................................................... 240


Critical thinking exercise – feudalism the security solution for the internet? ............................................................................................. 244


Design case ......................................................................................................... 245


Chapter 9 — Hardware and Software Controls 247


Overview ............................................................................................................ 247


Password management ....................................................................................... 247


Access control .................................................................................................... 251


Firewalls ............................................................................................................. 252


Intrusion detection/prevention systems .............................................................. 256


Patch management for operating systems and applications ............................... 261


End-point protection ........................................................................................... 264


Example case – AirTight networks ..................................................................... 266


Chapter review questions.................................................................................... 270


Example case questions ...................................................................................... 270


Hands-on activity – host-based IDS (OSSEC) ................................................... 271


Critical thinking exercise – extra-human security controls ................................ 275


Design case ......................................................................................................... 275


Chapter 10 — Shell Scripting 277


Overview ............................................................................................................ 277


Introduction ........................................................................................................ 277


Output redirection ............................................................................................... 279


Text manipulation ............................................................................................... 280


Variables ............................................................................................................. 283


Conditionals ........................................................................................................ 287


viii Table of Contents


User input ........................................................................................................... 290


Loops .................................................................................................................. 292


Putting it all together .......................................................................................... 299


Example case – Max Butler ................................................................................ 301


Summary ............................................................................................................ 302


Chapter review questions.................................................................................... 303


Example case questions ...................................................................................... 303


Hands-on activity – basic scripting .................................................................... 303


Critical thinking exercise – script security ......................................................... 304


Design case ......................................................................................................... 305


Chapter 11 — Incident Handling 306


Introduction ........................................................................................................ 306


Incidents overview .............................................................................................. 306


Incident handling ................................................................................................ 307


The disaster ......................................................................................................... 327


Example case – on-campus piracy ..................................................................... 328


Summary ............................................................................................................ 330


Chapter review questions.................................................................................... 330


Example case questions ...................................................................................... 331


Hands-on activity – incident timeline using OSSEC ......................................... 331


Critical thinking exercise – destruction at the EDA ........................................... 331


Design case ......................................................................................................... 332


Chapter 12 — Incident Analysis 333


Introduction ........................................................................................................ 333


Log analysis ........................................................................................................ 333


Event criticality .................................................................................................. 337


General log confi guration and maintenance ....................................................... 345


Live incident response ........................................................................................ 347


Timelines ............................................................................................................ 350


Other forensics topics ......................................................................................... 352


Example case – backup server compromise ....................................................... 353


Table of Contents ix


Chapter review questions.................................................................................... 355


Example case questions ...................................................................................... 356


Hands-on activity – server log analysis .............................................................. 356


Critical thinking exercise – destruction at the EDA ........................................... 358


Design case ......................................................................................................... 358


Chapter 13 — Policies, Standards, and Guidelines 360


Introduction ........................................................................................................ 360


Guiding principles .............................................................................................. 360


Writing a policy .................................................................................................. 367


Impact assessment and vetting ........................................................................... 371


Policy review ...................................................................................................... 373


Compliance ......................................................................................................... 374


Key policy issues ................................................................................................ 377


Example case – HB Gary ................................................................................... 378


Summary ............................................................................................................ 379


Reference ............................................................................................................ 379


Chapter review questions.................................................................................... 379


Example case questions ...................................................................................... 380


Hands-on activity – create an AUP ..................................................................... 380


Critical thinking exercise – Aaron Swartz .......................................................... 380


Design case ......................................................................................................... 381


Chapter 14 — IT Risk Analysis and Risk Management 382


Overview ............................................................................................................ 382


Introduction ........................................................................................................ 382


Risk management as a component of organizational management .................................................................................................. 383


Risk-management framework ............................................................................ 384


The NIST 800-39 framework ............................................................................. 385


Risk assessment .................................................................................................. 387


Other risk-management frameworks .................................................................. 389


IT general controls for Sarbanes–Oxley compliance ......................................... 391


x Table of Contents


Compliance versus risk management ................................................................. 398


Selling security ................................................................................................... 399


Example case – online marketplace purchases ................................................... 399


Summary ............................................................................................................ 400


Chapter review questions.................................................................................... 400


Hands-on activity – risk assessment using lsof ................................................. 401


Critical thinking exercise – risk estimation biases ............................................. 403


Design case ......................................................................................................... 403


Appendix A — Password List for the Linux Virtual Machine 404 Glossary 405 Index 413


xi


List of Figures


Figure 1.1: Classifi cation of information security analysts 2


Figure 1.2: Time-consuming activities for information security professionals 4


Figure 1.3: Training needs identifi ed by information security professionals 4


Figure 1.4: ILOVEYOU virus 7


Figure 1.5: T.J. Maxx 8


Figure 1.6: Defaced Georgian foreign ministry website 9


Figure 1.7: Google-China offi ces 10


Figure 1.8: Online Software Inspector 17


Figure 1.9: PC audit report 18


Figure 1.10: Contents of Downloads folder for Steganography exercise 19


Figure 1.11: Commands to hide text fi les at the end of image fi les 19


Figure 1.12: Manipulated images among original images 20


Figure 1.13: Opening image fi les in Notepad 20


Figure 1.14: Secret message hidden at the end of the image fi le 21


Figure 1.15: Sunshine State University funding sources 23


Figure 1.16: Extract from the organization structure of Sunshine State University 24


Figure 2.1: Paul Ceglia 32


Figure 2.2: Windows desktop usage—April 2013 33


Figure 2.3: System Center Operation Manager 34


Figure 2.4: Unix family tree 36


Figure 2.5: Albert Gonzalez, at the time of his indictment in August 2009 38


Figure 2.6: T J Maxx sales (2005–2010) 39


Figure 2.7: Virtual machine structure 41


Figure 2.8: VirtualBox download page 41


Figure 2.9: VirtualBox installer welcome screen 42


Figure 2.10: Default install Location 42


Figure 2.11: VirtualBox install confi rmation 43


Figure 2.12: VirtualBox manager 43


Figure 2.13: Default setting for OS import 44


Figure 2.14: Virtual machine in Virtual machine manager 45


Figure 2.15: CPU error 45


xii List of Figures


Figure 2.16: Enabling PAE 46


Figure 2.17: Attach the VM to NAT 46


Figure 2.18: CentOS VM login screen 47


Figure 2.19: CentOS Linux desktop 47


Figure 2.20: Sunshine State University email infrastructure 50


Figure 3.1: Operating system structure 51


Figure 3.2: Reaching the command prompt window 53


Figure 3.3: Unix fi le hierarchy 54


Figure 3.4: vimtutor interface 67


Figure 3.5: Reaching users and groups manager 73


Figure 3.6: Adding users 74


Figure 3.7: Group manager 74


Figure 4.1: The basic information security model 83


Figure 4.2: Example CVE listing at the time of reporting 85


Figure 4.3: NVD entry for the CVE listing 86


Figure 4.4: ATLAS web interface 88


Figure 4.5: Phishing example 95


Figure 4.6: …



Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!
Answer.docx Turnitin Report.pdf Contact Writer For Solution Contact Writer For Solution

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed
Order Now

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed
Order Now

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed
Order Now

6 writers have sent their proposals to do this homework:

University Coursework Help
Helping Hand
Top Essay Tutor
Best Coursework Help
Homework Guru
Innovative Writer
Writer Writer Name Offer Chat
University Coursework Help

ONLINE

University Coursework Help

Hi dear, I am ready to do your homework in a reasonable price.

 $142 Chat With Writer
Helping Hand

ONLINE

Helping Hand

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

 $140 Chat With Writer
Top Essay Tutor

ONLINE

Top Essay Tutor

I have more than 12 years of experience in managing online classes, exams, and quizzes on different websites like; Connect, McGraw-Hill, and Blackboard. I always provide a guarantee to my clients for their grades.

 $145 Chat With Writer
Best Coursework Help

ONLINE

Best Coursework Help

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

 $140 Chat With Writer
Homework Guru

ONLINE

Homework Guru

Hi dear, I am ready to do your homework in a reasonable price and in a timely manner.

 $142 Chat With Writer
Innovative Writer

ONLINE

Innovative Writer

I have read and understood all your initial requirements, and I am very professional in this task, I would be the best choice for this project, I am a PhD writer with 6-7 years of experience and can deliver quality notes to tight deadlines. I can generally compile up to 10 pages of lecture notes per day. I am known as Unrivaled Quality, Written to Standard, providing Plagiarism-free woork, and Always on Time

 $135 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Post your homework

Similar Homework Questions

St john the baptist trowbridge - Strengths and weaknesses of dsm 5 - How to graph isocost line - Case 6 national collegiate athletic association ethics and compliance program - As 4100 latest version - Charlie and the chocolate factory chocolate castle - Answer the survey Quations .short 3 answers - Inquiry - Make an argument explaining when U.S. military intervention in other countries is appropriate - Lit final - Victoria avenue public school - Lera boroditsky how language shapes the way we think - Paper with an introductory paragraph. - The girl who loved tom gordon chapter 1 summary - Egg drop project with straws and tape only - Living things and non living things drawing - Considering Hypotheses and Research Question - Kitchen equipment word search - Soc-220 journal article review analysis - US project - Jeremy bentham is most closely related with which philosophical theory - Implicit Bias - Proactiv magazine ad - Sap professional user license definition - Supervision concepts and practices of management 13th edition pdf - What is the resolution of the maze runner - Track lighting current limiter - History Essay three pages double spaced - 3p turbo case solution - The cost of mobile billboards depends on - Grey systems theory and application - 4 beacons moreton bay - History question - How to round angles to the nearest minute - Need PPT for Mc Donalds compnay following all the below 18 points NO Plaigarism and need minimum of 25 slides excluding references and title and PPT in APA format - Engineering thermodynamics equation sheet - Complete and incomplete combustion - Not my business niyi osundare analysis - Birtinya island master plan - Spiral chart tableau - How managers can effectively plan in today's dynamic environment - Northern virginia community college registrar - Write about the Seneca falls declaration ( fall all the requirements in the pictures I have attached below - Global marketing warren j keegan pdf - ET WK1 - In defense of the death penalty pojman - Density problems with answers - Self Breast Cancer Screening and Prevention - I have read and understood template - How to make a dna model with paper - 50 pittas place willow vale - Does magnesium conduct electricity - Braj binani net worth - The big trip up yonder answers - Community Health - Kennedy half dollar facing west - Why is ambush marketing so harmful to a sports organization - Kno death is silent zip - Csi senses board game instructions - Week 1 Discussion bio2071 microbiology lab - Prelim legal studies notes - The redeemed christian church of god newcastle - Derived demand definition economics - Usyd ethics consent form - Neo-piagetian theorists attempt to: - Www heronsgate greenwich sch uk - Essay questions on quills of desire - OT- Dis 6 - How does mcdonalds create value for the consumer - Stoichiometry of a precipitation reaction labpaq answers - Intercultural Management Question - Water diviner crossword clue - A dc motor delivers mechanical power to a rotating - Bonnyrigg high school bell times - Faith ringgold god bless america 1964 - Assembling and disassembling of computer - What strategic business objectives do ups's - Deception in the testimonial process - Peer review - Http www comcare gov au careers - 281 capistrano rd half moon bay ca 94018 - NETWORK -7 - Usanovich concept of acid and base - Ballarat arms and militaria collectors society - Implementing enterprise risk management case studies and best practices pdf - DB 8 - Pip great expectations movie - Financial solutions advisor job description - Value of equity after recapitalization formula - Why nursing is a profession - IA week9 DB - Der Blick hinter die Kulissen Tipps zum Zoomen von Instagram-Profilbildern - Program Execution - Gummy bear osmosis research paper - Editing challenge 3 essentials of business communication - Project 1: Excel (Advanced Application Software) - Mcgraw hill backpack simulation how to win - Editing challenge 3 essentials of business communication - Prompt 2: Literary Service Announcement (LSA) Assignment - Donna's philosophy as she coordinates the marketing efforts