Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Information security and it risk management agrawal pdf

19/12/2020 Client: saad24vbs Deadline: 7 Days

Information Security and IT Risk Management Manish Agrawal, Ph.D. Associate Professor Information Systems and Decision Sciences University of South Florida


Alex Campoe, CISSP Director, Information Security University of South Florida


Eric Pierce Associate Director, Information Security University of South Florida


Vice President and Executive Publisher Don Fowley Executive Editor Beth Lang Golub Editorial Assistant Jayne Ziemba Photo Editor Ericka Millbrand Associate Production Manager Joyce Poh Cover Designer Kenji Ngieng


This book was set by MPS Limited.


Founded in 1807, John Wiley & Sons, Inc. has been a valued source of knowledge and understanding for more than 200 years, helping people around the world meet their needs and fulfi ll their aspirations. Our company is built on a foundation of principles that include responsibility to the communities we serve and where we live and work. In 2008, we launched a Corporate Citizenship Initiative, a global effort to address the environmental, social, economic, and ethical challenges we face in our business. Among the issues we are addressing are carbon impact, paper specifi cations and procurement, ethical conduct within our business and among our vendors, and community and charitable support. For more information, please visit our website: www.wiley.com/go/citizenship.


Copyright © 2014 John Wiley & Sons, Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc. 222 Rosewood Drive, Danvers, MA 01923, website www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, (201)748-6011, fax (201)748-6008, website http://www.wiley.com/go/permissions.


Evaluation copies are provided to qualifi ed academics and professionals for review purposes only, for use in their courses during the next academic year. These copies are licensed and may not be sold or transferred to a third party. Upon completion of the review period, please return the evaluation copy to Wiley. Return instructions and a free of charge return mailing label are available at www.wiley.com/ go/returnlabel. If you have chosen to adopt this textbook for use in your course, please accept this book as your complimentary desk copy. Outside of the United States, please contact your local sales representative.


ISBN 978-1-118-33589-5 (paperback)


Printed in the United States of America 10 9 8 7 6 5 4 3 2 1


http://www.wiley.com/go/citizenship

http://www.copyright.com

http://www.wiley.com/go/permissions

http://www.wiley.com/go/returnlabel

http://www.wiley.com/go/returnlabel

iii


Table of Contents


List of Figures xi Preface xvii


Chapter 1 — Introduction 1


Overview ................................................................................................................ 1


Professional utility of information security knowledge ......................................... 1


Brief history ............................................................................................................ 5


Defi nition of information security ........................................................................ 11


Summary .............................................................................................................. 14


Example case – Wikileaks, Cablegate, and free reign over classifi ed networks ........................................................................................... 14


Chapter review questions...................................................................................... 15


Example case questions ........................................................................................ 16


Hands-on activity – Software Inspector, Steganography...................................... 16


Critical thinking exercise: identifying CIA area(s) affected by sample real-life hacking incidents.................................................................... 21


Design case ........................................................................................................... 21


Chapter 2 — System Administration (Part 1) 26


Overview .............................................................................................................. 26


Introduction .......................................................................................................... 26


What is system administration? ............................................................................ 27


System administration and information security .................................................. 28


Common system administration tasks .................................................................. 29


System administration utilities ............................................................................. 33


Summary .............................................................................................................. 37


Example case – T. J. Maxx ................................................................................... 37


Chapter review questions...................................................................................... 39


iv Table of Contents


Example case questions ........................................................................................ 40


Hands-on Activity – Linux system installation .................................................... 40


Critical thinking exercise – Google executives sentenced to prison over video ............................................................................................. 48


Design case ........................................................................................................... 49


Chapter 3 — System Administration (Part 2) 51


Overview .............................................................................................................. 51


Operating system structure ................................................................................... 51


The command-line interface ................................................................................. 53


Files and directories .............................................................................................. 53


Moving around the fi lesystem – pwd, cd ............................................................. 54


Listing fi les and directories .................................................................................. 55


Shell expansions ................................................................................................... 56


File management .................................................................................................. 57


Viewing fi les ......................................................................................................... 59


Searching for fi les ................................................................................................. 60


Access control and user management .................................................................. 61


Access control lists ............................................................................................... 64


File ownership ...................................................................................................... 65


Editing fi les ........................................................................................................... 66


Software installation and updates ......................................................................... 67


Account management ........................................................................................... 72


Command-line user administration ...................................................................... 75


Example case – Northwest Florida State College ................................................ 77


Summary .............................................................................................................. 78


Chapter review questions...................................................................................... 78


Example case questions ........................................................................................ 79


Hands-on activity – basic Linux system administration ....................................... 79


Critical thinking exercise – offensive cyber effects operations (OCEO) .......................................................................................... 80


Design Case .......................................................................................................... 80


Table of Contents v


Chapter 4 — The Basic Information Security Model 82


Overview .............................................................................................................. 82


Introduction .......................................................................................................... 82


Components of the basic information security model .......................................... 82


Common vulnerabilities, threats, and controls ..................................................... 90


Example case – ILOVEYOU virus ....................................................................... 99


Summary ............................................................................................................ 100


Chapter review questions.................................................................................... 100


Example case questions ...................................................................................... 101


Hands-on activity – web server security ............................................................ 101


Critical thinking exercise – the internet, “American values,” and security ........ 102


Design case ......................................................................................................... 103


Chapter 5 — Asset Identifi cation and Characterization 104


Overview ............................................................................................................ 104


Assets overview .................................................................................................. 104


Determining assets that are important to the organization ................................. 105


Asset types .......................................................................................................... 109


Asset characterization ......................................................................................... 114


IT asset life cycle and asset identifi cation .......................................................... 119


System profi ling ................................................................................................. 124


Asset ownership and operational responsibilities ............................................... 127


Example case – Stuxnet ...................................................................................... 130


Summary ............................................................................................................ 130


Chapter review questions.................................................................................... 131


Example case questions ...................................................................................... 131


Hands-on activity – course asset identifi cation .................................................. 132


Critical thinking exercise – uses of a hacked PC ............................................... 132


Design case ......................................................................................................... 133


Chapter 6 — Threats and Vulnerabilities 135


Overview ............................................................................................................ 135


Introduction ........................................................................................................ 135


vi Table of Contents


Threat models ..................................................................................................... 136


Threat agent ........................................................................................................ 137


Threat action ....................................................................................................... 149


Vulnerabilities..................................................................................................... 162


Example case – Gozi .......................................................................................... 167


Summary ............................................................................................................ 168


Chapter review questions.................................................................................... 168


Example case questions ...................................................................................... 168


Hands-on activity – Vulnerability scanning ....................................................... 169


Critical thinking exercise – Iraq cyberwar plans in 2003 ................................... 174


Design case ......................................................................................................... 174


Chapter 7 — Encryption Controls 176


Overview ............................................................................................................ 176


Introduction ........................................................................................................ 176


Encryption basics ............................................................................................... 177


Encryption types overview ................................................................................. 181


Encryption types details ..................................................................................... 187


Encryption in use ................................................................................................ 194


Example case – Nation technologies .................................................................. 197


Summary ............................................................................................................ 198


Chapter review questions.................................................................................... 198


Example case questions ...................................................................................... 199


Hands-on activity – encryption .......................................................................... 199


Critical thinking exercise – encryption keys embed business models ............................................................................................. 205


Design case ......................................................................................................... 206


Chapter 8 — Identity and Access Management 207


Overview ............................................................................................................ 207


Identity management .......................................................................................... 207


Access management ........................................................................................... 212


Authentication .................................................................................................... 213


Table of Contents vii


Single sign-on ..................................................................................................... 221


Federation ........................................................................................................... 228


Example case – Markus Hess ............................................................................. 237


Summary ............................................................................................................ 239


Chapter review questions.................................................................................... 239


Example case questions ...................................................................................... 240


Hands-on activity – identity match and merge ................................................... 240


Critical thinking exercise – feudalism the security solution for the internet? ............................................................................................. 244


Design case ......................................................................................................... 245


Chapter 9 — Hardware and Software Controls 247


Overview ............................................................................................................ 247


Password management ....................................................................................... 247


Access control .................................................................................................... 251


Firewalls ............................................................................................................. 252


Intrusion detection/prevention systems .............................................................. 256


Patch management for operating systems and applications ............................... 261


End-point protection ........................................................................................... 264


Example case – AirTight networks ..................................................................... 266


Chapter review questions.................................................................................... 270


Example case questions ...................................................................................... 270


Hands-on activity – host-based IDS (OSSEC) ................................................... 271


Critical thinking exercise – extra-human security controls ................................ 275


Design case ......................................................................................................... 275


Chapter 10 — Shell Scripting 277


Overview ............................................................................................................ 277


Introduction ........................................................................................................ 277


Output redirection ............................................................................................... 279


Text manipulation ............................................................................................... 280


Variables ............................................................................................................. 283


Conditionals ........................................................................................................ 287


viii Table of Contents


User input ........................................................................................................... 290


Loops .................................................................................................................. 292


Putting it all together .......................................................................................... 299


Example case – Max Butler ................................................................................ 301


Summary ............................................................................................................ 302


Chapter review questions.................................................................................... 303


Example case questions ...................................................................................... 303


Hands-on activity – basic scripting .................................................................... 303


Critical thinking exercise – script security ......................................................... 304


Design case ......................................................................................................... 305


Chapter 11 — Incident Handling 306


Introduction ........................................................................................................ 306


Incidents overview .............................................................................................. 306


Incident handling ................................................................................................ 307


The disaster ......................................................................................................... 327


Example case – on-campus piracy ..................................................................... 328


Summary ............................................................................................................ 330


Chapter review questions.................................................................................... 330


Example case questions ...................................................................................... 331


Hands-on activity – incident timeline using OSSEC ......................................... 331


Critical thinking exercise – destruction at the EDA ........................................... 331


Design case ......................................................................................................... 332


Chapter 12 — Incident Analysis 333


Introduction ........................................................................................................ 333


Log analysis ........................................................................................................ 333


Event criticality .................................................................................................. 337


General log confi guration and maintenance ....................................................... 345


Live incident response ........................................................................................ 347


Timelines ............................................................................................................ 350


Other forensics topics ......................................................................................... 352


Example case – backup server compromise ....................................................... 353


Table of Contents ix


Chapter review questions.................................................................................... 355


Example case questions ...................................................................................... 356


Hands-on activity – server log analysis .............................................................. 356


Critical thinking exercise – destruction at the EDA ........................................... 358


Design case ......................................................................................................... 358


Chapter 13 — Policies, Standards, and Guidelines 360


Introduction ........................................................................................................ 360


Guiding principles .............................................................................................. 360


Writing a policy .................................................................................................. 367


Impact assessment and vetting ........................................................................... 371


Policy review ...................................................................................................... 373


Compliance ......................................................................................................... 374


Key policy issues ................................................................................................ 377


Example case – HB Gary ................................................................................... 378


Summary ............................................................................................................ 379


Reference ............................................................................................................ 379


Chapter review questions.................................................................................... 379


Example case questions ...................................................................................... 380


Hands-on activity – create an AUP ..................................................................... 380


Critical thinking exercise – Aaron Swartz .......................................................... 380


Design case ......................................................................................................... 381


Chapter 14 — IT Risk Analysis and Risk Management 382


Overview ............................................................................................................ 382


Introduction ........................................................................................................ 382


Risk management as a component of organizational management .................................................................................................. 383


Risk-management framework ............................................................................ 384


The NIST 800-39 framework ............................................................................. 385


Risk assessment .................................................................................................. 387


Other risk-management frameworks .................................................................. 389


IT general controls for Sarbanes–Oxley compliance ......................................... 391


x Table of Contents


Compliance versus risk management ................................................................. 398


Selling security ................................................................................................... 399


Example case – online marketplace purchases ................................................... 399


Summary ............................................................................................................ 400


Chapter review questions.................................................................................... 400


Hands-on activity – risk assessment using lsof ................................................. 401


Critical thinking exercise – risk estimation biases ............................................. 403


Design case ......................................................................................................... 403


Appendix A — Password List for the Linux Virtual Machine 404 Glossary 405 Index 413


xi


List of Figures


Figure 1.1: Classifi cation of information security analysts 2


Figure 1.2: Time-consuming activities for information security professionals 4


Figure 1.3: Training needs identifi ed by information security professionals 4


Figure 1.4: ILOVEYOU virus 7


Figure 1.5: T.J. Maxx 8


Figure 1.6: Defaced Georgian foreign ministry website 9


Figure 1.7: Google-China offi ces 10


Figure 1.8: Online Software Inspector 17


Figure 1.9: PC audit report 18


Figure 1.10: Contents of Downloads folder for Steganography exercise 19


Figure 1.11: Commands to hide text fi les at the end of image fi les 19


Figure 1.12: Manipulated images among original images 20


Figure 1.13: Opening image fi les in Notepad 20


Figure 1.14: Secret message hidden at the end of the image fi le 21


Figure 1.15: Sunshine State University funding sources 23


Figure 1.16: Extract from the organization structure of Sunshine State University 24


Figure 2.1: Paul Ceglia 32


Figure 2.2: Windows desktop usage—April 2013 33


Figure 2.3: System Center Operation Manager 34


Figure 2.4: Unix family tree 36


Figure 2.5: Albert Gonzalez, at the time of his indictment in August 2009 38


Figure 2.6: T J Maxx sales (2005–2010) 39


Figure 2.7: Virtual machine structure 41


Figure 2.8: VirtualBox download page 41


Figure 2.9: VirtualBox installer welcome screen 42


Figure 2.10: Default install Location 42


Figure 2.11: VirtualBox install confi rmation 43


Figure 2.12: VirtualBox manager 43


Figure 2.13: Default setting for OS import 44


Figure 2.14: Virtual machine in Virtual machine manager 45


Figure 2.15: CPU error 45


xii List of Figures


Figure 2.16: Enabling PAE 46


Figure 2.17: Attach the VM to NAT 46


Figure 2.18: CentOS VM login screen 47


Figure 2.19: CentOS Linux desktop 47


Figure 2.20: Sunshine State University email infrastructure 50


Figure 3.1: Operating system structure 51


Figure 3.2: Reaching the command prompt window 53


Figure 3.3: Unix fi le hierarchy 54


Figure 3.4: vimtutor interface 67


Figure 3.5: Reaching users and groups manager 73


Figure 3.6: Adding users 74


Figure 3.7: Group manager 74


Figure 4.1: The basic information security model 83


Figure 4.2: Example CVE listing at the time of reporting 85


Figure 4.3: NVD entry for the CVE listing 86


Figure 4.4: ATLAS web interface 88


Figure 4.5: Phishing example 95


Figure 4.6: …



Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

University Coursework Help
Helping Hand
Top Essay Tutor
Best Coursework Help
Homework Guru
Innovative Writer
Writer Writer Name Offer Chat
University Coursework Help

ONLINE

University Coursework Help

Hi dear, I am ready to do your homework in a reasonable price.

$142 Chat With Writer
Helping Hand

ONLINE

Helping Hand

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

$140 Chat With Writer
Top Essay Tutor

ONLINE

Top Essay Tutor

I have more than 12 years of experience in managing online classes, exams, and quizzes on different websites like; Connect, McGraw-Hill, and Blackboard. I always provide a guarantee to my clients for their grades.

$145 Chat With Writer
Best Coursework Help

ONLINE

Best Coursework Help

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

$140 Chat With Writer
Homework Guru

ONLINE

Homework Guru

Hi dear, I am ready to do your homework in a reasonable price and in a timely manner.

$142 Chat With Writer
Innovative Writer

ONLINE

Innovative Writer

I have read and understood all your initial requirements, and I am very professional in this task, I would be the best choice for this project, I am a PhD writer with 6-7 years of experience and can deliver quality notes to tight deadlines. I can generally compile up to 10 pages of lecture notes per day. I am known as Unrivaled Quality, Written to Standard, providing Plagiarism-free woork, and Always on Time

$135 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Wpc dot gov in - Calculate the molar mass of baking soda - Md-101 study guide pdf - Martina mcclure london ky assault - Video Clip Discussion - What is geographic inquiry - Statistics Questions - Cloud Computing - Lab assignment musculoskeletal patient record - Rome engineering an empire - Squares triangles circles and hearts - Chemistry accuracy and precision worksheet answers - Council of international students australia - Assignment - To what does angelou compare her argument with the receptionist - Your furniture store sells two types of tables - 5 cl in ml - Holy cross catholic high school woodbridge - Describing a person essay my mother - De solv it walmart canada - My antonia answer key - Perception in organisational behaviour pdf - Best flowers to dissect - Gcu emergency/active shooter - Rank the vector combinations on the basis of their magnitude - Www elgas com au payments - Kit kat chunky advert - Australia and new zealand facts - Dis 2 - To maximize profit a pure monopolist must - High school book review template - Bigger biceps athlean x - Feedforward concurrent and feedback controls - Ethical dilemma powerpoint - Leccion 3 cultura el ultimo emperador inca completar - Closing entries wileyplus - Ksu chemical engineering flowchart - Atoolcrib - Advance Pharmacology - Https securepro prod energy siemens com securepro - Chapter 7 confidence intervals and sample size answers - The primary challenge of a distributed database is - 2 Discussions and 1 case study - Nature vision pak shack 1 man shelter with chair - _____ refers to cells not wide enough to display the entire entry. - Klm model in hci - Lecture 4 notes - List ways in which secret keys can be distributed to two communicating parties. - Leonard kip rhinelander - 4 phases of adlerian therapy - Pop sound test for hydrogen - Leadership Development Plan - Which of these basic questions should a vision statement answer - Arrl yagi antenna design - During its first year of operations the mccollum corporation - Does microsoft have preferred stock - Ccg junction box catalogue - Alkali metals in water mythbusters - Ipers asset allocation calculator - Serato scratch live manual - Sparklebox chinese new year - Maersk line case study analysis - One objection to virtue ethics is that points 1 - Heart foundation cookbook australia - Discussion 25 - Edexcel exam timetable 2015 - Stepping on others to climb the promotional ladder - Why is dibenzalacetone yellow - Dr lark dentist adrian mi - 1.18 forces of nature post test - Unguaranteed residual value lessor journal entries - Chc50113 diploma of early childhood education and care answers - Alice in wonderland cat name dinah - Computer security ethics viruses and privacy worksheet answers - Acute responses to exercise - PowerPoint - Set of Instructions for a Website - Molar heat of combustion symbol - True colors personality test - 46 repeating as a fraction - Individual Paper (Progress Report Part) - Twilight stage of sleep associated with imagery resembling hallucinations - Brass flute cockney rhyming slang - Event project plan template - Stationary and rotating anode - Sam and a toy homework answers - Alfred health staff email - Micro mezzo and macro levels - Personal services income examples - Globalization - Danbury baptist letter to jefferson summary - Nitric acid calcium carbonate word equation - Prismaflex crrt return blood - Organizational behavior principles - Student placement agreement template - Mean Making Forum 1-Brody - Macbeth act 2 quotes quiz - King james i macbeth - Restricted psv operators licence - En su gran cama nueva