Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Information security and it risk management agrawal pdf

19/12/2020 Client: saad24vbs Deadline: 7 Days

Information Security and IT Risk Management Manish Agrawal, Ph.D. Associate Professor Information Systems and Decision Sciences University of South Florida


Alex Campoe, CISSP Director, Information Security University of South Florida


Eric Pierce Associate Director, Information Security University of South Florida


Vice President and Executive Publisher Don Fowley Executive Editor Beth Lang Golub Editorial Assistant Jayne Ziemba Photo Editor Ericka Millbrand Associate Production Manager Joyce Poh Cover Designer Kenji Ngieng


This book was set by MPS Limited.


Founded in 1807, John Wiley & Sons, Inc. has been a valued source of knowledge and understanding for more than 200 years, helping people around the world meet their needs and fulfi ll their aspirations. Our company is built on a foundation of principles that include responsibility to the communities we serve and where we live and work. In 2008, we launched a Corporate Citizenship Initiative, a global effort to address the environmental, social, economic, and ethical challenges we face in our business. Among the issues we are addressing are carbon impact, paper specifi cations and procurement, ethical conduct within our business and among our vendors, and community and charitable support. For more information, please visit our website: www.wiley.com/go/citizenship.


Copyright © 2014 John Wiley & Sons, Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc. 222 Rosewood Drive, Danvers, MA 01923, website www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, (201)748-6011, fax (201)748-6008, website http://www.wiley.com/go/permissions.


Evaluation copies are provided to qualifi ed academics and professionals for review purposes only, for use in their courses during the next academic year. These copies are licensed and may not be sold or transferred to a third party. Upon completion of the review period, please return the evaluation copy to Wiley. Return instructions and a free of charge return mailing label are available at www.wiley.com/ go/returnlabel. If you have chosen to adopt this textbook for use in your course, please accept this book as your complimentary desk copy. Outside of the United States, please contact your local sales representative.


ISBN 978-1-118-33589-5 (paperback)


Printed in the United States of America 10 9 8 7 6 5 4 3 2 1


http://www.wiley.com/go/citizenship

http://www.copyright.com

http://www.wiley.com/go/permissions

http://www.wiley.com/go/returnlabel

http://www.wiley.com/go/returnlabel

iii


Table of Contents


List of Figures xi Preface xvii


Chapter 1 — Introduction 1


Overview ................................................................................................................ 1


Professional utility of information security knowledge ......................................... 1


Brief history ............................................................................................................ 5


Defi nition of information security ........................................................................ 11


Summary .............................................................................................................. 14


Example case – Wikileaks, Cablegate, and free reign over classifi ed networks ........................................................................................... 14


Chapter review questions...................................................................................... 15


Example case questions ........................................................................................ 16


Hands-on activity – Software Inspector, Steganography...................................... 16


Critical thinking exercise: identifying CIA area(s) affected by sample real-life hacking incidents.................................................................... 21


Design case ........................................................................................................... 21


Chapter 2 — System Administration (Part 1) 26


Overview .............................................................................................................. 26


Introduction .......................................................................................................... 26


What is system administration? ............................................................................ 27


System administration and information security .................................................. 28


Common system administration tasks .................................................................. 29


System administration utilities ............................................................................. 33


Summary .............................................................................................................. 37


Example case – T. J. Maxx ................................................................................... 37


Chapter review questions...................................................................................... 39


iv Table of Contents


Example case questions ........................................................................................ 40


Hands-on Activity – Linux system installation .................................................... 40


Critical thinking exercise – Google executives sentenced to prison over video ............................................................................................. 48


Design case ........................................................................................................... 49


Chapter 3 — System Administration (Part 2) 51


Overview .............................................................................................................. 51


Operating system structure ................................................................................... 51


The command-line interface ................................................................................. 53


Files and directories .............................................................................................. 53


Moving around the fi lesystem – pwd, cd ............................................................. 54


Listing fi les and directories .................................................................................. 55


Shell expansions ................................................................................................... 56


File management .................................................................................................. 57


Viewing fi les ......................................................................................................... 59


Searching for fi les ................................................................................................. 60


Access control and user management .................................................................. 61


Access control lists ............................................................................................... 64


File ownership ...................................................................................................... 65


Editing fi les ........................................................................................................... 66


Software installation and updates ......................................................................... 67


Account management ........................................................................................... 72


Command-line user administration ...................................................................... 75


Example case – Northwest Florida State College ................................................ 77


Summary .............................................................................................................. 78


Chapter review questions...................................................................................... 78


Example case questions ........................................................................................ 79


Hands-on activity – basic Linux system administration ....................................... 79


Critical thinking exercise – offensive cyber effects operations (OCEO) .......................................................................................... 80


Design Case .......................................................................................................... 80


Table of Contents v


Chapter 4 — The Basic Information Security Model 82


Overview .............................................................................................................. 82


Introduction .......................................................................................................... 82


Components of the basic information security model .......................................... 82


Common vulnerabilities, threats, and controls ..................................................... 90


Example case – ILOVEYOU virus ....................................................................... 99


Summary ............................................................................................................ 100


Chapter review questions.................................................................................... 100


Example case questions ...................................................................................... 101


Hands-on activity – web server security ............................................................ 101


Critical thinking exercise – the internet, “American values,” and security ........ 102


Design case ......................................................................................................... 103


Chapter 5 — Asset Identifi cation and Characterization 104


Overview ............................................................................................................ 104


Assets overview .................................................................................................. 104


Determining assets that are important to the organization ................................. 105


Asset types .......................................................................................................... 109


Asset characterization ......................................................................................... 114


IT asset life cycle and asset identifi cation .......................................................... 119


System profi ling ................................................................................................. 124


Asset ownership and operational responsibilities ............................................... 127


Example case – Stuxnet ...................................................................................... 130


Summary ............................................................................................................ 130


Chapter review questions.................................................................................... 131


Example case questions ...................................................................................... 131


Hands-on activity – course asset identifi cation .................................................. 132


Critical thinking exercise – uses of a hacked PC ............................................... 132


Design case ......................................................................................................... 133


Chapter 6 — Threats and Vulnerabilities 135


Overview ............................................................................................................ 135


Introduction ........................................................................................................ 135


vi Table of Contents


Threat models ..................................................................................................... 136


Threat agent ........................................................................................................ 137


Threat action ....................................................................................................... 149


Vulnerabilities..................................................................................................... 162


Example case – Gozi .......................................................................................... 167


Summary ............................................................................................................ 168


Chapter review questions.................................................................................... 168


Example case questions ...................................................................................... 168


Hands-on activity – Vulnerability scanning ....................................................... 169


Critical thinking exercise – Iraq cyberwar plans in 2003 ................................... 174


Design case ......................................................................................................... 174


Chapter 7 — Encryption Controls 176


Overview ............................................................................................................ 176


Introduction ........................................................................................................ 176


Encryption basics ............................................................................................... 177


Encryption types overview ................................................................................. 181


Encryption types details ..................................................................................... 187


Encryption in use ................................................................................................ 194


Example case – Nation technologies .................................................................. 197


Summary ............................................................................................................ 198


Chapter review questions.................................................................................... 198


Example case questions ...................................................................................... 199


Hands-on activity – encryption .......................................................................... 199


Critical thinking exercise – encryption keys embed business models ............................................................................................. 205


Design case ......................................................................................................... 206


Chapter 8 — Identity and Access Management 207


Overview ............................................................................................................ 207


Identity management .......................................................................................... 207


Access management ........................................................................................... 212


Authentication .................................................................................................... 213


Table of Contents vii


Single sign-on ..................................................................................................... 221


Federation ........................................................................................................... 228


Example case – Markus Hess ............................................................................. 237


Summary ............................................................................................................ 239


Chapter review questions.................................................................................... 239


Example case questions ...................................................................................... 240


Hands-on activity – identity match and merge ................................................... 240


Critical thinking exercise – feudalism the security solution for the internet? ............................................................................................. 244


Design case ......................................................................................................... 245


Chapter 9 — Hardware and Software Controls 247


Overview ............................................................................................................ 247


Password management ....................................................................................... 247


Access control .................................................................................................... 251


Firewalls ............................................................................................................. 252


Intrusion detection/prevention systems .............................................................. 256


Patch management for operating systems and applications ............................... 261


End-point protection ........................................................................................... 264


Example case – AirTight networks ..................................................................... 266


Chapter review questions.................................................................................... 270


Example case questions ...................................................................................... 270


Hands-on activity – host-based IDS (OSSEC) ................................................... 271


Critical thinking exercise – extra-human security controls ................................ 275


Design case ......................................................................................................... 275


Chapter 10 — Shell Scripting 277


Overview ............................................................................................................ 277


Introduction ........................................................................................................ 277


Output redirection ............................................................................................... 279


Text manipulation ............................................................................................... 280


Variables ............................................................................................................. 283


Conditionals ........................................................................................................ 287


viii Table of Contents


User input ........................................................................................................... 290


Loops .................................................................................................................. 292


Putting it all together .......................................................................................... 299


Example case – Max Butler ................................................................................ 301


Summary ............................................................................................................ 302


Chapter review questions.................................................................................... 303


Example case questions ...................................................................................... 303


Hands-on activity – basic scripting .................................................................... 303


Critical thinking exercise – script security ......................................................... 304


Design case ......................................................................................................... 305


Chapter 11 — Incident Handling 306


Introduction ........................................................................................................ 306


Incidents overview .............................................................................................. 306


Incident handling ................................................................................................ 307


The disaster ......................................................................................................... 327


Example case – on-campus piracy ..................................................................... 328


Summary ............................................................................................................ 330


Chapter review questions.................................................................................... 330


Example case questions ...................................................................................... 331


Hands-on activity – incident timeline using OSSEC ......................................... 331


Critical thinking exercise – destruction at the EDA ........................................... 331


Design case ......................................................................................................... 332


Chapter 12 — Incident Analysis 333


Introduction ........................................................................................................ 333


Log analysis ........................................................................................................ 333


Event criticality .................................................................................................. 337


General log confi guration and maintenance ....................................................... 345


Live incident response ........................................................................................ 347


Timelines ............................................................................................................ 350


Other forensics topics ......................................................................................... 352


Example case – backup server compromise ....................................................... 353


Table of Contents ix


Chapter review questions.................................................................................... 355


Example case questions ...................................................................................... 356


Hands-on activity – server log analysis .............................................................. 356


Critical thinking exercise – destruction at the EDA ........................................... 358


Design case ......................................................................................................... 358


Chapter 13 — Policies, Standards, and Guidelines 360


Introduction ........................................................................................................ 360


Guiding principles .............................................................................................. 360


Writing a policy .................................................................................................. 367


Impact assessment and vetting ........................................................................... 371


Policy review ...................................................................................................... 373


Compliance ......................................................................................................... 374


Key policy issues ................................................................................................ 377


Example case – HB Gary ................................................................................... 378


Summary ............................................................................................................ 379


Reference ............................................................................................................ 379


Chapter review questions.................................................................................... 379


Example case questions ...................................................................................... 380


Hands-on activity – create an AUP ..................................................................... 380


Critical thinking exercise – Aaron Swartz .......................................................... 380


Design case ......................................................................................................... 381


Chapter 14 — IT Risk Analysis and Risk Management 382


Overview ............................................................................................................ 382


Introduction ........................................................................................................ 382


Risk management as a component of organizational management .................................................................................................. 383


Risk-management framework ............................................................................ 384


The NIST 800-39 framework ............................................................................. 385


Risk assessment .................................................................................................. 387


Other risk-management frameworks .................................................................. 389


IT general controls for Sarbanes–Oxley compliance ......................................... 391


x Table of Contents


Compliance versus risk management ................................................................. 398


Selling security ................................................................................................... 399


Example case – online marketplace purchases ................................................... 399


Summary ............................................................................................................ 400


Chapter review questions.................................................................................... 400


Hands-on activity – risk assessment using lsof ................................................. 401


Critical thinking exercise – risk estimation biases ............................................. 403


Design case ......................................................................................................... 403


Appendix A — Password List for the Linux Virtual Machine 404 Glossary 405 Index 413


xi


List of Figures


Figure 1.1: Classifi cation of information security analysts 2


Figure 1.2: Time-consuming activities for information security professionals 4


Figure 1.3: Training needs identifi ed by information security professionals 4


Figure 1.4: ILOVEYOU virus 7


Figure 1.5: T.J. Maxx 8


Figure 1.6: Defaced Georgian foreign ministry website 9


Figure 1.7: Google-China offi ces 10


Figure 1.8: Online Software Inspector 17


Figure 1.9: PC audit report 18


Figure 1.10: Contents of Downloads folder for Steganography exercise 19


Figure 1.11: Commands to hide text fi les at the end of image fi les 19


Figure 1.12: Manipulated images among original images 20


Figure 1.13: Opening image fi les in Notepad 20


Figure 1.14: Secret message hidden at the end of the image fi le 21


Figure 1.15: Sunshine State University funding sources 23


Figure 1.16: Extract from the organization structure of Sunshine State University 24


Figure 2.1: Paul Ceglia 32


Figure 2.2: Windows desktop usage—April 2013 33


Figure 2.3: System Center Operation Manager 34


Figure 2.4: Unix family tree 36


Figure 2.5: Albert Gonzalez, at the time of his indictment in August 2009 38


Figure 2.6: T J Maxx sales (2005–2010) 39


Figure 2.7: Virtual machine structure 41


Figure 2.8: VirtualBox download page 41


Figure 2.9: VirtualBox installer welcome screen 42


Figure 2.10: Default install Location 42


Figure 2.11: VirtualBox install confi rmation 43


Figure 2.12: VirtualBox manager 43


Figure 2.13: Default setting for OS import 44


Figure 2.14: Virtual machine in Virtual machine manager 45


Figure 2.15: CPU error 45


xii List of Figures


Figure 2.16: Enabling PAE 46


Figure 2.17: Attach the VM to NAT 46


Figure 2.18: CentOS VM login screen 47


Figure 2.19: CentOS Linux desktop 47


Figure 2.20: Sunshine State University email infrastructure 50


Figure 3.1: Operating system structure 51


Figure 3.2: Reaching the command prompt window 53


Figure 3.3: Unix fi le hierarchy 54


Figure 3.4: vimtutor interface 67


Figure 3.5: Reaching users and groups manager 73


Figure 3.6: Adding users 74


Figure 3.7: Group manager 74


Figure 4.1: The basic information security model 83


Figure 4.2: Example CVE listing at the time of reporting 85


Figure 4.3: NVD entry for the CVE listing 86


Figure 4.4: ATLAS web interface 88


Figure 4.5: Phishing example 95


Figure 4.6: …



Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

University Coursework Help
Helping Hand
Top Essay Tutor
Best Coursework Help
Homework Guru
Innovative Writer
Writer Writer Name Offer Chat
University Coursework Help

ONLINE

University Coursework Help

Hi dear, I am ready to do your homework in a reasonable price.

$142 Chat With Writer
Helping Hand

ONLINE

Helping Hand

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

$140 Chat With Writer
Top Essay Tutor

ONLINE

Top Essay Tutor

I have more than 12 years of experience in managing online classes, exams, and quizzes on different websites like; Connect, McGraw-Hill, and Blackboard. I always provide a guarantee to my clients for their grades.

$145 Chat With Writer
Best Coursework Help

ONLINE

Best Coursework Help

I am an Academic writer with 10 years of experience. As an Academic writer, my aim is to generate unique content without Plagiarism as per the client’s requirements.

$140 Chat With Writer
Homework Guru

ONLINE

Homework Guru

Hi dear, I am ready to do your homework in a reasonable price and in a timely manner.

$142 Chat With Writer
Innovative Writer

ONLINE

Innovative Writer

I have read and understood all your initial requirements, and I am very professional in this task, I would be the best choice for this project, I am a PhD writer with 6-7 years of experience and can deliver quality notes to tight deadlines. I can generally compile up to 10 pages of lecture notes per day. I am known as Unrivaled Quality, Written to Standard, providing Plagiarism-free woork, and Always on Time

$135 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Project 8 - Realized compound yield of the bond - Golden leaf foundation board of directors - Risk management principles and practices elliot pdf - Industrial engineering case study - International student advisor unsw - Bargain hunt experts kate bateman - Functional areas for nursing informatics - Torts and Defamation - Hard drawn copper properties - Exodus in a nutshell - Groups in action evolution and challenges workbook answer key - Gender role in negotiation and conflict management - A right circular cone and a right circular cylinder - Bransford and johnson 1972 summary - Discussion question on Unilever's case - What court case reversed plessy vs ferguson - Sargent corporation bought equipment on january - Melchizedek priesthood ordination record - Aoj grossmont college - Soap opera david ives analysis - Lawson street medical practice - Exercise 15 7 crawford corporation incurred the following transactions - Access unit a concepts review answers - Silhouette cameo failed to locate framework dll - 6 strip h method - Enterprise-Finale - Week 2 Discussion: Religion and Ethics - Oracle cloud applications price list - Home work 4 - Wolf warming drawer manual - Enthalpy of combustion meaning - The wind tapped like a tired man meaning - Project repat has a corporate charter which of the following - Week 5 Report - Which of the following statements best describes scientific research - I ain t crashing bout no ho song - Dow jones islamic titans 100 index - Loma linda pharmacy school - Choo nam thomas urgent message - Swot analysis cloud services - Econometrics and mathematical economics pdf - Is macconkey agar chemically defined - Dso and dpo formula - Robin hood case study swot - Chapter 4 using source documents answers - Records management plan template - Educational prenuptials to consider before co teaching - Smith & hawken estate size curled wreath white 30 - Bloom's taxonomy question stems - Sir joseph hotung net worth - Respond to 4 classmates - Nh4no3 + h2o exothermic or endothermic - Systematic and Unsystematic Risk - Determinants of group behaviour ppt - Power Point - Request letter for diploma - Personal Nursing Philosophy Paper - A 1500 kg car drives around a flat 200 - Exp 105 final assignment - Art thou afeard translation - Human resource management in multinational enterprises - Lección 4 estructura 4.2 practicar verbos - Annotated Bibliography - Define mise en scene - System analysis and design topics - Https www hhmi org biointeractive explore virtual labs - A wall of fire rising - Dr peter whang guilford ct - Character Evolution Instructions - Southern cross community healthcare - Mini management plan - Myitlab access chapter 6 grader project - Homework - Where is mufy recognised - Discussion - Bendigo health infection control - Benchmark - Community Teaching Plan: Community Teaching Work Plan Proposal - 4/1 repost - Vce biology 2017 exam answers - Latec investments ltd v hotel terrigal pty ltd - Pepsi docx - Accounting discussion $5 - Four steps in managing external stakeholder relationships - Civil air patrol colorado - Yo salí de casa a las 8:00. antes de salir de casa miré mi correo electrónico. - Ball bearings inc faces costs of production as follows - Assignment 1.2: A Changing World Final Paper - Nursing - The channel of distribution consists of - Garlic bread factory capalaba - How to calculate pooled variance for t test - 38999 series iii insert arrangement - The witches chapter 1 - House captain speech year 6 - Wyatt vs stickney - A crm software database system provides sport marketers - Answer questions - North central university msw - Ntnu norway phd vacancies