This new text provides students the knowledge and skills they will need to compete for and succeed in the information security roles they will encounter straight out of college. This is accomplished by providing a hands-on immersion in essential system administration, service and application installation and configuration, security tool use, TIG implementation and reporting. It is designed for an introductory course on IS Security offered usually as an elective in IS departments in 2 and 4 year schools. It is not designed for security certification courses.
Chapter 1: Introduction Overview Professional utility of information security knowledge Brief history Definition of information security Summary Example case wikileaks, cablegate, and free reign over classified networks Chapter review questions Example case questions Hands-on activity software inspector, steganography Critical thinking exercise: identifying CIA area(s) affected by sample real-life hacking incidents Design case Chapter 2: System Administration (Part 1) Overview Introduction What is system administration? System administration and information security Common system administration tasks System administration utilities Summary Example case - T J Maxx Chapter review questions Example case questions Hands-on Activity linux system installation Critical thinking exercise Google executives sentenced to Prison over video Design case Chapter 3: System Administration (Part 2) Overview Operating system structure The command-line interface Files and Directories Moving around the filesystem pwd, cd Listing files and directories Shell Expansions File Management Viewing Files Searching for fi les Access control and user management Access control lists File ownership Editing fi les Software installation and updates Account management Command-line user administration Example case Northwest Florida State College Summary Chapter review questions Example case questions Hands-on activity basic linux system administration Critical thinking exercise offensive cyber effects operations (OCEO) Design Case Chapter 4: The basic Information security model Overview Introduction Components of the basic information security model Common vulnerabilities, threats and controls Example case ILOVEYOU virus Summary Chapter review questions Example case questions Hands-on activity web server security Critical thinking exercise the internet, "american values" and security Design Case Chapter 5: Asset Identification and Characterization Overview Assets overview Determining assets that are important to the organization Asset Types Asset Characterization IT asset lifecycle and asset identification System profiling Asset ownership and operational responsibilities Example case Stuxnet Summary Chapter review questions Example case questions Hands on activity course asset identification Critical thinking exercise uses of a hacked PC Design case Chapter 6: Threats and Vulnerabilities Overview Introduction Threat models Threat Agent Threat Action Vulnerabilities Example case Gozi Summary Chapter Review Questions Example case questions Hands-on activity Vulnerability scanning Critical thinking exercise Iraq cyber war plans in 2003 Design case Chapter 7: Encryption Controls Overview Introduction Encryption basics Encryption types overview Encryption types details Encryption in use Example case Nation technologies Summary Chapter review questions Example case questions Hands-on activity encryption Critical thinking exercise encryption keys embed business models Design case Chapter 8: Identity and Access Management Overview Identity management Access Management Authentication Single sign-on Federation Example case markus hess Summary Chapter review questions Example case questions Hands-on activity identity match and merge Critical thinking exercise feudalism the security solution for the internet? Design case Chapter 9: Hardware and Software Controls Overview Password management Access control Firewalls Intrusion detection/prevention systems Patch management for operating systems and applications End point protection Example case AirTight Networks Chapter review questions Example case questions Hands-on activity host-based IDS (OSSEC) Critical thinking exercise extra-human security controls Design case Chapter 10: Shell Scripting Overview Introduction Output redirection Text manipulation Variables Conditionals User input Loops Putting it all together Example case Max Butler Summary Chapter review questions Example case questions Hands-on Activity basic scripting Critical thinking exercise script security Design case Chapter 11: Incident Handling Introduction Incidents overview Incident handling The disaster Example case on-campus piracy Summary Chapter review questions Example case questions Hands-on activity incident timeline using OSSEC Critical thinking exercise destruction at the EDA Design case Chapter 12: Incident Analysis Introduction Log analysis Event criticality General log configuration and maintenance Live Incident response Timelines Other forensics topics Example case - backup server compromise Chapter review questions Example case questions Hands-on activity server log analysis Critical thinking exercise destruction at the EDA (contd.) Design case Chapter 13: Policies, Standards, and Guidelines Introduction Guiding principles Writing a policy Impact assessment and vetting Policy review Compliance Key Policy Issues Example case H B Gary Summary Reference Chapter review questions Example case questions Hands-on activity create an AUP Critical thinking exercise aaron swartz Design Case Chapter 14: IT risk analysis and risk management Overview Introduction Risk management as a component of organizational management Risk management framework The NIST 800-39 framework Risk assessment Other risk management frameworks IT general controls for sarbanes-oxley compliance Compliance versus risk management Selling security Example case online marketplace purchases Summary Chapter review questions Hands-on activity risk assessment using lsof Critical thinking exercise risk estimation biases Design Case Appendix A: Password List for the Linux Virtual Machine Glossary Index