Breithaupt Jim - Information security: principles and practices

ePUB is an open, industry-standard format for eBooks. However, support of ePUB and its many features varies across reading devices and applications. Use your device or app settings to customize the presentation to your liking. Settings that you can customize often include font, font size, single or double column, landscape or portrait mode, and figures that you can click or tap to enlarge. For additional information about the settings and features on your reading device or app, visit the device manufacturers Web site.

Many titles include programming code or configuration examples. To optimize the presentation of these elements, view the eBook in single-column, landscape mode and adjust the font size to the smallest setting. In addition to presenting code and configurations in the reflowable text format, we have included images of the code that mimic the presentation found in the print book; therefore, where the reflowable format may compromise the presentation of the code listing, you will see a Click here to view code image link. Click the link to view the print-fidelity code image. To return to the previous page viewed, click the Back button on your device or app.

Principles and Practices

Second Edition

Mark S. Merkow
Jim Breithaupt

800 East 96th Street, Indianapolis, Indiana 46240 USA

Information Security: Principles and Practices, Second Edition

Copyright 2014 by Pearson Education, Inc.

All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein.

ISBN-13: 978-0-7897-5325-0
ISBN-10: 0-7897-5325-1

Library of Congress Control Number: 2014937271

Printed in the United States of America

First Printing: June 2014

Associate Publisher
Dave Dusthimer

Acquisitions Editor
Betsy Brown

Development Editor
Jeff Riley

Managing Editor
Sandra Schroeder

Senior Project Editor
Tonya Simpson

Copy Editor
Krista Hansing Editorial Services, Inc.

Indexer
Publishing Works

Proofreader
Paula Lowell

Technical Editors
Tatyana Zidarov
Chris Crayton

Publishing Coordinator
Vanessa Evans

Cover Designer
Alan Clements

Compositor
Trina Wurst

Trademarks

All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson IT Certification cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.

Warning and Disclaimer

Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an as is basis. The authors and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book.

Special Sales

For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at or (800) 382-3419.

For government sales inquiries, please contact .

For questions about sales outside the U.S., please contact .

When teaching a complex and ever-changing discipline such as information security, students are best served by beginning with a high-level understanding of the subject before they tackle the details. A solid grasp of the objectives, terminology, principles, and frameworks will help them understand how to place issues in a proper context for determining working solutions. That is the goal of this text: to introduce students to the most important topics of information security and pique their interest to learn more.

The body of knowledge (as it is called in the IT security industry) is vast, deep, and, at times, baffling. Solutions are not always straightforward because the problems they address are rarely intuitive. No cookbook or universal recipe for IT security success exists. Ideally, protecting computer systems from attacks and unauthorized access means anticipating problems and devising strategies to address how people, processes, and technologies interact. The goal, although not always realistic, is to prevent these problems from happening instead of simply reacting to them as so many organizations do today.

This is rarely easy.

This book navigates the ocean of information technology (IT) security issues while keeping the technical jargon to a minimum. Chapters are ordered to follow the major domains of the Common Body of Knowledge, to help prepare students for a more detailed examination of the topics, if that is their desire.

If you decide to enter the field of information security, youll find this book helpful in charting your course in joining the ranks of professionals and specialists in information security.

Mark Merkow, CISSP, CISM, CSSLP, is a technical director for a Fortune 100 financial services firm, where he works on implementing and operating a software security practice for the enterprise. He has more than 35 years of IT experience, including 20 years in IT security. Mark has worked in a variety of roles, including applications development, systems analysis and design, security engineering, and security management. Mark holds a masters degree in decision and info systems from Arizona State University (ASU), a masters of education in Distance Learning from ASU, and a bachelors degree in Computer Info Systems from ASU.

Jim Breithaupt is a data integrity manager for a major bank, where he manages risk for a large data mart. He has more than 30 years of data processing experience and has co-authored several other books on information systems and information security, along with Mark Merkow.

From Mark Merkow:

To begin, Im deeply grateful to my friend and co-author, Jim, who has an amazing ability to turn the obscure into the transparent. Without Jim, there would be no book.

Thanks to my wife, Amy Merkow, as always, for her positive attitude, full support, and unwavering belief in the written word.

I also want to thank our far-scattered children, Josh Merkow, Jasmine Merkow, Brandon Bohlman, and Caitlyn Bohlman, for their support throughout the writing process.

Tremendous thanks goes to Betsy Brown, Tonya Simpson, and the entire staff at Pearson, along with Jeff Riley at Box Twelve Communications, for their commitment to excellence, efficiency, and positive attitude, all of which make working with them a total pleasure.

Special thanks goes to my agent, Carole Jelen at Waterside Productions, for the remarkable effort that goes into book contracting and publication.