Richard E. Smith - Elementary Information Security

World Headquarters
Jones & Bartlett Learning
5 Wall Street
Burlington MA 01803
978-443-5000
www.jblearning.com

Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com.

Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to .

Copyright 2021 by Jones & Bartlett Learning, LLC, an Ascend Learning Company

All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner.

The content, statements, views, and opinions herein are the sole expression of the respective authors and not that of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement or recommendation by Jones & Bartlett Learning, LLC and such reference shall not be used for advertising or product endorsement purposes. All trademarks displayed are the trademarks of the parties noted herein. Elementary Information Security, Third Edition is an independent publication and has not been authorized, sponsored, or otherwise approved by the owners of the trademarks or service marks referenced in this product.

There may be images in this book that feature models; these models do not necessarily endorse, represent, or participate in the activities represented in the images. Any screenshots in this product are for educational and instructive purposes only. Any individuals and scenarios featured in the case studies throughout this product may be real or fictitious, but are used for instructional purposes only.

21362-1

Production Credits
VP, Product Management: Amanda Martin
Director of Product Management: Laura Pagluica
Product Manager: Edward Hinman
Product Assistant: Loren-Marie Durr, Melissa Duffy
Senior Project Specialist: Vanessa Richards
Project Specialist, Navigate: Kristine Janssens
Digital Project Specialist: Angela Dooley
Marketing Manager: Michael Sullivan
Product Fulfillment Manager: Wendy Kilborn
Composition: codeMantra U.S. LLC
Cover Design: Michael ODonnell
Text Design: Kristin E. Parker
Rights & Media Manager: Shannon Sheehan
Rights & Media Specialist: Rebecca Damon
Cover Image (Title Page, Chapter Opener): Digital_Art/Shutterstock
Printing and Binding: CJK Group Inc.
Cover Printing: CJK Group Inc.

Library of Congress Cataloging-in-Publication Data
Names: Smith, Richard E., 1952- author.
Title: Elementary information security / Richard E. Smith.
Description: Third edition. | Burlington, Massachusetts: Jones & Bartlett Learning, [2021] | Includes index.
Identifiers: LCCN 2019009851 | ISBN 9781284153040 (pbk.)
Subjects: LCSH: Computer security. | Computer networksSecurity measures.
Classification: LCC QA76.9.A25 S652 2019 | DDC 005.8dc23
LC record available at https://lccn.loc.gov/2019009851

6048

Printed in the United States of America
23 22 21 20 19 10 9 8 7 6 5 4 3 2 1

Digital_Art/Shutterstock

Contents

Digital_Art/Shutterstock

Preface

About the Text

The goal of this text is to introduce college students to information security. Security often involves social and organizational skills as well as technical understanding. To solve practical security problems, we must balance real-world risks and rewards against the cost and bother of available security techniques. This text uses continuous process improvement to integrate these elements.

Security is a broad field. Some students may excel in the technical aspects, while others may shine in the more social or process-oriented aspects. Many successful students fall between these poles. This text offers opportunities for all types of students to excel.

Introducing Technology

If we want a solid understanding of security technology, we must look closely at the underlying strengths and weaknesses of information technology itself. This requires a background in computer architecture, operating systems, and computer networking. Its hard for a typical college student to achieve breadth and depth in these subjects and still have time to really study security.

Instead of leaving a gap in students understanding, this text provides introductions to essential technical topics. explains the basics of computer operation and instruction execution. This prepares students for a description of process separation and protection, which illustrates the essential role of operating systems in enforcing security.

Chapter 5 introduces file systems and input/output in modern operating systems. This lays a foundation for forensic file system analysis. It also shows students how a modern operating system organizes a complex service. This sets the stage for s introduction to computer networking and protocol software.

Introducing Continuous Process Improvement

The text organizes security problem-solving around the Risk Management Framework. introduces the framework in two forms, one tailored to smaller enterprises, followed with a simple approach to risk analysis. Subsequent chapters introduce system monitoring and incident response as ways to assess and improve system security.

Each step in the framework builds on earlier steps. Each step also provides a chance to assess how well our work addresses our security needs. This is the essence of continuous process improvement.

In order to give students an accurate view of process improvement, the text introduces document structures that provide cross-references between different steps of the process. We use elements of each earlier phase to construct information in the following phase, and we often provide a link back to earlier data to ensure complete coverage. While this may seem like nit-picking in some cases, it allows mastery of essential forms of communication in the technical and professional world.

Intended Audience

When used as a textbook, the material within is intended for lower division undergraduates, or for students in a 2-year community college program. Students should have completed high school mathematics. Typical students should have also completed an introductory computing or programming course.

Instructors may want to use this text for either a one- or two-semester course. A one-semester course would usually cover one chapter a week; the instructor may want to combine a couple of earlier chapters or skip the final chapter. Some institutions may find it more effective to teach the material over a full year. This gives the students more time to work with the concepts and to cover all topics in depth.