Readings And Cases In Information Security: Law & Ethics,
2014
Kennesaw State University
Readings And Cases In Information Security: Law & Ethics, Michael Whitman, Herbert Mattord
Herbert J. Mattord
Readings and Cases in Information Security: Law & Ethics provides a depth of content and analytical viewpoint not found in many other books. Designed for use with any Cengage Learning security text or as a standalone professional reference, this book offers readers a real-life view of information security management, including the ethical and legal issues associated with various on-the-job experiences. Included are a wide selection of foundational readings and scenarios from a variety of experts to give the reader the most realistic perspective of a career in information security.
Readings And Cases In The Management Of Information Security,
2014
Kennesaw State University
Readings And Cases In The Management Of Information Security, Michael Whitman, Herbert Mattord
Herbert J. Mattord
These readings provide students with a depth of content and analytical perspective not found in other textbooks. Organized into five units, Planning, Policy, People, Projects and Protection, each unit includes items such as academic research papers, summaries of industry practices or written cases to give students valuable resources to use as industry professionals.
Management Of Information Security, 1st Edition,
2014
Kennesaw State University
Management Of Information Security, 1st Edition, Michael Whitman, Herbert Mattord
Herbert J. Mattord
Management of Information Security is designed for senior and graduate-level business and information systems students who want to learn the management aspects of information security. This text takes a "view from the top" and presents important information for future managers regarding information security. The material covered in this text is often part of a capstone course in an information security.
Assessing Relative Weights Of Authentication Components: An Expert Panel Approach,
2014
Kennesaw State University
Assessing Relative Weights Of Authentication Components: An Expert Panel Approach, Herbert J. Mattord, Yair Levy, Steven Furnell
Herbert J. Mattord
Organizations rely on password-based authentication methods to control access to many Web-based systems. In a recent study, we developed a benchmarking instrument to assess the authentication methods used in these contexts. Our instrument developed included extensive literature foundation and an expert panel assessment. This paper reports on the development of the instrument and the expert panel assessment. The initial draft of the instrument was derived from literature to assess 1) password strength requirements, 2) password usage methods, and 3) password reset requirements. Following, the criteria within the index were evaluated by an expert panel and the same panel provided opinions …
Management Of Information Security, 2nd Edition,
2014
Kennesaw State University
Management Of Information Security, 2nd Edition, Michael Whitman, Herbert Mattord
Herbert J. Mattord
Information security-driven topic coverage is the basis for this updated book that will benefit readers in the information technology and business fields alike. Management of Information Security, provides an overview of information security from a management perspective, as well as a thorough understanding of the administration of information security. Written by two Certified Information Systems Security Professionals (CISSP), this book has the added credibility of incorporating the CISSP Common Body of Knowledge (CBK), especially in the area of information security management. The second edition has been updated to maintain the industry currency and academic relevance that made the previous edition …
Rethinking Risk-Based Information Security,
2014
Kennesaw State University
Rethinking Risk-Based Information Security, Herbert Mattord
Herbert J. Mattord
The information security discipline has a common body of knowledge comprised of many facts, techniques, and ways for its practitioners to accomplish the objectives of securing the information assets of the companies by which they are employed. Sometimes these practitioners simply do things the way they have always been done. Perhaps some of the practices need to be reexamined. One that needs attention is the way that risk-based decision making is applied in places that it may not improve the outcomes of the problems being addressed.
Guide To Firewalls And Network Security: Intrusion Detection And Vpns, 2nd Edition,
2014
Kennesaw State University
Guide To Firewalls And Network Security: Intrusion Detection And Vpns, 2nd Edition, Michael Whitman, Herbert Mattord, Richard Austin, Greg Holden
Herbert J. Mattord
Firewalls are among the best-known security tools in use today, and their critical role in information security continues to grow. However, firewalls are most effective when they are backed by effective security planning, a well-designed security policy, and when they work in concert with anti-virus software, intrusion detection systems, and other tools. This book aims to explore firewalls in the context of these other elements, providing readers with a solid, in-depth introduction to firewalls that focuses on both managerial and technical aspects of security. Coverage includes packet filtering, authentication, proxy servers, encryption, bastion hosts, virtual private networks (VPNs), log file …
Principles Of Information Security, 3rd Edition,
2014
Kennesaw State University
Principles Of Information Security, 3rd Edition, Michael Whitman, Herbert Mattord
Herbert J. Mattord
Explore the field of information security and assurance with this valuable resource that focuses on both the managerial and technical aspects of the discipline. Principles of Information Security, Third Edition builds on internationally recognized standards and bodies of knowledge to provide the knowledge and skills that information systems students need for their future roles as business decision-makers. Coverage includes key knowledge areas of the CISSP (Certified Information Systems Security Professional), as well as risk management, cryptography, physical security, and more. The third edition has retained the real-world examples and scenarios that made previous editions so successful, but has updated the …
Making Users Mindful Of It Security,
2014
Kennesaw State University
Making Users Mindful Of It Security, Michael Whitman, Herbert Mattord
Herbert J. Mattord
The article discusses ways to make users mindful of Information Technology (IT) security. Security awareness programs ensure that employees understand the importance of security and the adverse consequences of its failure; they also remind users of the procedures to be followed. Awareness training is vital to keeping the idea of IT security uppermost in employees' minds. While federal agencies in the U.S. are required to train employees in computer security awareness, such training is voluntary in the private sector. It is, however, no less vital. Every company should integrate a security awareness program into the IT training program.
Management Of Information Security, 3rd Edition,
2014
Kennesaw State University
Management Of Information Security, 3rd Edition, Michael Whitman, Herbert Mattord
Herbert J. Mattord
Management of Information Security, Third Edition focuses on the managerial aspects of information security and assurance. Topics covered include access control models, information security governance, and information security program assessment and metrics. Coverage on the foundational and technical components of information security is included to reinforce key concepts. This new edition includes up-to-date information on changes in the field such as revised sections on national and international laws and international standards like the ISO 27000 series. With these updates, Management of Information Security continues to offer a unique overview of information security from a management perspective while maintaining a finger …
Transparency In Infosec Design ,
2014
Kennesaw State University
Transparency In Infosec Design , Herbert Mattord, Michael Whitman
Herbert J. Mattord
Information system capabilities continue to expand. In two particular areas, that of the surveillance records and personal data, a public policy debate is underway. This debate regards the relationship between the rights of the individual to freedom from unwanted observation and the rights of the organization to collect and use data for its own legitimate purposes. This discussion encompasses privacy as well as a broader concern with what life could be like in a surveillance-based society. The fundamental question facing information systems designers is whether or not to use the contemporary approach of striving for secrecy, or to look for …
Infosec Policy - The Basis For Effective Security Programs,
2014
Kennesaw State University
Infosec Policy - The Basis For Effective Security Programs, Herbert Mattord, Michael Whitman
Herbert J. Mattord
The success of any information security program lies in policy development. The lack of success in any particular program can often be attributed to this unmet need to build the foundation for success. In 1989, the National Institute of Standards and Technology addressed this point in Special Publication SP 500-169: Executive Guide to the Protection of Information Resources (1989): The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information …
Improving Information Security Through Policy Implementation,
2014
Kennesaw State University
Improving Information Security Through Policy Implementation, Herbert J. Mattord, Michael E. Whitman
Herbert J. Mattord
Information security policy is essential to the success of any information security program because it is the primary process used by organizations to influence the performance of personnel in ways that enhance the information security of the organization’s information assets. Whereas computer security can be thought of as the processes and techniques of securing IT hardware, software and data (including networks), information security is a broader concept. The processes of information security are concerned with the protection of the confidentiality, integrity and availability of information within systems comprising hardware, software, networks, data, procedures and personnel. As organizations change through evolution …
Principles Of Information Security, 2nd Edition,
2014
Kennesaw State University
Principles Of Information Security, 2nd Edition, Michael Whitman, Herbert Mattord
Herbert J. Mattord
Principles of Information Security examines the field of information security to prepare information systems students for their future roles as business decision-makers. This textbook presents a balance of the managerial and the technical aspects of the discipline and addresses knowledge areas of the CISSP (Certified Information Systems Security Professional) certification throughout. The authors discuss information security within a real-world context, by including examples of issues faced by today's professionals and by including tools, such as an opening vignette and "Offline" boxes with interesting sidebar stories in each chapter. Principles of Information Security also offers extensive opportunities for hands-on work.
Roadmap To Information Security: For It And Infosec Managers,
2014
Kennesaw State University
Roadmap To Information Security: For It And Infosec Managers, Michael Whitman, Herbert Mattord
Herbert J. Mattord
Roadmap to Information Security: For IT and Infosec Managers provides a solid overview of information security and its relationship to the information needs of an organization. Content is tailored to the unique needs of information systems professionals who find themselves brought in to the intricacies of information security responsibilities. The book is written for a wide variety of audiences looking to step up to emerging security challenges, ranging from students to experienced professionals. This book is designed to guide the information technology manager in dealing with the challenges associated with the security aspects of their role, providing concise guidance on …
It Project Managers' Perceptions And Use Of Virtual Team Technologies,
2014
Salisbury University
It Project Managers' Perceptions And Use Of Virtual Team Technologies, Catherine Beise, Fred Niederman, Herbert Mattord
Herbert J. Mattord
This paper presents the results of a case study pertaining to the use of information and communication media to support a range of project management tasks. A variety of electronic communication tools have evolved to support collaborative work and virtual teams. Few of these tools have focused specifically on the needs of project managers. In an effort to learn how practicing IT project managers employ these tools, data were collected at a North American Fortune 500 industrial company via interviews with IT project managers regarding their use and perceptions of electronic media within the context of their work on project …
A Draft Model Curriculum For Programs Of Study In Information Security And Assurance,
2014
Kennesaw State University
A Draft Model Curriculum For Programs Of Study In Information Security And Assurance, Michael E. Whitman, Herbert J. Mattord
Herbert J. Mattord
With the dramatic increase in threats to information security, there is a clear need for a corresponding increase in the number of information security professional. With a lack of formal curriculum models, many academic institutions are unprepared to implement the courses and laboratories needed to prepare this special class of information technologist. This paper provides an overview of lessons learned in the implementation of both individual courses and a degree concentration in information security. It refers to a more comprehensive document, available on the Web, which includes the methodology used in developing the curriculum, individual course syllabi for recommended components, …
Factors Of Password-Based Authentication,
2014
Kennesaw State University
Factors Of Password-Based Authentication, Herbert J. Mattord, Yair Levy, Steven Furnell
Herbert J. Mattord
Organizations continue to rely on password-based authentication methods to control access to many Web-based systems. This research study developed a benchmarking instrument intended to assess authentication methods used in Web-based information systems (IS. This approach explored how authentication practices can be measured in three component areas: 1) password strength requirements, 2) password usage methods, and 3) password reset requirements. This report explores the criteria that are required to define these component areas.
Defending Cyber Terrorism - A Game Theoretic Modeling Approach,
2014
Kennesaw State University
Defending Cyber Terrorism - A Game Theoretic Modeling Approach, Tridib Bandyopadhyay, Herbert J. Mattord
Herbert J. Mattord
In this work we attempt to develop a game theoretic model that can indicate the nuances of strategic investments in the face of possible cyber terrorist attacks. First, we briefly review the literature on terrorism. Second, we identify the „cyber‟ factors in terrorism, and how this new mode of attack alters the general scenario. Then, beginning with a naïve counter terrorism model, we incrementally incorporate the factors of cyber terrorism to develop our game theoretic model. Our current work is geared towards developing a model that can adequately incorporate the cyber factors of today‟s networked economy. In this report, we …
Principles Of Information Security, 4th Edition,
2014
Kennesaw State University
Principles Of Information Security, 4th Edition, Michael Whitman, Herbert Mattord
Herbert J. Mattord
The fourth edition of Principles of Information Security explores the field of information security and assurance with updated content including new innovations in technology and methodologies. Students will revel in the comprehensive coverage that includes a historical overview of information security, discussions on risk management and security technology, current certification information, and more. The text builds on internationally-recognized standards and bodies of knowledge to provide the knowledge and skills students need for their future roles as business decision-makers. Information security in the modern organization is a management issue which technology alone cannot answer; it is a problem that has important …
