A multidisciplinary introduction to information security /
[Book]
[edited by] Stig F. Mjølsnes
xxv, 322 pages :
illustrations ;
25 cm
Discrete mathematics and its applications
Includes bibliographical references and index
Note continued: 10.3.4.Threat Analysis and Modeling / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.3.5.Documentation of Security Requirements / M.G. Jaatun / J. Jensen / I.A. Tondel / P.H. Meland -- 10.3.6.Variants Based on Specific Software Methodologies / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.3.7.LyeFish Example Continued / M.G. Jaatun / P.H. Meland / J. Jensen / I.A. Tondel -- 10.4.Secure Software Design / M.G. Jaatun / J. Jensen / I.A. Tondel / P.H. Meland -- 10.4.1.Security Architecture / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.4.2.Security Design Guidelines / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.4.2.1.Security Design Principles / M.G. Jaatun / J. Jensen / I.A. Tondel / P.H. Meland -- 10.4.2.2.Security Patterns / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.4.3.Threat Modeling and Security Design Review / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.4.4.Putting It into Practice -- More LyeFish / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.4.4.1.Applying Security Design Principles / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.4.4.2.Making Use of Security Design Patterns / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.4.4.3.Make Use of Tools for Threat Modeling / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.4.4.4.Performing Security Review / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.5.Testing for Software Security / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.5.1.Background / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.5.2.The Software Security Testing Cycle / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.5.3.Risk-Based Security Testing / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.5.4.Managing Vulnerabilities in SODA / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.5.5.Example -- Testing LyeFish / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.6.Summary / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.7.Further Reading and Web Sites / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- Bibliography / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 11.1.Introduction / S.J. Knapskog -- 11.2.ISO/IEC 15408, Part 1/3 Evaluation Criteria for IT Security (CC) / S.J. Knapskog -- 11.2.1.The Development of the Standard / S.J. Knapskog -- 11.2.2.Evaluation Model / S.J. Knapskog -- 11.2.3.Security Requirements / S.J. Knapskog -- 11.3.Definition of Assurance / S.J. Knapskog -- 11.4.Building Confidence in the Evaluation Process / S.J. Knapskog -- 11.5.Organizing the Requirements in the CC / S.J. Knapskog -- 11.6.Assurance Elements / S.J. Knapskog -- 11.7.Functional Classes / S.J. Knapskog -- 11.8.Protection Profiles (PPs) / S.J. Knapskog -- 11.9.Protection Profile Registries / S.J. Knapskog -- 11.10.Definition of a Security Target (ST) / S.J. Knapskog -- 11.11.Evaluation of a Security Target (ST) / S.J. Knapskog -- 11.12.Evaluation Schemes / S.J. Knapskog -- 11.13.Evaluation Methodology / S.J. Knapskog -- 11.14.Summary / S.J. Knapskog -- 11.15.Further Reading and Web Sites / S.J. Knapskog -- Bibliography / S.J. Knapskog -- 12.1.The Crime Scene / S.F. Mjølsnes / S.Y. Willassen -- 12.2.Forensic Science and ICT / S.Y. Willassen / S.F. Mjølsnes -- 12.3.Evidence / S.Y. Willassen / S.F. Mjølsnes -- 12.3.1.Judicial Evidence / S.Y. Willassen / S.F. Mjølsnes -- 12.3.2.Digital Evidence / S.Y. Willassen / S.F. Mjølsnes -- 12.3.3.Evidential Reasoning / S.Y. Willassen / S.F. Mjølsnes -- 12.3.4.Lack of Evidence / S.Y. Willassen / S.F. Mjølsnes -- 12.4.The Digital Investigation Process / S.Y. Willassen / S.F. Mjølsnes -- 12.5.Digital Evidence Extraction / S.Y. Willassen / S.F. Mjølsnes -- 12.5.1.Sources of Digital Evidence / S.Y. Willassen / S.F. Mjølsnes -- 12.5.2.Extraction / S.Y. Willassen / S.F. Mjølsnes -- 12.6.Digital Evidence Analysis Techniques / S.Y. Willassen / S.F. Mjølsnes -- 12.7.Anti-Forensics / S.Y. Willassen / S.F. Mjølsnes -- 12.8.Further Reading and Web Sites / S.Y. Willassen / S.F. Mjølsnes -- Bibliography / S.Y. Willassen / S.F. Mjølsnes -- 13.1.Risk Assessment in the Risk Management Process / S. Haugen -- 13.2.Terminology / S. Haugen -- 13.2.1.Risk / S. Haugen -- 13.2.2.Vulnerability / S. Haugen -- 13.2.3.Hazards, Threats, Sources, and Events / S. Haugen -- 13.2.4.Risk Analysis, Risk Evaluation, and Risk Assessment / S. Haugen -- 13.3.Main Elements of the Risk Assessment Process / S. Haugen -- 13.3.1.Establish Context / S. Haugen -- 13.3.2.Describe System, Controls, and Vulnerabilities / S. Haugen -- 13.3.3.Identify Assets / S. Haugen -- 13.3.4.Identify Threats / S. Haugen -- 13.3.5.Identify Events and Causes and Estimate Likelihood / S. Haugen -- 13.3.6.Identify and Estimate Consequences / S. Haugen -- 13.3.7.Estimate Risk Level / S. Haugen -- 13.3.8.Risk Evaluation / S. Haugen -- 13.3.9.Risk Treatment / S. Haugen -- 13.4.Summary / S. Haugen -- 13.5.Further Reading and Web Sites / S. Haugen -- Bibliography / S. Haugen -- 14.1.A Risk Governance Framework Applied to Information Security / J. Hoyden / E. Albrechtsen -- 14.2.Regulations and Control / J. Hoyden / E. Albrechtsen -- 14.3.Information Security Management / J. Hoyden / E. Albrechtsen -- 14.3.1.Formal and Informal / J. Hoyden / E. Albrechtsen -- 14.3.2.Formal Approaches to Information Security Management / J. Hoyden / E. Albrechtsen -- 14.3.3.Informal Aspects of Information Security Management / J. Hoyden / E. Albrechtsen -- 14.3.4.Information Security Culture / J. Hoyden / E. Albrechtsen -- 14.4.Further Reading and Web Sites / J. Hoyden / E. Albrechtsen -- Bibliography / J. Hoyden / E. Albrechtsen
Security electronics -- Public key cryptography -- Cryptographic hash functions -- Quantum cryptography -- Cryptographic protocols -- Public key distribution -- Wireless network access -- Mobile security -- A lightweight approach to secure software engineering -- ICT security evaluation -- ICT and forensic science -- Risk assessment Information security management - from regulations to end-users
0
0
"Preface The problems of information security is a truly multidisciplinary field of study, ranging from the methods of pure mathematics through computer and telecommunication sciences to social sciences. The intention of this multiauthored book is to o er an introduction to a wide set of topics in ICT information security, privacy and safety. Certainly, the aim has not been to present a complete treatment of this vast and expanding area of practical and theoretical knowledge. Rather, the hope is that the selected range of topics presented here may attract a wider audience of students and professionals than would each specialized topic by itself. Some of the information security topics contained in this book may be familiar turf for the reader already. However, the reader will likely also nd some new interesting topics presented here that are relevant to his or her professional needs, or for enhancement of knowledge and competence, or as an attractive starting point for further reading and in-depth studies. For instance, the book may provide an entrance and a guide to seek out more specialized courses available at universities and elsewhere, or as an inspiration for further work in projects and assignments. The start of this collection of information security topics goes back to a master level continuing education course that I organized in 2005, where more than 10 professors and researchers contributed from 6 di erent departments at the Norwegian University of Science and Technology. The topics included cryptography, hardware security, software security, communication and network security, intrusion detection systems, access policy and control, risk and vulnerability analysis, and security technology management"--