Fundamentals of Information Systems Security, Second Edition

PART OF THE JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES

Revised and updated with the latest information from this fast-paced field, Fundamentals of Information System Security, Second Edition provides a comprehensive overview of the essential concepts readers must know as they pursue careers in information systems security. The text opens with a discussion of the new risks, threats, and vulnerabilities associated with the transformation to a digital world, including a look at how business, government, and individuals operate today. Part 2 is adapted from the Official (ISC)2 SSCP Certified Body of Knowledge and presents a high-level overview of each of the seven domains within the System Security Certified Practitioner certification. The book closes with a resource for readers who desire additional material on information security standards, education, professional certifications, and compliance laws. With its practical, conversational writing style and step-by-step examples, this text is a must-have resource for those entering the world of information systems security.

New to the Second Edition:

• New material on cloud computing, risk analysis, IP mobility, OMNIBus, and Agile Software Development.
• Includes the most recent updates in Information Systems Security laws, certificates, standards, amendments, and the proposed Federal Information Security Amendments Act of 2013 and HITECH Act.
• Provides new cases and examples pulled from real-world scenarios.
• Updated data, tables, and sidebars provide the most current information in the field.

About the Authors

DAVID KIM is is the president of Security Evolutions, Inc. (SEI—security-evolutions.com), located outside the metropolitan Philadelphia area. SEI provides governance, risk, and compliance consulting services for public and private sector clients globally. SEI's clients include healthcare institutions, banking institutions, governments, and international airports. SEI's IT security consulting services include security risk assessments, vulnerability assessments, compliance audits, and designing of layered security solutions for enterprises. In addition, availability services include developing business continuity and disaster recovery plans. Mr. Kim's IT and IT security experience encompasses more than 28 years of technical engineering, technical management, and sales and marketing management. This experience includes LAN/WAN, internetworking, enterprise network management, and IT security for voice, video, and data networking infrastructures. He is an accomplished author and part-time adjunct professor who enjoys teaching cybersecurity to students across the United States.

MICHAEL G. SOLOMON (CISSP, PMP, CISM) is a full-time security speaker, consultant, and author, and a former university instructor who specializes in development and assessment security topics. As an IT professional and consultant since 1987, he has worked on projects for more than 100 major companies and organizations. From 1998 until 2001, he was an instructor in the Kennesaw State University Computer Science and Information Sciences (CSIS) department, where he taught courses on software project management, C programming, computer organization and architecture, and data communications. Solomon holds an MS in mathematics and computer science from Emory University (1998), and a BS in computer science from Kennesaw State University (1987). He is currently pursuing a PhD in computer science and informatics at Emory University with a research focus on confidentiality assurance in untrusted cloud environments. He has also authored and contributed to various security books, including Security Strategies in Windows Platforms and Applications (Jones & Bartlett Learning, 2011), Auditing IT Infrastructures for Compliance (Jones & Bartlett Learning, 2011), and Computer Forensics JumpStart, 2nd Edition (Sybex, 2011). Solomon coauthored Information Security Illuminated (Jones and Bartlett, 2005), Security Lab Guide (Sybex, 2005), PMP ExamCram2 (Que, 2005), and authored and provided the on-camera delivery of LearnKey's CISSP Prep and PMP Prep e-Learning courses.