Access Control, Authentication, and Public Key Infrastructure, Second Edition

Access Control, Authentication, and Public Key Infrastructure, Second Edition

Mike Chapple, Bill Ballad, Tricia Ballad, and Erin Banks
ISBN-13: 978-1-284-03159-1
400 pages
© 2014

Learn More
Request a Review Copy

  • Description
  • Applied Labs
  • Table of Contents
  • Course Objectives
  • Resources

Access control protects resources against unauthorized viewing, tampering, or destruction. They serve as a primary means of ensuring privacy, confidentiality, and prevention of unauthorized disclosure. Revised and updated with the latest data from this fast paced field, Access Control, Authentication, and Public Key Infrastructure, Second Edition defines the components of access control, provides a business framework for implementation, and discusses legal requirements that impact access control programs. It looks at the risks, threats, and vulnerabilities prevalent in information systems and IT infrastructures and how to handle them. It provides a student and professional resource that details how to put access control systems to work as well as testing and managing them.

Key Features

  • Updated references to Windows 8 and Outlook 2011.
  • A new discussion of recent Chinese hacking incidents.
  • Examples depicting the risks associated with a missing unencrypted laptop containing private data.
  • New sections on the Communications Assistance for Law Enforcement Act (CALEA) and granting Windows folder permissions are added.
  • New information on the Identity Theft Enforcement and Restitution Act and the Digital Millennium Copyright Act (DMCA).

This title is available with Virtual Security Cloud Labs – delivered in a first-of-its-kind cloud computing environment- that provides a fully immersive mock IT infrastructure enabling hands-on-experiential learning. An integrated lab manual is available to assist you with these labs.

Lab #1: Configuring an Active Directory Domain Controller
Lab #2: Managing Windows Accounts and Organizational Units
Lab #3: Configuring Windows File System Permissions
Lab #4: Managing Group Policy Objects in Active Directory
Lab #5: Configuring Windows Firewall
Lab #6: Managing Linux Accounts
Lab #7: Configuring Linux File System Permissions
Lab #8: Encrypting and Decrypting Files with PKI
Lab #9: Authenticating Security Communications with Digital Signatures
Lab #10: Encrypting and Decrypting Web Traffic with HTTPS
Part 1: The Need for Access Control Systems
Chapter 1: Access Control Framework
Chapter 2: Assessing Risk and Its Impact on Access Control
Chapter 3: Business Drivers for Access Controls
Chapter 4: Access Controls Law, Policies, and Standards
Chapter 5: Security Breaches and the Law
Part 2: Mitigating Risk with Access Control Systems, Authentication, and PKI
Chapter 6: Mapping Business Challenges to Access Control Types
Chapter 7: Human Nature and Organizational Behavior
Chapter 8: Access Control for Information Systems
Chapter 9: Physical Security and Access Control
Chapter 10: Access Control in the Enterprise
Part 3: Implementing, Testing, and Managing Access Control Systems
Chapter 11: Access Control System Implementations
Chapter 12: Access Control Solutions for Remote Workers
Chapter 13: Public Key Infrastructure and Encryption
Chapter 14: Testing Access Control Systems
Chapter 15: Access Control Assurance
  1. Define authorization and access to an IT infrastructure based on an access control policy framework.
  2. Mitigate risk to an IT infrastructure’s confidentiality, integrity, and availability with sound access controls.
  3. Analyze how a data classification standard impacts an IT infrastructure’s access control requirements and implementation.
  4. Develop an access control policy framework consisting of best practices for policies, standards, procedures, and guidelines to mitigate unauthorized access.
  5. Define proper security controls within the User Domain to mitigate risks and threats caused by human behavior.
  6. Implement appropriate access controls for information systems within IT infrastructures.
  7. Design appropriate authentication solutions throughout an IT infrastructure based on user types and data classification standards.
  8. Implement a secure remote access solution.
  9. Implement PKI and encryption solutions to ensure the confidentiality of business communications.
  10. Mitigate risk from unauthorized access to IT systems through proper testing and reporting.

Instructor Resources include:

  • PowerPoint Lectures
  • Instructor’s Guide
  • Test and Quiz Items
  • Sample Syllabus
  • Case Scenarios/Handouts
  • Handouts
  • Projects
  • Study Guide
  • Time on Task
  • Content Map