Fundamentals of Information System Security, Third Edition

Fundamentals of Information System Security, Third Edition

David Kim and Michael Solomon
ISBN-13: 978-1-284-11645-8
575 pages
© 2018

Learn More
Request a Review Copy

  • Description
  • Applied Labs
  • Table of Contents
  • Course Objectives
  • Resources

Revised and updated with the latest data in the field, Fundamentals of Information Systems Security, Third Edition provides a comprehensive overview of the essential concepts readers must know as they pursue careers in information systems security. The text opens with a discussion of the new risks, threats, and vulnerabilities associated with the transition to a digital world. Part 2 presents a high level overview of the Security+ Exam and provides students with information as they move toward this certification. The book closes with information on information security standards, education, professional certifications, and compliance laws. With its practical, conversational writing style and step-by-step examples, this text is a must-have resource for those entering the world of information systems security.

Key Features

  • Maps fully to the six major domains of the CompTIA Security+ SY0-401 Certification exam
  • Updated to include coverage on recent compliance law and standards updates, including FISMA, NIST SP800-171, and PCI DSS v3.2
  • New content on advanced malware and APT attacks to the end points such as ransomware and crypto locker
  • Addresses data breach and data breach incident response planning
  • Introduces recent “Internet of Things” risk threats and privacy issues
  • Available with the Virtual Security Cloud Labs which provide a hands-on, immersive mock IT infrastructure enabling students to test their skills with realistic security scenarios

This title is available with Virtual Security Cloud Labs – delivered in a first-of-its-kind cloud computing environment- that provides a fully immersive mock IT infrastructure enabling hands-on-experiential learning. An integrated lab manual is available to assist you with these labs.

Lab #1: Performing Reconnaissance and Probing Using Common Tools
Lab #2: Performing a Vulnerability Assessment
Lab #3: Enabling Windows Active Directory and User Access Controls
Lab #4: Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control
Lab #5: Performing Packet Capture and Traffic Analysis
Lab #6: Implementing a Business Continuity Plan
Lab #7: Using Encryption to Enhance Confidentiality and Integrity
Lab #8: Performing a Web Site and Database Attack by Exploiting
Identified Vulnerabilities
Lab #9: Eliminating Threats with a Layered Security Approach
Lab #10: Implementing an Information Systems Security Policy
Part 1: The Need for Information Security
Chapter 1: Information Systems Security
Chapter 2: The Internet of Things is Changing How We Live
Chapter 3: Malicious Attacks, Threats, and Vulnerabilities
Chapter 4: The Drivers of the Information Security Business
Part 2: Securing Today’s Information Systems
Chapter 5: Access Controls
Chapter 6: Security Operations and Administration
Chapter 7: Auditing, Testing, and Monitoring
Chapter 8: Risk, Response, and Recovery
Chapter 9: Cryptography
Chapter 10: Networks and Telecommunications
Chapter 11: Malicious Code and Activity
Part 3: Information Security Standards, Education, Certification, and Laws
Chapter 12: Information Security Standards
Chapter 13: Information Systems Security Education and Training
Chapter 14: Information Security Professional Certifications
Chapter 15: US Compliance Laws
  1. Explain the concepts of information systems security as applied to an IT infrastructure.
  2. Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.
  3. Explain the role of access controls in implementing a security policy.
  4. Explain the role of operations and administration in effective implementation of security policy.
  5. Explain the importance of security audits, testing, and monitoring to effective security policy.
  6. Describe the principles of risk management, common response techniques, and issues related to recovery of IT systems.
  7. Explain how businesses apply cryptography in maintaining information security.
  8. Analyze the importance of network principles and architecture to security operations.
  9. Explain the means attackers use to compromise systems and networks and defenses used by organizations.
  10. Apply international and domestic information security standards and compliance laws to real-world implementation in both the private and public sector.

Instructor Resources include:

  • PowerPoint Lectures
  • Instructor’s Guide
  • Test and Quiz Items
  • Sample Syllabus
  • Case Scenarios/Handouts
  • Handouts
  • Projects
  • Study Guide
  • Time on Task
  • Content Map