You are previewing The Basics of Information Security, 2nd Edition.
O'Reilly logo
The Basics of Information Security, 2nd Edition

Book Description

As part of the Syngress Basics series, The Basics of Information Security provides you with fundamental knowledge of information security in both theoretical and practical aspects. Author Jason Andress gives you the basic knowledge needed to understand the key concepts of confidentiality, integrity, and availability, and then dives into practical applications of these ideas in the areas of operational, physical, network, application, and operating system security.

The Basics of Information Security gives you clear-non-technical explanations of how infosec works and how to apply these principles whether you're in the IT field or want to understand how it affects your career and business. The new Second Edition has been updated for the latest trends and threats, including new material on many infosec subjects.



  • Learn about information security without wading through a huge textbook
  • Covers both theoretical and practical aspects of information security
  • Provides a broad view of the information security field in a concise manner
  • All-new Second Edition updated for the latest information security trends and threats, including material on incident response, social engineering, security awareness, risk management, and legal/regulatory issues

Table of Contents

  1. Cover image
  2. Title page
  3. Copyright
  4. Dedication
  5. Author Biography
  6. Introduction
    1. Book overview and key learning points
    2. Book audience
    3. How this book is organized
    4. Conclusion
  7. Chapter 1. What is Information Security?
    1. Introduction
    2. What is security?
    3. Alert!
    4. Models for discussing security
    5. More advanced
    6. Alert!
    7. Attacks
    8. Defense in depth
    9. Information security in the real world
    10. Summary
    11. Exercises
    12. References
  8. Chapter 2. Identification and Authentication
    1. Introduction
    2. Identification
    3. Authentication
    4. More advanced
    5. Additional resources
    6. Alert!
    7. Identification and authentication in the real world
    8. Summary
    9. Exercises
    10. References
  9. Chapter 3. Authorization and Access Control
    1. Introduction
    2. Authorization
    3. Access control
    4. More advanced
    5. More advanced
    6. Alert!
    7. More advanced
    8. Alert!
    9. Access control methodologies
    10. More advanced
    11. Authorization and access control in the real world
    12. Summary
    13. Exercises
    14. References
  10. Chapter 4. Auditing and Accountability
    1. Introduction
    2. Accountability
    3. More advanced
    4. Auditing
    5. Alert!
    6. Accountability and auditing in the real world
    7. More advanced
    8. Summary
    9. Exercises
    10. References
  11. Chapter 5. Cryptography
    1. Introduction
    2. History
    3. More advanced
    4. Additional resources
    5. Modern cryptographic tools
    6. More advanced
    7. Protecting data at rest, in motion, and in use
    8. Alert!
    9. Cryptography in the real world
    10. Summary
    11. Exercises
    12. References
  12. Chapter 6. Laws and Regulations
    1. Introduction
    2. Laws and regulations
    3. Compliance
    4. Privacy
    5. Summary
    6. Questions
    7. References
  13. Chapter 7. Operations Security
    1. Introduction
    2. Alert!
    3. Origins of operations security
    4. Additional resources
    5. The operations security process
    6. Haas’ Laws of operations security
    7. More advanced
    8. Operations security in our personal lives
    9. Alert!
    10. Operations security in the real world
    11. Summary
    12. Exercises
    13. References
  14. Chapter 8. Human Element Security
    1. Introduction
    2. Humans: the weak link
    3. Security awareness
    4. The security awareness and training program
    5. Summary
    6. Exercises
    7. References
  15. Chapter 9. Physical Security
    1. Introduction
    2. Alert!
    3. Additional resources
    4. Physical security controls
    5. Protecting people
    6. Protecting data
    7. More advanced
    8. Protecting equipment
    9. Note
    10. Physical security in the real world
    11. Summary
    12. Exercises
    13. References
  16. Chapter 10. Network Security
    1. Introduction
    2. Protecting networks
    3. Protecting network traffic
    4. Mobile device security
    5. Network security tools
    6. More advanced
    7. Additional resources
    8. Network security in the real world
    9. Summary
    10. Exercises
    11. References
  17. Chapter 11. Operating System Security
    1. Introduction
    2. Operating system hardening
    3. Protecting against malware
    4. Additional resources
    5. More advanced
    6. Software firewalls and host intrusion detection
    7. Operating system security tools
    8. Alert!
    9. Operating system security in the real world
    10. Summary
    11. Exercises
    12. References
  18. Chapter 12. Application Security
    1. Introduction
    2. The TJX breach
    3. Software development vulnerabilities
    4. Additional resources
    5. Web security
    6. Alert!
    7. More advanced
    8. Database security
    9. Additional resources
    10. Application security tools
    11. More advanced
    12. Application security in the real world
    13. Summary
    14. Exercises
    15. References
  19. Index