- Table View
- List View
Information Security Education for a Global Digital Society
by Matt Bishop Lynn Futcher Natalia Miloslavskaya Marianthi TheocharidouThis book constitutes the refereed proceedings of the 10th IFIP WG 11. 8 World Conference on Security Education, WISE 10, held in Rome, Italy, in May 2017. The 14 revised papers presented were carefully reviewed and selected from 31 submissions. They represent a cross section of applicable research as well as case studies in security education and are organized in the following topical sections: information security education; teaching information security; information security awareness and culture; and training information security professionals. .
Information Security Education for Cyber Resilience: 14th IFIP WG 11.8 World Conference, WISE 2021, Virtual Event, June 22–24, 2021, Proceedings (IFIP Advances in Information and Communication Technology #615)
by Natalia Miloslavskaya Lynette Drevin Suné Von Solms Wai Sze LeungThis book constitutes the refereed proceedings of the 14th IFIP WG 11.8 World Conference on Information Security Education, WISE 14, held virtually in June 2021.The 8 papers presented together with a special chapter showcasing the history of WISE and two workshop papers were carefully reviewed and selected from 19 submissions. The papers are organized in the following topical sections: a roadmap for building resilience; innovation in curricula; teaching methods and tools; and end-user security.
Information Security Education. Information Security in Action: 13th IFIP WG 11.8 World Conference, WISE 13, Maribor, Slovenia, September 21–23, 2020, Proceedings (IFIP Advances in Information and Communication Technology #579)
by Lynette Drevin Suné Von Solms Marianthi TheocharidouThis book constitutes the refereed proceedings of the 13th IFIP WG 11.8 World Conference on Information Security Education, WISE 13, held in Maribor, Slovenia, in September 2020. The conference was held virtually due to the COVID-19 pandemic. The 13 full papers presented were carefully reviewed and selected from 28 submissions. The papers are organized in the following topical sections: teaching methods and tools; cybersecurity knowledge within the organization; and teaching of detection and forensics.
Information Security Essentials: A Guide for Reporters, Editors, and Newsroom Leaders
by Susan E. McGregorAs technological and legal changes have hollowed out the protections that reporters and news organizations have depended upon for decades, information security concerns facing journalists as they report, produce, and disseminate the news have only intensified. From source prosecutions to physical attacks and online harassment, the last two decades have seen a dramatic increase in the risks faced by journalists at all levels even as the media industry confronts drastic cutbacks in budgets and staff. As a result, few professional or aspiring journalists have a comprehensive understanding of what is required to keep their sources, stories, colleagues, and reputations safe.This book is an essential guide to protecting news writers, sources, and organizations in the digital era. Susan E. McGregor provides a systematic understanding of the key technical, legal, and conceptual issues that anyone teaching, studying, or practicing journalism should know. Bringing together expert insights from both leading academics and security professionals who work at and with news organizations from BuzzFeed to the Associated Press, she lays out key principles and approaches for building information security into journalistic practice. McGregor draws on firsthand experience as a Wall Street Journal staffer, followed by a decade of researching, testing, and developing information security tools and practices. Filled with practical but evergreen advice that can enhance the security and efficacy of everything from daily beat reporting to long-term investigative projects, Information Security Essentials is a vital tool for journalists at all levels.
Information Security for Automatic Speaker Identification
by Fathi E. El-SamieThe author covers the fundamentals of both information and communication security including current developments in some of the most critical areas of automatic speech recognition. Included are topics on speech watermarking, speech encryption, steganography, multilevel security systems comprising speaker identification, real transmission of watermarked or encrypted speech signals, and more. The book is especially useful for information security specialist, government security analysts, speech development professionals, and for individuals involved in the study and research of speech recognition at advanced levels.
Information Security Governance: A Practical Development and Implementation Approach
by Krag BrotbyThe Growing Imperative Need for Effective Information Security Governance With monotonous regularity, headlines announce ever more spectacular failures of information security and mounting losses. The succession of corporate debacles and dramatic control failures in recent years underscores the necessity for information security to be tightly integrated into the fabric of every organization. The protection of an organization's most valuable asset information can no longer be relegated to low-level technical personnel, but must be considered an essential element of corporate governance that is critical to organizational success and survival. Written by an industry expert, Information Security Governance is the first book-length treatment of this important topic, providing readers with a step-by-step approach to developing and managing an effective information security program. Beginning with a general overview of governance, the book covers: The business case for information security Defining roles and responsibilities Developing strategic metrics Determining information security outcomes Setting security governance objectives Establishing risk management objectives Developing a cost-effective security strategy A sample strategy development The steps for implementing an effective strategy Developing meaningful security program development metrics Designing relevant information security management metrics Defining incident management and response metrics Complemented with action plans and sample policies that demonstrate to readers how to put these ideas into practice, Information Security Governance is indispensable reading for any professional who is involved in information security and assurance.
Information Security Governance: Framework and Toolset for CISOs and Decision Makers
by Andrej VolchkovThis book presents a framework to model the main activities of information security management and governance. The same model can be used for any security sub-domain such as cybersecurity, data protection, access rights management, business continuity, etc.
Information Security Governance Simplified: From the Boardroom to the Keyboard
by Todd FitzgeraldSecurity practitioners must be able to build a cost-effective security program while at the same time meet the requirements of government regulations. This book lays out these regulations in simple terms and explains how to use the control frameworks to build an effective information security program and governance structure. It discusses how organizations can best ensure that the information is protected and examines all positions from the board of directors to the end user, delineating the role each plays in protecting the security of the organization.
Information Security Handbook
by Darren DeathImplement information security effectively as per your organization's needs. About This Book • Learn to build your own information security framework, the best fit for your organization • Build on the concepts of threat modeling, incidence response, and security analysis • Practical use cases and best practices for information security Who This Book Is For This book is for security analysts and professionals who deal with security mechanisms in an organization. If you are looking for an end to end guide on information security and risk analysis with no prior knowledge of this domain, then this book is for you. What You Will Learn • Develop your own information security framework • Build your incident response mechanism • Discover cloud security considerations • Get to know the system development life cycle • Get your security operation center up and running • Know the various security testing types • Balance security as per your business needs • Implement information security best practices In Detail Having an information security mechanism is one of the most crucial factors for any organization. Important assets of organization demand a proper risk management and threat model for security, and so information security concepts are gaining a lot of traction. This book starts with the concept of information security and shows you why it's important. It then moves on to modules such as threat modeling, risk management, and mitigation. It also covers the concepts of incident response systems, information rights management, and more. Moving on, it guides you to build your own information security framework as the best fit for your organization. Toward the end, you'll discover some best practices that can be implemented to make your security framework strong. By the end of this book, you will be well-versed with all the factors involved in information security, which will help you build a security framework that is a perfect fit your organization's requirements. Style and approach This book takes a practical approach, walking you through information security fundamentals, along with information security best practices.
Information Security Handbook (Internet of Everything (IoE))
by Noor Zaman JhanjhiThis handbook provides a comprehensive collection of knowledge for emerging multidisciplinary research areas such as cybersecurity, IoT, Blockchain, Machine Learning, Data Science, and AI. This book brings together, in one resource, information security across multiple domains. Information Security Handbook addresses the knowledge for emerging multidisciplinary research. It explores basic and high-level concepts and serves as a manual for industry while also helping beginners to understand both basic and advanced aspects in security-related issues. The handbook explores security and privacy issues through the IoT ecosystem and implications to the real world and, at the same time, explains the concepts of IoT-related technologies, trends, and future directions. University graduates and postgraduates, as well as research scholars, developers, and end-users, will find this handbook very useful.
Information Security in Healthcare: Managing Risk (HIMSS Book Series)
by Terrell W. HerzigInformation Security in Healthcare is an essential guide for implementing a comprehensive information security management program in the modern healthcare environment. Combining the experience and insights of top healthcare IT managers and information security professionals, this book offers detailed coverage of myriad
Information Security Management
by Michael WorkmanInformation Security Management, Second Edition arms students with answers to the most critical questions about the fields of cybersecurity. It provides students with references to more in-depth study in areas where they may need to specialize. The Second Edition covers operations—the job of day-to-day cybersecurity tasks—regulations, compliance, laws and policies, research and development, and the creation of software and cyber defenses for security initiatives. Finally, the text covers advanced R&D involved in strategic aspects of security developments for threats that lay on the horizon.
Information Security Management Handbook: Volume IV
by Harold TiptonThe Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the technology of information security and the increasing threats to security make a complete and up-to-date understanding of this material essential. Volume 4 supplements the information in the earlier volumes of this handbook, updating it and keeping it current. Organized by the ten domains of the Common Body of Knowledge (CBK) on which the CISSP exam is based, this volume gives you the information you need to understand what makes information secure and how to secure it. Because the knowledge required to master information security - the CBK - is growing so quickly, there is little duplication of material among the four volumes. As a study guide or resource that you can use on the job, the Information Security Management Handbook, Fourth Edition, Volume 4 is the book you will refer to over and over again.
Information Security Management Handbook, Volume 6
by Harold F. Tipton Cissp Micki Krause NozakiUpdated annually, the Information Security Management Handbook, Sixth Edition, Volume 6 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay
Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement
by CISM, W. BrotbySpectacular security failures continue to dominate the headlines despite huge increases in security budgets and ever-more draconian regulations. The 20/20 hindsight of audits is no longer an effective solution to security weaknesses, and the necessity for real-time strategic metrics has never been more critical. Information Security Management Metr
Information Security of Intelligent Vehicles Communication: Overview, Perspectives, Challenges, and Possible Solutions (Studies in Computational Intelligence #978)
by Madhusudan SinghThis book highlights cyber-security overview, perspectives, and challenges that affect advanced Vehicular technology. It considers vehicular security issues and possible solutions, with the aim of providing secure vehicle-to-vehicle, vehicle-to-infrastructure and inside-of-vehicle communication. This book introduces vehicle cryptography mechanism including encryption and decryption approaches and cryptography algorithms such as symmetric and asymmetric cryptography, Hash functions and Digital Signature certificates for modern vehicles. It discusses cybersecurity structure and provides specific security challenges and possible solutions in Vehicular Communication such as vehicle to vehicle communication, vehicle to Infrastructure and in-vehicle communciation. It also presents key insights from security with regards to vehicles collaborative information technology. The more our vehicles become intelligent, the more we need to work on safety and security for vehicle technology. This book is of interest to automotive engineers and technical managers who want to learn about security technologies, and for those with a security background who want to learn about basic security issues in modern automotive applications.
Information Security Planning: A Practical Approach
by Susan LinckeThis book demonstrates how information security requires a deep understanding of an organization's assets, threats and processes, combined with the technology that can best protect organizational security. It provides step-by-step guidance on how to analyze business processes from a security perspective, while also introducing security concepts and techniques to develop the requirements and design for security technologies. This interdisciplinary book is intended for business and technology audiences, at student or experienced levels.Organizations must first understand the particular threats that an organization may be prone to, including different types of security attacks, social engineering, and fraud incidents, as well as addressing applicable regulation and security standards. This international edition covers Payment Card Industry Data Security Standard (PCI DSS), American security regulation, and European GDPR. Developing a risk profile helps to estimate the potential costs that an organization may be prone to, including how much should be spent on security controls.Security planning then includes designing information security, as well as network and physical security, incident response and metrics. Business continuity considers how a business may respond to the loss of IT service. Optional areas that may be applicable include data privacy, cloud security, zero trust, secure software requirements and lifecycle, governance, introductory forensics, and ethics.This book targets professionals in business, IT, security, software development or risk. This text enables computer science, information technology, or business students to implement a case study for an industry of their choosing..
Information Security Policies and Procedures: A Practitioner's Reference, Second Edition
by Thomas R. PeltierInformation Security Policies and Procedures: A Practitioner‘s Reference, Second Edition illustrates how policies and procedures support the efficient running of an organization. This book is divided into two parts, an overview of security policies and procedures, and an information security reference guide. This volume points out how securi
Information Security Policies, Procedures, and Standards: A Practitioner's Reference
by Douglas J. LandollInformation Security Policies, Procedures, and Standards: A Practitioner's Reference gives you a blueprint on how to develop effective information security policies and procedures. It uses standards such as NIST 800-53, ISO 27001, and COBIT, and regulations such as HIPAA and PCI DSS as the foundation for the content. Highlighting key terminology, policy development concepts and methods, and suggested document structures, it includes examples, checklists, sample policies and procedures, guidelines, and a synopsis of the applicable standards. The author explains how and why procedures are developed and implemented rather than simply provide information and examples. This is an important distinction because no two organizations are exactly alike; therefore, no two sets of policies and procedures are going to be exactly alike. This approach provides the foundation and understanding you need to write effective policies, procedures, and standards clearly and concisely. Developing policies and procedures may seem to be an overwhelming task. However, by relying on the material presented in this book, adopting the policy development techniques, and examining the examples, the task will not seem so daunting. You can use the discussion material to help sell the concepts, which may be the most difficult aspect of the process. Once you have completed a policy or two, you will have the courage to take on even more tasks. Additionally, the skills you acquire will assist you in other areas of your professional and private life, such as expressing an idea clearly and concisely or creating a project plan.
Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0
by Barry L. WilliamsAlthough compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control. Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will help readers elicit management opinions on information security and document the formal and informal procedures currently in place. Topics covered include:Entity-level policies and procedures, Access-control policies and procedures, Change control and change management, System information integrity and monitoring, System services acquisition and protection, Informational asset management, Continuity of operations. The book supplies you with the tools to use the full range of compliance standards as guides for writing policies that meet the security needs of your organization. Detailing a methodology to facilitate the elicitation process, it asks pointed questions to help you obtain the information needed to write relevant policies. More importantly, this methodology can help you identify the weaknesses and vulnerabilities that exist in your organization. A valuable resource for policy writers who must meet multiple compliance standards, this guidebook is also available in eBook format. The eBook version includes hyperlinks beside each statement that explain what the various standards say about each topic and provide time-saving guidance in determining what your policy should include.
Information Security Practice and Experience
by Feng Bao Liqun Chen Robert H. Deng Guojun WangThis book constitutes the refereed proceedings of the 4th International Information Security Practice and Experience Conference, ISPEC 2008, held in Sydney, Australia, in May 2008. The papers cover a wide range of topics.
Information Security Practice and Experience: 15th International Conference, ISPEC 2019, Kuala Lumpur, Malaysia, November 26–28, 2019, Proceedings (Lecture Notes in Computer Science #11879)
by Swee-Huay Heng Javier LopezThis book constitutes the refereed proceedings of the 15th International Conference on Information Security Practice and Experience, ISPEC 2019, held in Kuala Lumpur, Malaysia, in November 2019. The 21 full and 7 short papers presented in this volume were carefully reviewed and selected from 68 submissions. They were organized into the following topical sections: Cryptography I, System and Network Security, Security Protocol and Tool, Access Control and Authentication, Cryptography II, Data and User Privacy, Short Paper I, and Short Paper II.
Information Security Practice and Experience: 18th International Conference, ISPEC 2023, Copenhagen, Denmark, August 24–25, 2023, Proceedings (Lecture Notes in Computer Science #14341)
by Weizhi Meng Zheng Yan Vincenzo PiuriThis book constitutes the refereed proceedings of the 18th International Conference on Information Security Practice and Experience, ISPEC 2023, held in Copenhagen, Denmark, in August 2023.The 27 full papers and 8 short papers included in this volume were carefully reviewed and selected from 80 submissions. The main goal of the conference is to promote research on new information security technologies, including their applications and their integration with IT systems in various vertical sectors.
Information Security Practice and Experience: 17th International Conference, ISPEC 2022, Taipei, Taiwan, November 23–25, 2022, Proceedings (Lecture Notes in Computer Science #13620)
by Vincenzo Piuri Chunhua Su Dimitris GritzalisThis book constitutes the refereed proceedings of the 17th International Conference on Information Security Practice and Experience, ISPEC 2022, held in Taipei, Taiwan, in November 2022. The 33 full papers together with 2 invited papers included in this volume were carefully reviewed and selected from 87 submissions. The main goal of the conference is to promote research on new information security technologies, including their applications and their integration with IT systems in various vertical sectors.
Information Security Practice and Experience: 16th International Conference, ISPEC 2021, Nanjing, China, December 17–19, 2021, Proceedings (Lecture Notes in Computer Science #13107)
by Mark Ryan Ding Wang Feng Bao Robert Deng Weizhi Meng Jian Shen Guilin WangThis book constitutes the refereed proceedings of the 16th International Conference on Information Security Practice and Experience, ISPEC 2021, held in Nanjing, China, in December 2021. The 23 full papers presented in this volume were carefully reviewed and selected from 94 submissions. The conference focus on new information security technologies, including their applications and their integration with IT systems in various vertical sectors.