Principles of Information Systems Security: Texts and CasesThe real threat to information system security comes from people, not computers. That's why students need to understand both the technical implementation of security controls, as well as the softer human behavioral and managerial factors that contribute to the theft and sabotage proprietary data. Addressing both the technical and human side of IS security, Dhillon's Princliples of Information Systems Security: Texts and Cases equips managers (and those training to be managers) with an understanding of a broad range issues related to information system security management, and specific tools and techniques to support this managerial orientation. Coverage goes well beyond the technical aspects of information system security to address formal controls (the rules and procedures that need to be established for bringing about success of technical controls), as well as informal controls that deal with the normative structures that exist within organizations. |
Contents
CHAPTER | 1 |
Institutionalizing Security | 8 |
SECURITY OF TECHNICAL | 15 |
Copyright | |
35 other sections not shown
Common terms and phrases
access control activities administrator analysis application attack audit Bank behavior Biba model botnet cipher text Clark-Wilson model Common Criteria communication computer forensics computer security confidentiality considered corporate governance criteria defined Department Dhillon discussed document domain Drexel Burnham e-mail employees encryption ensure environment evaluation evidence federal firewall formal fraud function hacker HIPAA identified Iguchi implementation important individual information security information system security information technology INSLAW integrity internal Internet investigation IP address IP address spoofing issues Joe Dawson Leeson messages Michael Milken monitoring operating system organization organizational password perform plain text practices presented principles problems procedures Promis protect requirements responsibility result risk management security breaches security culture security engineering security management security policy server specific SSE-CMM standards strategy structures TCSEC technical threat tion vulnerabilities