| || |
Engineering Information Security: The Application of Systems Engineering Concepts to Achieve Information Assurance
Availability: Usually ships in 2-3 business days
Ships from and sold by BRILANTI BOOKS
(12 customer reviews)
Information security is the act of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. This book discusses why information security is needed and how security problems can have widespread impacts. It covers the complete security lifecycle of products and services, starting with requirements and policy development and progressing through development, deployment, and operations, and concluding with decommissioning. Professionals in the sciences, engineering, and communications fields will turn to this resource to understand the many legal, technical, competitive, criminal and consumer forces and influences that are rapidly changing our information dependent society.
If you’re a professor and would like a copy of the solutions manual, please contact [email protected]
The material previously found on the CD can now be found on www.booksupport.wiley.com.
- Amazon Sales Rank: #1499778 in Books
- Published on: 2011-07-12
- Original language: English
- Number of items: 1
- Dimensions: 9.50" h x 1.70" w x 6.50" l, 2.70 pounds
- Binding: Hardcover
- 728 pages
From the Back Cover
From design to deployment to decommissioning: a systems engineering approach to information security
With this book as a guide, readers learn to apply a tested and proven methodology to address the information security concerns of any organization, ensuring that specific classes of information are only accessible to designated users. The methodology is based on systems engineering, a set of concepts that enable the systematic documentation of objectives and set forth the functional and performance capabilities needed to achieve those objectives. Because the book considers the complete life cycle of security systems, it also guides readers through deployment, operations, and eventual decommissioning. Moreover, the book goes well beyond technical requirements, enabling the full account of all aspects of an organization's needs, including:
Services and products provided and consumer markets served
Overall competitive environment and key competitors
Legal and regulatory requirements
Vulnerability to criminal activity
The book includes a CD which contains more than 200 color figures and diagrams to help illustrate and simplify complex systems and processes. Numerous examples throughout the book show step by step how to put security concepts and mechanisms into practice. The CD also includes a number of useful appendices, including a listing of individual state privacy laws, a sample enterprise security policy document, and a sample request for proposal.By presenting a systems engineering approach to information security, this book enables security practitioners and students of information security to cope with rapid changes in technology in order to consistently provide the level of information security needed to fully protect the interests of an organization, its personnel, and its customers.
About the Author
Stuart Jacobs is Principal Consultant for YCS Consulting LLC and a Lecturer at Boston University Metropolitan College. He serves as an Industry Security Subject Matter Expert for the Telecommunications Management and Operations Committee (TMOC) of the Alliance for the Telecommunications Industry Solutions (ATIS). Mr. Jacobs has also served as a technical editor of ATIS Joint Committee Technical Reports and ITU-T Recommendations.
Most helpful customer reviews
1 of 1 people found the following review helpful.
This book is more a glossary of terms, less an engineering guide.
First, I am not a person in the security field, but I am a graduate student. The author obviously has a significant background in security practice and research, but this book only has a few examples taken from the "real world" that highlight or illustrate a point. Which is an unfortunate missed opportunity for this book.
According to Wikipedia, Engineering is the application of scientific, economic, social, and practical knowledge, in order to design, build, and maintain structures, machines, devices, systems, materials and processes. If you accept that definition, there is little in regards to engineering in this book because the material covered is infrequently described in a way where you can apply this information to your own situation.
Further reducing my review score, this book has many grammar and spelling mistakes and many out-right errors. Seriously there are many, many significant errors. Mistakes like this are unfortunate because 1) the book is relatively new and the incorrect items were not due to information becoming out of date, 2) security is a topic dependent on accuracy of information. For example, the book states changing a password every 90 days is an attribute of a password. However, changing passwords is related to usage of a password, but is not an attribute of a password. This is a missed opportunity to actually put some engineering focus on the material because Jacobs could have discussed this important distinction on how to use these rules/guidelines, not just list them out.
You might find this book handy if you were looking for a definition of terms, but an incompleete index and lack of glossary would make that use case difficult to argue for. Do not expect to get insight on how to interpret or use the information, as it often reads as if much of the content was pulled from power point slides. Additionally, there is nothing in this book that you cannot get from other sources, for example the ITU X.800 or ISO 27001/27002 documentation. There are plenty of books in the CISSP certification path that do a better job of explaining not only the terms, but how to use these items in a functional position. An analogy is this book will help you talk like an android in a sci-fi movie who only knows the wrote definitions of things, while a CISSP book will help you have a conversation with other security professionals.
If you are a student, and you have to purchase this book, get it the cheapest way you can. You will not be keeping it, and will want to get rid of it as soon as possible.
This book would be improved by just some basic editing skills, clearer graphics (the text often refers to color graphics that do not exist in this black and white edition), and examples that were simplified and not full of jargon. If you are not in the security field, this book will be a very difficult read because it offers you little opportunity to establish a common frame of reference to get the points. The folks I know in my class that already had a CISSP found it an easier read, but they noted this book is significantly different than the common body of knowledge foundations of the CISSP. Which could have been a good thing, it just missed the mark of practicality.
The one handy thing about this book is that it gives bullet points to the many other documents and models in the security industry. Although it can be used as a resource to find other primary resources, it will not help you study for the CISSP, or even Security+, will not give you advice on how to apply security models and processes to real world practical situations (thus not an engineering guide), and generally only give definitions of terms you can get elsewhere. If you need a book on security, buy a highly rated intro CISSP book instead of this one. I used a Security+ book by Gibson to figure out many of the concepts. That way you will get a more practical background in security and you will be able to discuss with a similar language that is used by people in the information security industry.
0 of 0 people found the following review helpful.
Needs some major revision
A lot of content, which is good. However, it's also filled with a lot of grammatical errors, making for a difficult read. Additionally, it alternates between being a textbook on technical topics and managerial ones, and tries to dive deeply at times in both. It might be better as two, smaller, volumes where the potential reader can decide what they want to get into.
0 of 0 people found the following review helpful.
Excellent overview text
By Robert M
The more I use this book the more I realize hw much this book covers. It does a good job providing a fairly in-depth look at a wide range of information security topics. It's now the first book I reach for when I want a broad understanding on a topic.