Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues Paperback – Feb 2006

See all 2 formats and editions Hide other formats and editions
Amazon Price
New from Used from
"Please retry"
CDN$ 127.85 CDN$ 39.35

Unlimited FREE Two-Day Shipping for Six Months When You Try Amazon Student

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your e-mail address or mobile phone number.

Product Details

  • Paperback: 406 pages
  • Publisher: Idea Group Pub (February 2006)
  • Language: English
  • ISBN-10: 1591409128
  • ISBN-13: 978-1591409120
  • Product Dimensions: 25.2 x 17.5 x 2.2 cm
  • Shipping Weight: 658 g
  • Average Customer Review: Be the first to review this item
  •  Would you like to update product info, give feedback on images, or tell us about a lower price?

Inside This Book

(Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

Customer Reviews

There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: HASH(0xa339ab40) out of 5 stars 1 review
0 of 1 people found the following review helpful
HASH(0x9bf4cd2c) out of 5 stars If you know more than nothing but not a lot... May 8 2007
By Amazon Customer - Published on Amazon.com
Format: Hardcover
I took a class for A+ and CCNA, but never certified. I also took a class in Net+ and decided to go get certified there. I worked for about five months as a tech-support technician and have build a few computers. So, that's my background. With a BS in History I decided to go for a master degree in Information Systems Security...you see the connection right? Actually I'm looking to turn a hobby into a profession, naturally not having a BS in CIS or CS I was typically worried about the course. This book had been a tremendous help. I use this book more than any other individual book, to include the course books. My masters degree will be a management degree and that is what this book is geared for...as the title indicates.

I knew about routers, networks, basic security like strong passwords, AND since I'm an army reservist I'm familiar the concept of Risk Management; however, I knew ZERO about E-Commerce, E-Business, Security Policies, planning and implementing IT Architecture, etc. This book took me through the whole gambit step by step. It has diagrams that are logical yet simple to understand. Do you know what Defense-in-Depth is? -or put another way- How about the concept of Security in Layers? This book will explain it from outside in, top to bottom, and front to back. What about encryption? What's new and what's obsolete? This book was published in 2006, so it's still pretty current.

The book breaks down a typical E-Business environment into easily understood models taking you from the customer outside the Internet or the corporate staff person logging onto a corporate network...to a Business Logic Layer of web servers and application servers...to the Data Layer of database servers and directory servers. It covers security from outside the perimeter of firewalls and routers to hardening the internal database applications. You want to know what security access controls encompass? This books covers complete security domain profiles.

I will say that the matrix definition/method equations covered in Chapter VII were not exactly written at what I would call a beginners level, so I'm glad my classes haven't covered that. Wheew.

There are plenty of examples and definitions to illustrate covered materials. The chapters are as follows:

Ch I: A Model of Information Security Governance for E-Business

Ch II: IT Security Governance and Centralized Security Controls

Ch III: Case Study of Implemented Information Systems Security Policy

Ch IV: Malware and Antivirus Deployment for Enterprise Security

Ch V: The impact of the Sarbanes-Oxley (SOX) Act on Information Security

Ch VI: A Security Blueprint for E-Business Applications

Ch VII: Security Management for an E-Enterprise

Ch VIII: Implementing IT Security for Small & Medium Enterprises

Ch IX: E-Commerce Security

Ch X: The Survivability Principle: IT-Enabled Dispersal of Organizational Capitol

Ch XI: Security Engineering: IT is all about control and assurance objectives

Ch XII: High Assurance Products in IT Security

Ch XIII: The Demilitarized Zone as an Information Protection Network

Ch XIV: Software Security Engineering: Toward unifying software engineering and security engineering

Ch XV: Wireless Security

Ch XVI: Intrusion Detection and Response

Ch XVII: Deploying Honeynets

Ch XVIII: Steganography and Steganalysis

Ch XIX: Designing Secure Data Warehouses

Ch XX: Digital Forensics

Ch XXI: A Comparison of Authentication, Authorization, and Auditing in Windows and Linux

Ch XXII: Taxonomies of User-Authentication Methods in Computer Networks

Ch XXIII: Identity Management: A comprehensive approach to ensuring a secure network infrastructure

This book covers just about everything you need to know about what goes into developing a comprehensive security policy. At least for someone like me who has had no technical experience as a working IT professional in management writing security policies or as a technician employing vulnerability exploitation tools for penetration testing...it provided what I needed...and still does.