I took a class for A+ and CCNA, but never certified. I also took a class in Net+ and decided to go get certified there. I worked for about five months as a tech-support technician and have build a few computers. So, that's my background. With a BS in History I decided to go for a master degree in Information Systems Security...you see the connection right? Actually I'm looking to turn a hobby into a profession, naturally not having a BS in CIS or CS I was typically worried about the course. This book had been a tremendous help. I use this book more than any other individual book, to include the course books. My masters degree will be a management degree and that is what this book is geared for...as the title indicates.
I knew about routers, networks, basic security like strong passwords, AND since I'm an army reservist I'm familiar the concept of Risk Management; however, I knew ZERO about E-Commerce, E-Business, Security Policies, planning and implementing IT Architecture, etc. This book took me through the whole gambit step by step. It has diagrams that are logical yet simple to understand. Do you know what Defense-in-Depth is? -or put another way- How about the concept of Security in Layers? This book will explain it from outside in, top to bottom, and front to back. What about encryption? What's new and what's obsolete? This book was published in 2006, so it's still pretty current.
The book breaks down a typical E-Business environment into easily understood models taking you from the customer outside the Internet or the corporate staff person logging onto a corporate network...to a Business Logic Layer of web servers and application servers...to the Data Layer of database servers and directory servers. It covers security from outside the perimeter of firewalls and routers to hardening the internal database applications. You want to know what security access controls encompass? This books covers complete security domain profiles.
I will say that the matrix definition/method equations covered in Chapter VII were not exactly written at what I would call a beginners level, so I'm glad my classes haven't covered that. Wheew.
There are plenty of examples and definitions to illustrate covered materials. The chapters are as follows:
Ch I: A Model of Information Security Governance for E-Business
Ch II: IT Security Governance and Centralized Security Controls
Ch III: Case Study of Implemented Information Systems Security Policy
Ch IV: Malware and Antivirus Deployment for Enterprise Security
Ch V: The impact of the Sarbanes-Oxley (SOX) Act on Information Security
Ch VI: A Security Blueprint for E-Business Applications
Ch VII: Security Management for an E-Enterprise
Ch VIII: Implementing IT Security for Small & Medium Enterprises
Ch IX: E-Commerce Security
Ch X: The Survivability Principle: IT-Enabled Dispersal of Organizational Capitol
Ch XI: Security Engineering: IT is all about control and assurance objectives
Ch XII: High Assurance Products in IT Security
Ch XIII: The Demilitarized Zone as an Information Protection Network
Ch XIV: Software Security Engineering: Toward unifying software engineering and security engineering
Ch XV: Wireless Security
Ch XVI: Intrusion Detection and Response
Ch XVII: Deploying Honeynets
Ch XVIII: Steganography and Steganalysis
Ch XIX: Designing Secure Data Warehouses
Ch XX: Digital Forensics
Ch XXI: A Comparison of Authentication, Authorization, and Auditing in Windows and Linux
Ch XXII: Taxonomies of User-Authentication Methods in Computer Networks
Ch XXIII: Identity Management: A comprehensive approach to ensuring a secure network infrastructure
This book covers just about everything you need to know about what goes into developing a comprehensive security policy. At least for someone like me who has had no technical experience as a working IT professional in management writing security policies or as a technician employing vulnerability exploitation tools for penetration testing...it provided what I needed...and still does.