Information Security and Auditing in the Digital Age A Practical Managerial Perspective

This book provides a recent and relevant coverage based on a systematic approach. Especially suitable for practitioners and managers, the book has also been classroom tested in IS/IT courses on security. It presents a systematic approach to build total systems solutions that combine policies, procedures, risk analysis, threat assessment through attack trees, honeypots, audits, and commercially available security packages to secure the modern IT assets (applications, databases, hosts, middleware services and platforms) as well as the paths (the wireless plus wired network) to these assets. After covering the security management and technology principles, the book shows how these principles can be used to protect the digital enterprise assets. The emphasis is on modern issues such as e-commerce, e-business and mobile application security; wireless security that includes security of Wi-Fi LANs, cellular networks, satellites, wireless home networks, wireless middleware, and mobile application servers; semantic Web security with a discussion of XML security; Web Services security, SAML (Security Assertion Markup Language)and .NET security; integration of control and audit concepts in establishing a secure environment. Numerous real-life examples and a single case study that is developed throughout the book highlight a case-oriented approach. Complete instructor materials (PowerPoint slides, course outline, project assignments) to support an academic or industrial course are provided. Additional details can be found at the author website (www.amjadumar.com)