A multidisciplinary introduction to information security

Select an Action

Title:

Author:

Mjølsnes, Stig F.

ISBN:

9781420085907

Personal Author:

Mjølsnes, Stig F.

Publication Information:

Boca Raton, FL : CRC Press, c2012.

Physical Description:

xxv, 322 p. : ill. ; 25 cm.

Series:

Discrete mathematics and its applications

Discrete mathematics and its applications.

General Note:

Formerly CIP.

Contents:

Machine generated contents note: 1.1.Motivation / S.F. Mjølsnes -- 1.2.What Is Information Security? / S.F. Mjølsnes -- 1.3.Some Basic Concepts / S.F. Mjølsnes -- 1.3.1.The Communication Perspective / S.F. Mjølsnes -- 1.3.2.The Shared Computer Perspective / S.F. Mjølsnes -- 1.4.A Synopsis of the Topics / S.F. Mjølsnes -- 1.4.1.The Book Structure / S.F. Mjølsnes -- 1.4.2.Security Electronics / S.F. Mjølsnes -- 1.4.3.Public Key Cryptography / S.F. Mjølsnes -- 1.4.4.Hash Functions / S.F. Mjølsnes -- 1.4.5.Quantum Cryptography / S.F. Mjølsnes -- 1.4.6.Cryptographic Protocols / S.F. Mjølsnes -- 1.4.7.Public Key Infrastructure / S.F. Mjølsnes -- 1.4.8.Wireless Network Access / S.F. Mjølsnes -- 1.4.9.Mobile Security / S.F. Mjølsnes -- 1.4.10.Software Security / S.F. Mjølsnes -- 1.4.11.ICT Security Evaluation / S.F. Mjølsnes -- 1.4.12.ICT and Forensic Science / S.F. Mjølsnes -- 1.4.13.Risk Assessment / S.F. Mjølsnes -- 1.4.14.The Human Factor / S.F. Mjølsnes --

Contents note continued: 1.5.Further Reading and Web Sites / S.F. Mjølsnes -- Bibliography / S.F. Mjølsnes -- 2.1.Introduction / P.G. Kjeldsberg / E.J. Aas -- 2.2.Examples of Security Electronics / P.G. Kjeldsberg / E.J. Aas -- 2.2.1.RSA as Hardwired Electronics / P.G. Kjeldsberg / E.J. Aas -- 2.2.2.AES as Hardwired Electronics / P.G. Kjeldsberg / E.J. Aas -- 2.2.3.Examples of Commercial Applications / P.G. Kjeldsberg / E.J. Aas -- 2.3.Side Channel Attacks / P.G. Kjeldsberg / E.J. Aas -- 2.4.Summary / P.G. Kjeldsberg / E.J. Aas -- 2.5.Further Reading and Web Sites / P.G. Kjeldsberg / E.J. Aas -- Bibliography / P.G. Kjeldsberg / E.J. Aas -- 3.1.Introduction / S.O. Smalø -- 3.2.Hash Functions and One Time Pads. / S.O. Smalø -- 3.3.Public Key Cryptography / S.O. Smalø -- 3.4.RSA-Public Key Cryptography / S.O. Smalø -- 3.5.RSA-Public-Key-Cryptography with Signature / S.O. Smalø -- 3.6.Problem with Signatures / S.O. Smalø -- 3.7.Receipt / S.O. Smalø --

Contents note continued: 3.8.Secret Sharing Based on Discrete Logarithm Problems / S.O. Smalø -- 3.9.Further Reading / S.O. Smalø -- Bibliography / S.O. Smalø -- 4.1.Introduction / D. Gligoroski -- 4.2.Definition of Cryptographic Hash Function / D. Gligoroski -- 4.3.Iterated Hash Functions / D. Gligoroski -- 4.3.1.Strengthened Merkle-Damgård Iterated Design / D. Gligoroski -- 4.3.2.Hash Functions Based on Block Ciphers / D. Gligoroski -- 4.3.3.Generic Weaknesses of the Merkle-Damgård Design / D. Gligoroski -- 4.3.4.Wide Pipe (Double Pipe) Constructions / D. Gligoroski -- 4.3.5.HAIFA Construction / D. Gligoroski -- 4.3.6.Sponge Functions Constructions / D. Gligoroski -- 4.4.Most Popular Cryptographic Hash Functions / D. Gligoroski -- 4.4.1.MD5 / D. Gligoroski -- 4.4.2.SHA-1 / D. Gligoroski -- 4.4.3.SHA-2 / D. Gligoroski -- 4.4.4.NIST SHA-3 Hash Competition / D. Gligoroski -- 4.5.Application of Cryptographic Hash Functions / D. Gligoroski --

Contents note continued: 4.5.1.Digital Signatures / D. Gligoroski -- 4.5.2.Other Applications / D. Gligoroski -- 4.6.Further Reading and Web Sites / D. Gligoroski -- Bibliography / D. Gligoroski -- 5.1.Introduction / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.2.Quantum Bit / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.3.Quantum Copying / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.4.Quantum Key Distribution / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.4.1.The BB84 Protocol / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.4.2.The BB84 Protocol Using Polarized Light / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.5.Practical Quantum Cryptography / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.5.1.Loss of Photons / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.5.2.Error Correction and Privacy Amplification / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.5.3.Security Proofs / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.5.4.Authentication / D.R. Hjelme / V. Makarov / L. Lydersen --

Contents note continued: 5.6.Technology / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.6.1.Single Photon Sources / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.6.2.Single Photon Detectors / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.6.3.Quantum Channel / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.6.4.Random Number Generator / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.7.Applications / V. Makarov / L. Lydersen / D.R. Hjelme -- 5.7.1.Commercial Application of Quantum Cryptography / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.7.2.Commercial Systems with Dual Key Agreement / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.7.3.Quantum Key Distribution Networks / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.8.Summary / D.R. Hjelme / V. Makarov / L. Lydersen -- 5.9.Further Reading and Web Sites / D.R. Hjelme / V. Makarov / L. Lydersen -- Bibliography / D.R. Hjelme / V. Makarov / L. Lydersen -- 6.1.The Origins / S.F. Mjølsnes -- 6.2.Information Policies / S.F. Mjølsnes --

Contents note continued: 6.3.Some Concepts / S.F. Mjølsnes -- 6.3.1.Primitives and Protocols / S.F. Mjølsnes -- 6.3.2.Definitions / S.F. Mjølsnes -- 6.3.3.The Protocol as a Language / S.F. Mjølsnes -- 6.3.4.Provability / S.F. Mjølsnes -- 6.3.5.Modeling the Adversary / S.F. Mjølsnes -- 6.3.6.The Problem of Protocol Composition / S.F. Mjølsnes -- 6.4.Protocol Failures / S.F. Mjølsnes -- 6.4.1.Reasons for Failure / S.F. Mjølsnes -- 6.4.2.An Example of Protocol Failure / S.F. Mjølsnes -- 6.5.Heuristics / S.F. Mjølsnes -- 6.5.1.Simmons' Principles / S.F. Mjølsnes -- 6.5.2.Separation of Concerns / S.F. Mjølsnes -- 6.5.3.More Prudent Engineering Advice / S.F. Mjølsnes -- 6.6.Tools for Automated Security Analysis / S.F. Mjølsnes -- 6.7.Further Reading and Web Sites / S.F. Mjølsnes -- Bibliography / S.F. Mjølsnes -- 7.1.The Public Key Distribution Problem / S.F. Mjølsnes -- 7.2.Authenticity and Validity of Public Keys / S.F. Mjølsnes --

Contents note continued: 7.3.The Notion of Public Key Certificates / S.F. Mjølsnes -- 7.3.1.Certificates / S.F. Mjølsnes -- 7.3.2.Public Key Certificates / S.F. Mjølsnes -- 7.3.3.Certificate Data Structures / S.F. Mjølsnes -- 7.3.4.Chain of Certificates / S.F. Mjølsnes -- 7.4.Revocation / S.F. Mjølsnes -- 7.4.1.The Problem of Revocation / S.F. Mjølsnes -- 7.4.2.The CRL Data Structure / S.F. Mjølsnes -- 7.5.Public Key Infrastructure / S.F. Mjølsnes -- 7.6.Identity-Based Public Key / S.F. Mjølsnes -- 7.7.Further Reading and Web Sites / S.F. Mjølsnes -- Bibliography / S.F. Mjølsnes -- 8.1.Introduction / S.F. Mjølsnes / M. Eian -- 8.2.Wireless Local Area Networks / S.F. Mjølsnes / M. Eian -- 8.2.1.The Standard / S.F. Mjølsnes / M. Eian -- 8.2.2.The Structure / S.F. Mjølsnes / M. Eian -- 8.2.3.Message Types / S.F. Mjølsnes / M. Eian -- 8.3.The 802.11 Security Mechanisms / S.F. Mjølsnes / M. Eian -- 8.4.Wired Equivalent Privacy / S.F. Mjølsnes / M. Eian --

Contents note continued: 8.4.1.RSN with TKIP / S.F. Mjølsnes / M. Eian -- 8.5.RSN with CCMP / S.F. Mjølsnes / M. Eian -- 8.5.1.Security Services / S.F. Mjølsnes / M. Eian -- 8.5.2.Authentication / S.F. Mjølsnes / M. Eian -- 8.5.3.Data Confidentiality / S.F. Mjølsnes / M. Eian -- 8.5.4.Key Management / S.F. Mjølsnes / M. Eian -- 8.5.5.Data Origin Authenticity / S.F. Mjølsnes / M. Eian -- 8.5.6.Replay Detection / S.F. Mjølsnes / M. Eian -- 8.5.7.Summary of Security Services / S.F. Mjølsnes / M. Eian -- 8.6.Assumptions and Vulnerabilities / S.F. Mjølsnes / M. Eian -- 8.7.Summary / S.F. Mjølsnes / M. Eian -- 8.8.Further Reading and Web Sites / M. Eian / S.F. Mjølsnes -- Bibliography / S.F. Mjølsnes / M. Eian -- 9.1.GSM Security / J.A. Audestad -- 9.2.3G Architecture / J.A. Audestad -- 9.3.Extent of Protection / J.A. Audestad -- 9.4.Security Functions in the Authentication Center / J.A. Audestad -- 9.4.1.3G / J.A. Audestad -- 9.4.2.GSM / J.A. Audestad --

Contents note continued: 9.5.Security Functions in the SGSN/RNC / J.A. Audestad -- 9.6.Security Functions in the Mobile Terminal (USIM) / J.A. Audestad -- 9.7.Encryption and Integrity / J.A. Audestad -- 9.7.1.Encryption in GSM (A5/1) / J.A. Audestad -- 9.7.2.Encryption in 3G / J.A. Audestad -- 9.7.2.1.Method / J.A. Audestad -- 9.7.2.2.Keystream Generation Algorithm / J.A. Audestad -- 9.7.2.3.Initialization of the Keystream Generator / J.A. Audestad -- 9.7.2.4.Production of the Keystream / J.A. Audestad -- 9.7.3.Integrity in 3G / J.A. Audestad -- 9.8.Anonymity / J.A. Audestad -- 9.9.Example: Anonymous Roaming in a Mobile Network / J.A. Audestad -- 9.9.1.Procedure / J.A. Audestad -- 9.9.2.Information Stored / J.A. Audestad -- 9.9.3.Prevention of Intrusion / J.A. Audestad -- 9.9.3.1.The Mobile Terminal Is an Impostor / J.A. Audestad -- 9.9.3.2.Both the Mobile Terminal and the Home Network Are Impostors / J.A. Audestad -- 9.9.3.3.The Foreign Network Is an Impostor / J.A. Audestad --

Contents note continued: 9.10.Using GSM/3G Terminals as Authentication Devices / J.A. Audestad -- 9.10.1.Architecture / J.A. Audestad -- 9.10.2.One Time Password / J.A. Audestad -- 9.10.3.The Extensible Authentication Protocol (EAP) / J.A. Audestad -- 9.11.Further Reading / J.A. Audestad -- Bibliography / J.A. Audestad -- 10.1.Introduction / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.2.Assets / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.2.1.Asset Identification / P.H. Meland / J. Jensen / M.G. Jaatun / I.A. Tondel -- 10.2.2.Asset Identification in Practice / M.G. Jaatun / J. Jensen / I.A. Tondel / P.H. Meland -- 10.2.2.1.Key Contributors / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.2.2.2.Step 1: Brainstorming / M.G. Jaatun / J. Jensen / I.A. Tondel / P.H. Meland -- 10.2.2.3.Step 2: Assets from Existing Documentation / M.G. Jaatun / P.H. Meland / J. Jensen / I.A. Tondel --

Contents note continued: 10.2.2.4.Step 3: Categorization and Prioritization / M.G. Jaatun / J. Jensen / I.A. Tondel / P.H. Meland -- 10.2.3.Example / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.3.Security Requirements / M.G. Jaatun / J. Jensen / I.A. Tondel / P.H. Meland -- 10.3.1.Description / M.G. Jaatun / P.H. Meland / J. Jensen / I.A. Tondel -- 10.3.2.Security Objectives / I.A. Tondel / M.G. Jaatun / J. Jensen / P.H. Meland -- 10.3.3.Asset Identification / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.3.4.Threat Analysis and Modeling / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.3.5.Documentation of Security Requirements / M.G. Jaatun / J. Jensen / I.A. Tondel / P.H. Meland -- 10.3.6.Variants Based on Specific Software Methodologies / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.3.7.LyeFish Example Continued / M.G. Jaatun / P.H. Meland / J. Jensen / I.A. Tondel --

Contents note continued: 10.4.Secure Software Design / M.G. Jaatun / J. Jensen / I.A. Tondel / P.H. Meland -- 10.4.1.Security Architecture / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.4.2.Security Design Guidelines / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.4.2.1.Security Design Principles / M.G. Jaatun / J. Jensen / I.A. Tondel / P.H. Meland -- 10.4.2.2.Security Patterns / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.4.3.Threat Modeling and Security Design Review / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.4.4.Putting It into Practice - More LyeFish / M.G. Jaatun / J. Jensen / P.H. Meland / I.A. Tondel -- 10.4.4.1.Applying Security Design Principles / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.4.4.2.Making Use of Security Design Patterns / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.4.4.3.Make Use of Tools for Threat Modeling / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen --

Contents note continued: 10.4.4.4.Performing Security Review / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.5.Testing for Software Security / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.5.1.Background / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.5.2.The Software Security Testing Cycle / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.5.3.Risk-Based Security Testing / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.5.4.Managing Vulnerabilities in SODA / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.5.5.Example - Testing LyeFish / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.6.Summary / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 10.7.Further Reading and Web Sites / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- Bibliography / M.G. Jaatun / I.A. Tondel / P.H. Meland / J. Jensen -- 11.1.Introduction / S.J. Knapskog --

Contents note continued: 11.2.ISO/IEC 15408, Part 1/3 Evaluation Criteria for IT Security (CC) / S.J. Knapskog -- 11.2.1.The Development of the Standard / S.J. Knapskog -- 11.2.2.Evaluation Model / S.J. Knapskog -- 11.2.3.Security Requirements / S.J. Knapskog -- 11.3.Definition of Assurance / S.J. Knapskog -- 11.4.Building Confidence in the Evaluation Process / S.J. Knapskog -- 11.5.Organizing the Requirements in the CC / S.J. Knapskog -- 11.6.Assurance Elements / S.J. Knapskog -- 11.7.Functional Classes / S.J. Knapskog -- 11.8.Protection Profiles (PPs) / S.J. Knapskog -- 11.9.Protection Profile Registries / S.J. Knapskog -- 11.10.Definition of a Security Target (ST) / S.J. Knapskog -- 11.11.Evaluation of a Security Target (ST) / S.J. Knapskog -- 11.12.Evaluation Schemes / S.J. Knapskog -- 11.13.Evaluation Methodology / S.J. Knapskog -- 11.14.Summary / S.J. Knapskog -- 11.15.Further Reading and Web Sites / S.J. Knapskog -- Bibliography / S.J. Knapskog --

Contents note continued: 12.1.The Crime Scene / S.F. Mjølsnes / S.Y. Willassen -- 12.2.Forensic Science and ICT / S.Y. Willassen / S.F. Mjølsnes -- 12.3.Evidence / S.Y. Willassen / S.F. Mjølsnes -- 12.3.1.Judicial Evidence / S.Y. Willassen / S.F. Mjølsnes -- 12.3.2.Digital Evidence / S.Y. Willassen / S.F. Mjølsnes -- 12.3.3.Evidential Reasoning / S.Y. Willassen / S.F. Mjølsnes -- 12.3.4.Lack of Evidence / S.Y. Willassen / S.F. Mjølsnes -- 12.4.The Digital Investigation Process / S.Y. Willassen / S.F. Mjølsnes -- 12.5.Digital Evidence Extraction / S.Y. Willassen / S.F. Mjølsnes -- 12.5.1.Sources of Digital Evidence / S.Y. Willassen / S.F. Mjølsnes -- 12.5.2.Extraction / S.Y. Willassen / S.F. Mjølsnes -- 12.6.Digital Evidence Analysis Techniques / S.Y. Willassen / S.F. Mjølsnes -- 12.7.Anti-Forensics / S.Y. Willassen / S.F. Mjølsnes -- 12.8.Further Reading and Web Sites / S.Y. Willassen / S.F. Mjølsnes -- Bibliography / S.Y. Willassen / S.F. Mjølsnes --

Contents note continued: 13.1.Risk Assessment in the Risk Management Process / S. Haugen -- 13.2.Terminology / S. Haugen -- 13.2.1.Risk / S. Haugen -- 13.2.2.Vulnerability / S. Haugen -- 13.2.3.Hazards, Threats, Sources, and Events / S. Haugen -- 13.2.4.Risk Analysis, Risk Evaluation, and Risk Assessment / S. Haugen -- 13.3.Main Elements of the Risk Assessment Process / S. Haugen -- 13.3.1.Establish Context / S. Haugen -- 13.3.2.Describe System, Controls, and Vulnerabilities / S. Haugen -- 13.3.3.Identify Assets / S. Haugen -- 13.3.4.Identify Threats / S. Haugen -- 13.3.5.Identify Events and Causes and Estimate Likelihood / S. Haugen -- 13.3.6.Identify and Estimate Consequences / S. Haugen -- 13.3.7.Estimate Risk Level / S. Haugen -- 13.3.8.Risk Evaluation / S. Haugen -- 13.3.9.Risk Treatment / S. Haugen -- 13.4.Summary / S. Haugen -- 13.5.Further Reading and Web Sites / S. Haugen -- Bibliography / S. Haugen --

Contents note continued: 14.1.A Risk Governance Framework Applied to Information Security / J. Hoyden / E. Albrechtsen -- 14.2.Regulations and Control / J. Hoyden / E. Albrechtsen -- 14.3.Information Security Management / J. Hoyden / E. Albrechtsen -- 14.3.1.Formal and Informal / J. Hoyden / E. Albrechtsen -- 14.3.2.Formal Approaches to Information Security Management / J. Hoyden / E. Albrechtsen -- 14.3.3.Informal Aspects of Information Security Management / J. Hoyden / E. Albrechtsen -- 14.3.4.Information Security Culture / J. Hoyden / E. Albrechtsen -- 14.4.Further Reading and Web Sites / J. Hoyden / E. Albrechtsen -- Bibliography / J. Hoyden / E. Albrechtsen.

Abstract:

"Preface The problems of information security is a truly multidisciplinary field of study, ranging from the methods of pure mathematics through computer and telecommunication sciences to social sciences. The intention of this multiauthored book is to o er an introduction to a wide set of topics in ICT information security, privacy and safety. Certainly, the aim has not been to present a complete treatment of this vast and expanding area of practical and theoretical knowledge. Rather, the hope is that the selected range of topics presented here may attract a wider audience of students and professionals than would each specialized topic by itself. Some of the information security topics contained in this book may be familiar turf for the reader already. However, the reader will likely also nd some new interesting topics presented here that are relevant to his or her professional needs, or for enhancement of knowledge and competence, or as an attractive starting point for further reading and in-depth studies. For instance, the book may provide an entrance and a guide to seek out more specialized courses available at universities and elsewhere, or as an inspiration for further work in projects and assignments. The start of this collection of information security topics goes back to a master level continuing education course that I organized in 2005, where more than 10 professors and researchers contributed from 6 di erent departments at the Norwegian University of Science and Technology. The topics included cryptography, hardware security, software security, communication and network security, intrusion detection systems, access policy and control, risk and vulnerability analysis, and security technology management"--

Subject Term:

Computer security.

Computer networks -- Security measures.

Computers -- Access control.

Multidisciplinary design optimization.

COMPUTERS / Computer Engineering.

COMPUTERS / Networking / General.

TECHNOLOGY & ENGINEERING / Electrical.

Added Author:

Mjølsnes, Stig F.

Copies:

Available:*

Library	Material Type	Item Barcode	Shelf Number	Copy	Status
Searching... 1:IIEMSA	1:GEN-BOOK	33168025597705	005.8 M685M 2012	1	Searching... Unknown

Bound With These Titles

On Order

Summary

With most services and products now being offered through digital communications, new challenges have emerged for information security specialists. A Multidisciplinary Introduction to Information Security presents a range of topics on the security, privacy, and safety of information and communication technology. It brings together methods in pure mathematics, computer and telecommunication sciences, and social sciences.

The book begins with the cryptographic algorithms of the Advanced Encryption Standard (AES) and Rivest, Shamir, and Adleman (RSA). It explains the mathematical reasoning behind public key cryptography and the properties of a cryptographic hash function before presenting the principles and examples of quantum cryptography. The text also describes the use of cryptographic primitives in the communication process, explains how a public key infrastructure can mitigate the problem of crypto-key distribution, and discusses the security problems of wireless network access. After examining past and present protection mechanisms in the global mobile telecommunication system, the book proposes a software engineering practice that prevents attacks and misuse of software. It then presents an evaluation method for ensuring security requirements of products and systems, covers methods and tools of digital forensics and computational forensics, and describes risk assessment as part of the larger activity of risk management. The final chapter focuses on information security from an organizational and people point of view.

As our ways of communicating and doing business continue to shift, information security professionals must find answers to evolving issues. Offering a starting point for more advanced work in the field, this volume addresses various security and privacy problems and solutions related to the latest information and communication technology.