Engineering Information Security

10/28/2011 · No Responses

Information security is the act of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. This book discusses why information security is needed and how security problems can have widespread impacts. It covers the complete security lifecycle of products and services, starting with requirements and policy development and progressing through development, deployment, and operations, and concluding with decommissioning. Professionals in the sciences, engineering, and communications fields will turn to this resource to understand the many legal, technical, competitive, criminal and consumer forces and influences that are rapidly changing our information dependent society.

From the Back Cover
From design to deployment to decommissioning: a systems engineering approach to information security

With this book as a guide, readers learn to apply a tested and proven methodology to address the information security concerns of any organization, ensuring that specific classes of information are only accessible to designated users. The methodology is based on systems engineering, a set of concepts that enable the systematic documentation of objectives and set forth the functional and performance capabilities needed to achieve those objectives. Because the book considers the complete life cycle of security systems, it also guides readers through deployment, operations, and eventual decommissioning. Moreover, the book goes well beyond technical requirements, enabling the full account of all aspects of an organization’s needs, including:

Day-to-day operations
Services and products provided and consumer markets served
Overall competitive environment and key competitors
Legal and regulatory requirements
Vulnerability to criminal activity

The book includes a CD which contains more than 200 color figures and diagrams to help illustrate and simplify complex systems and processes. Numerous examples throughout the book show step by step how to put security concepts and mechanisms into practice. The CD also includes a number of useful appendices, including a listing of individual state privacy laws, a sample enterprise security policy document, and a sample request for proposal.By presenting a systems engineering approach to information security, this book enables security practitioners and students of information security to cope with rapid changes in technology in order to consistently provide the level of information security needed to fully protect the interests of an organization, its personnel, and its customers.