Engineering Information Security: The Application of Systems Engineering Concepts to Achieve Information Assurance

by Stuart Jacobs

Publisher: Wiley-IEEE Press
ISBN: 0470565128

Check price @ amazon.com , amazon.ca , amazon.co.uk

Book Description

Information security is the act of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. This book discusses why information security is needed and how security problems can have widespread impacts. It covers the complete security lifecycle of products and services, starting with requirements and policy development and progressing through development, deployment, and operations, and concluding with decommissioning. Professionals in the sciences, engineering, and communications fields will turn to this resource to understand the many legal, technical, competitive, criminal and consumer forces and influences that are rapidly changing our information dependent society.

From the Back Cover

From design to deployment to decommissioning: a systems engineering approach to information security

With this book as a guide, readers learn to apply a tested and proven methodology to address the information security concerns of any organization, ensuring that specific classes of information are only accessible to designated users. The methodology is based on systems engineering, a set of concepts that enable the systematic documentation of objectives and set forth the functional and performance capabilities needed to achieve those objectives. Because the book considers the complete life cycle of security systems, it also guides readers through deployment, operations, and eventual decommissioning. Moreover, the book goes well beyond technical requirements, enabling the full account of all aspects of an organization's needs, including:

• Day-to-day operations
• Services and products provided and consumer markets served
• Overall competitive environment and key competitors
• Legal and regulatory requirements
• Vulnerability to criminal activity

The book includes a CD which contains more than 200 color figures and diagrams to help illustrate and simplify complex systems and processes. Numerous examples throughout the book show step by step how to put security concepts and mechanisms into practice. The CD also includes a number of useful appendices, including a listing of individual state privacy laws, a sample enterprise security policy document, and a sample request for proposal.By presenting a systems engineering approach to information security, this book enables security practitioners and students of information security to cope with rapid changes in technology in order to consistently provide the level of information security needed to fully protect the interests of an organization, its personnel, and its customers.

Customer Reviews

My compliments to the author. It is about time that someone who obviously has a detailed understanding of security has authored such a comprehensive text. Often times everyone wants to jump to implementation without understanding the theory, principles, and basics of the fundamental issues, and this text does an exemplary job of defining the fundamentals and foundations before addressing the resolutions. If you are looking for a solid foundation and understanding of information security, then you owe it to yourself to read this text, as it is a true engineering approach

I would say if you're looking for a definition of terminology then this is a book you might want to read. But it really lacks a comprehensive glossary and contains a few errors. It also lacks a detail vision on how to understand or use the information. Consequently, very rudimentary information security topics are discussed throughout this book which lacks practicality. Unfortunately the book didn't offer anything unique that you won't get from other online sources for free.