Information security : principles and practice /
Mark Stamp, San Jose State University, San Jose, California.
- Third edition.
- 430 pages 23 cm.
Includes bibliographical references and index.
"Information security is a rapidly evolving field. As businesses and consumers become increasingly dependent on complex multinational information systems, it is more imperative than ever to protect the confidentiality and integrity of data. Working knowledge is required of aspects of cryptography such as classic cryptosystems, symmetric key cryptography, public key cryptography, hash functions, random numbers, information hiding, and cryptanalysis. Experts must also use access control techniques like authentication and authorization, password-based security, ACLs and capabilities, multilevel security and compartments, covert channels and inference control. Among the various protocols used in information security are simple authentication protocols, session keys, perfect forward secrecy, timestamps, SSH, SSL, IPSec, Kerberos, WEP, and GSM. Software can create problems including flaws and malware, buffer overflows, viruses and worms, and also solve them using tools such as malware detection, digital rights management, secure software development, and operating systems security"--