Going beyond the technical coverage of computer and systems security measures, Information Assurance for the Enterprise provides readers an overarching model for information assurance for businesses, government agencies, and other enterprises needing to establish a comprehensive plan. All the components of security and how they relate are featured, and readers will also be shown how an effective security policy can be developed. Topics like asset identification, human factors, compliance with regulations, personnel security, risk assessment and ethical considerations are covered, as well as computer and network security tools and methods.
This is one of the only texts on the market that provides an up-to-date look at the whole range of security and IA topics. In post-9/11 times, managers and IT professionals need to address a wide range of security-related issues, and develop security systems that take all these diverse factors into account. As someone who has worked extensively with the U.S. State Department and other governmental agencies, Corey Schou is uniquely positioned to write the definitive book on the subject; and Daniel Shoemaker is a professor and consultant to the Department of Homeland Security in matters of Information Assurance policy.
Corey D. Schou, Ph.D., is the University Professor of Informatics and the Associate Dean of the College of Business at Idaho State University. He has been involved in establishing computer security and information assurance training and standards for 25 years. His research interests include information assurance, ethics, privacy, and collaborative decision making. He was responsible for compiling and editing computer security standards and training materials for the Committee on National Security Systems (CNSS).
Throughout his career, Dr. Schou has remained an active classroom teacher despite his research and service commitments. He is the founding director of the Informatics Research Institute and the National Information Assurance Training and Education Center (NIATEC) that was designated the National Center of Excellence in Information Assurance Education.
In 1996, his research center was cited by the Information Systems Security Association (ISSA) for Outstanding Contributions to the Security Profession and he was selected as the Educator of the Year by the Federal Information Systems Security Educators Association (FISSEA). In 1997, the Masie Institute and TechLearn Consortium recognized his contributions to distance education. In 2001, Dr. Schou was honored by the International Information Systems Security Certification Consortium [(ISC)2] with the Tipton award for his work in professionalization of computer security and his development of the generally accepted common body of knowledge (CBK) used in the certification of information assurance professionals.
Dr. Schou serves as the chair of the Colloquium for Information Systems Security Education (CISSE). Under his leadership, the Colloquium creates an environment for exchange and dialogue among leaders in government, industry, and academia concerning information security and information assurance education. In addition, he is the editor of Information Systems Security and serves on the board of several professional organizations.
Dan Shoemaker, Ph. D. (University of Detroit Mercy) is the Director of the Centre for the Software Assurance Institute, a National Security Agency (NSA) Center of Academic Excellence, at the University of Detroit Mercy. He is also a Professor at UDM where he has been the Chair of Computer and Information Systems since 1985. Dr. Shoemaker is Co-Chair of the Workforce Training and Education working group within the Department of Homeland Security’s National Cybersecurity Division (NCSD). Dr. Shoemaker was one of the earliest academic participants in the development of Software Engineering as a discipline, starting at SEI in the fall of 1987.
Part I The Organizational/Policy Domain1 Organizational Security Policy and Planning2 Defined and Documented Infrastructure3 Education and Awareness4 Asset Management5 Business Continuity6 Legal and Regulatory Compliance Part II The Managerial/Administrative Domain7 Building Security Functions Into Development8 Personnel Security 9 Physical SecurityPart III The Operational/Technical Domain10 Access Control11 Operations Security12 Network Security13 Application and System Software Security14 Operational Risk Assessment and AuditPart IV The Community/Contextual Domain15 Ethics 16 A Standard Implementation Model GlossaryIndex