eBay

Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity.

Product Id:1466592141

Condition: LIKE NEW

Notes:Item in good condition. Textbooks may not include supplemental items i.e. CDs, access codes etc... The traditional view of information security includes the three cornerstones: confidentiality, integrity, and availability; however the author asserts authentication is the third keystone. As the field continues to grow in complexity, novices and professionals need a reliable reference that clearly outlines the essentials. Security without Obscurity: A Guide to Confidentiality, Authentication, and Integrity fills this need. Rather than focusing on compliance or policies and procedures, this book takes a top-down approach. It shares the author's knowledge, insights, and observations about information security based on his experience developing dozens of ISO Technical Committee 68 and ANSI accredited X9 standards. Starting with the fundamentals, it provides an understanding of how to approach information security from the bedrock principles of confidentiality, integrity, and authentication. The text delves beyond the typical cryptographic abstracts of encryption and digital signatures as the fundamental security controls to explain how to implement them into applications, policies, and procedures to meet business and compliance requirements. Providing you with a foundation in cryptography, it keeps things simple regarding symmetric versus asymmetric cryptography, and only refers to algorithms in general, without going too deeply into complex mathematics. Presenting comprehensive and in-depth coverage of confidentiality, integrity, authentication, non-repudiation, privacy, and key management, this book supplies authoritative insight into the commonalities and differences of various users, providers, and regulators in the U.S. and abroad.

Product Identifiers

Publisher

Auerbach Publishers, Incorporated

ISBN-10

1466592141

ISBN-13

9781466592148

eBay Product ID (ePID)

175869306

Product Key Features

Author

J. J. Stapleton

Publication Name

Security Without Obscurity : a Guide to Confidentiality, Authentication, and Integrity

Format

Hardcover

Language

English

Publication Year

2014

Type

Textbook

Number of Pages

355 Pages

Dimensions

Item Length

9.4in.

Item Height

1in.

Item Width

6.2in.

Item Weight

21.7 Oz

Additional Product Features

Lc Classification Number

Qa76.9.A25s734 2014

Reviews. Jeff's extensive practical experience in applying information security and his expertise in cryptographic standards makes this book a must-read for the information security professional. Security without Obscurity: A Guide to Confidentiality, Authentication, and Integrity deserves a place in your reference library. --Ralph Spencer Poore, CFE, CISA, CISSP, CHS-III, PCIP, ISSA Distinguished Fellow, ISSA Honor Roll Having worked at the same consulting firm and also on a project with author J.J. Stapleton (full disclosure); I knew he was a really smart guy. In Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity, Stapleton shows how broad his security knowledge is to the world. When it comes to the world of encryption and cryptography, Stapleton has had his hand in a lot of different cryptographic pies. He has been part of cryptographic accreditation committees for many different standard bodies across the globe. ... Those looking for a highly technical overview, interoperability guidance, and overall reference will find the book most rewarding. ... One of the ways Stapleton brings his broad experience to the book is in the many areas where he compares different types of cryptosystems, technologies and algorithms. This enables the reader to understand what the appropriate type of authentication is most beneficial for the specific requirement. ... For anyone looking for an authoritative text on how to fully implement cross-platform security and authentication across the enterprise, this is a valuable reference to get that job done. --Book review by Ben Rothke, writing on slashdot.org View the full review at: http://books.slashdot.org/story/14/06/16/1245237/book-review-security-without-obscurity ... the author is well qualified to assay the vital information technology field of computer network security ... The text is peppered with instructive figures and tables ... very clearly written ... --John Maxymuk for ARBAonline, Jeff's extensive practical experience in applying information security and his expertise in cryptographic standards makes this book a must-read for the information security professional. Security without Obscurity: A Guide to Confidentiality, Authentication, and Integrity deserves a place in your reference library. --Ralph Spencer Poore, CFE, CISA, CISSP, CHS-III, PCIP, ISSA Distinguished Fellow, ISSA Honor Roll Having worked at the same consulting firm and also on a project with author J.J. Stapleton (full disclosure); I knew he was a really smart guy. In Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity, Stapleton shows how broad his security knowledge is to the world. When it comes to the world of encryption and cryptography, Stapleton has had his hand in a lot of different cryptographic pies. He has been part of cryptographic accreditation committees for many different standard bodies across the globe. ... Those looking for a highly technical overview, interoperability guidance, and overall reference will find the book most rewarding. ... One of the ways Stapleton brings his broad experience to the book is in the many areas where he compares different types of cryptosystems, technologies and algorithms. This enables the reader to understand what the appropriate type of authentication is most beneficial for the specific requirement. ... For anyone looking for an authoritative text on how to fully implement cross-platform security and authentication across the enterprise, this is a valuable reference to get that job done. --Book review by Ben Rothke, writing on slashdot.org View the full review at: http://books.slashdot.org/story/14/06/16/1245237/book-review-security-without-obscurity, Jeff's extensive practical experience in applying information security and his expertise in cryptographic standards makes this book a must-read for the information security professional. Security without Obscurity: A Guide to Confidentiality, Authentication, and Integrity deserves a place in your reference library. --Ralph Spencer Poore, CFE, CISA, CISSP, CHS-III, PCIP, ISSA Distinguished Fellow, ISSA Honor Roll, Jeff's extensive practical experience in applying information security and his expertise in cryptographic standards makes this book a must-read for the information security professional. Security without Obscurity: A Guide to Confidentiality, Authentication, and Integrity deserves a place in your reference library. --Ralph Spencer Poore, CFE, CISA, CISSP, CHS-III, PCIP, ISSA Distinguished Fellow, ISSA Honor Roll Having worked at the same consulting firm and also on a project with author J.J. Stapleton (full disclosure); I knew he was a really smart guy. InSecurity without Obscurity: A Guide to Confidentiality, Authentication and Integrity, Stapleton shows how broad his security knowledge is to the world. When it comes to the world of encryption and cryptography, Stapleton has had his hand in a lot of different cryptographic pies. He has been part of cryptographic accreditation committees for many different standard bodies across the globe. ... Those looking for a highly technical overview, interoperability guidance, and overall reference will find the book most rewarding. ... One of the ways Stapleton brings his broad experience to the book is in the many areas where he compares different types of cryptosystems, technologies and algorithms. This enables the reader to understand what the appropriate type of authentication is most beneficial for the specific requirement. ... For anyone looking for an authoritative text on how to fully implement cross-platform security and authentication across the enterprise, this is a valuable reference to get that job done. --Book review by Ben Rothke, writing on slashdot.org View the full review at: http://books.slashdot.org/story/14/06/16/1245237/book-review-security-without-obscurity ... the author is well qualified to assay the vital information technology field of computer network security ... The text is peppered with instructive figures and tables ... very clearly written ... --John Maxymuk for ARBAonline

Table of Content

Introduction About This Book Audience for This Book Guide to This Book Standards Standards Organizations ISO TC68 Financial Services ASC X9 Financial Services Standards Depreciation Risk Assessment Threat Analysis Vulnerability Analysis Probability Analysis Impact Analysis Control Adjustments Example Assessment Confidentiality Data Classification Data Groups Data Tagging Data States Data in Transit Encryption Methods Encryption Methods 2 Encryption Methods 3 Data in Process Data in Storage Data Encryption Session Encryption Field Encryption Data Tokenization Data Encryption Keys Authentication Authentication Factors Single-Factor Authentication Multifactor Authentication Multisite Authentication Knowledge Factors Person Entity (PE) Authentication Nonperson Entity (NPE) Authentication Knowledge-Based Authentication (KBA) Zero Knowledge (ZK) Authentication Possession Factors Hardware Objects Data Objects Software Objects One-Time Passwords (OTP) Biometric Factors Biometric Technology Biometric Enrollment Biometric Verification Biometric Identification Cryptography Factors Symmetric Cryptography Asymmetric Cryptography Cryptographic Authentication Cryptographic Protocols Signature Synonyms Handwritten Signatures Dynamic Signatures Digital Signatures Electronic Signatures Provisioning Integrity Integrity Check Value (ICV) Description ICV Composition Integrity Check Points Data Integrity States Data in Transit Data in Process Data in Storage Integrity Check Methods Longitudinal Redundancy Check (LRC) Cyclic Redundancy Check (CRC) Hash and Message Digest Message Authentication Code (MAC) Hashed Message Authentication Code (HMAC) Digital Signature Time-Stamp Token (TST) Nonrepudiation Technical Considerations Cryptographic Considerations Operational Considerations Legal Considerations Privacy Technical Considerations Privacy Data Elements Cross-Border Jurisdictions Cryptographic Considerations Operational Considerations Roles and Responsibilities Security Policy Legal Considerations European Union (EU) Privacy Directive Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) United Kingdom Data Privacy Act (DPA) United States Privacy Laws and Guidelines Federal Trade Commission (FTC)--Privacy of Consumer Financial Information Health Insurance Portability and Accountability Act (HIPAA) Fair Credit Reporting Act (FCRA) Federal Privacy Act Key Management Cryptographic Algorithms Encryption Message Authentication Code (MAC) Hashed Message Authentication Code (HMAC) Hash Digital Signature Key Transport 7 Key Agreement Summary of Algorithms Cryptographic Modules Common Criteria NIST Cryptographic Modules ANSI Tamper Resistant Security Modules ISO Secure Cryptographic Modules Key-Management Life Cycle Cryptography Risks Life-Cycle Phases Life-Cycle Controls Cryptographic Architecture Security Policies, Practices, and Procedures Key Inventory Network, Data, and Key Diagrams Public Key Infrastructure Certificate Authority Registration Authority Subject Relying Party Bibliography Index

2014

Target Audience

College Audience

Topic

Security / General, Security / Networking, Management, Information Technology

Lccn

2014-006006

Dewey Decimal

005.8

Illustrated

Yes

FINAL SALE. NO RETURNS OR A REFUNDS DUE TO THE NATURE OF THE SALE

Genre

Computers, Business & Economics