Information Security Fundamentals: 2nd Edition (Paperback) book cover

Information Security Fundamentals

2nd Edition

By Thomas R. Peltier

Auerbach Publications

438 pages | 103 B/W Illus.

Purchasing Options:$ = USD
Paperback: 9781439810620
pub: 2013-10-16
Hardback: 9781138436893
pub: 2017-07-27
eBook (VitalSource) : 9780429130281
pub: 2013-10-16
from $38.48

FREE Standard Shipping!


Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise’s effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition providesinformation security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.

The book examines the elements of computer security, employee roles and responsibilities, and common threats. It discusses the legal requirements that impact security policies, including Sarbanes-Oxley, HIPAA, and the Gramm-Leach-Bliley Act. Detailing physical security requirements and controls, this updated edition offers a sample physical security policy and includes a complete list of tasks and objectives that make up an effective information protection program.

  • Includes ten new chapters
  • Broadens its coverage of regulations to include FISMA, PCI compliance, and foreign requirements
  • Expands its coverage of compliance and governance issues
  • Adds discussions of ISO 27001, ITIL, COSO, COBIT, and other frameworks
  • Presents new information on mobile security issues
  • Reorganizes the contents around ISO 27002

The book discusses organization-wide policies, their documentation, and legal and business requirements. It explains policy format with a focus on global, topic-specific, and application-specific policies. Following a review of asset classification, it explores access control, the components of physical security, and the foundations and processes of risk analysis and risk management.

The text concludes by describing business continuity planning, preventive controls, recovery strategies, and how to conduct a business impact analysis. Each chapter in the book has been written by a different expert to ensure you gain the comprehensive understanding of what it takes to develop an effective information security program.

Table of Contents

Developing Policies; Thomas R. Peltier

Organization of Information Security; Patrick D. Howard

Cryptology; Maria Dailey

Risk Management: The Facilitated Risk Analysis and Assessment Process; Thomas R. Peltier

Building and Maintaining an Effective Security Awareness Program; John G. O’Leary

Physical Security; John A. Blackley

Disaster Recovery and Business Continuity Planning; Kevin McLaughlin

Continuity of Operations Planning; Jeffery Sauntry

Access Controls; Kimberly Logan

Information System Development, Acquisition, and Maintenance; Quinn R. Shamblin

Information Security Incident Management; Brad Smith

Asset Classification; Thomas R. Peltier and William Tompkins

Threats to Information Security; Justin Peltier

Information Security Policies: A Practitioner’s View; Charles Johnson


Appendix A: Facilitated Risk Analysis and Assessment Process (FRAAP)

Appendix B: Business Impact Analysis; Kevin McLaughlin

Subject Categories

BISAC Subject Codes/Headings:
COMPUTERS / Information Technology
COMPUTERS / Security / General