, Principles of Information Security
Fourth Edition
Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
, Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
, Principles of Information Security
Fourth Edition
Michael E. Whitman, Ph.D., CISM, CISSP
Herbert J. Mattord, CISM, CISSP
Kennesaw State University
Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States
Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
, This is an electronic version of the print textbook. Due to electronic rights restrictions, some third party content may be suppressed.
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience.
The publisher reserves the right to remove content from this title at any time if subsequent rights restrictions require it.
For valuable information on pricing, previous editions, changes to current editions, and alternate formats,
please visit www.cengage.com/highered to search by ISBN#, author, title, or keyword for materials in your areas of interest.
Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
, Principles of Information Security, © 2012 Course Technology, Cengage Learning
Fourth Edition
For more information, contact or find us on the World Wide Web at:
Michael E. Whitman and
www.course.com
Herbert J. Mattord
ALL RIGHTS RESERVED. No part of this work covered by the
Vice President Editorial, Career Education & copyright herein may be reproduced, transmitted, stored or used in
Training Solutions: Dave Garza any form or by any means graphic, electronic, or mechanical,
Director of Learning Solutions: Matthew Kane including but not limited to photocopying, recording, scanning,
Executive Editor: Steve Helba digitizing, taping, Web distribution, information networks, or
information storage and retrieval systems, except as permitted under
Managing Editor: Marah Bellegarde Section 107 or 108 of the 1976 United States Copyright Act, without
Product Manager: Natalie Pashoukos the prior written permission of the publisher.
Development Editor: Lynne Raughley
For product information and technology assistance, contact us at
Editorial Assistant: Jennifer Wheaton
Cengage Learning Customer & Sales Support, 1-800-354-9706
Vice President Marketing, Career Education &
For permission to use material from this text or product, submit all
Training Solutions: Jennifer Ann Baker requests online at cengage.com/permissions
Marketing Director: Deborah S. Yarnell Further permission questions can be emailed to
permissionrequest@cengage.com
Senior Marketing Manager: Erin Coffin
Associate Marketing Manager: Shanna Gibbs
Library of Congress Control Number: 2010940654
Production Manager: Andrew Crouth
Content Project Manager: Brooke Greenhouse ISBN-13: 978-1-111-13821-9
Senior Art Director: Jack Pendleton ISBN-10: 1-111-13821-4
Manufacturing Coordinator: Amy Rogers
Technical Edit/Quality Assurance: Green Pen Course Technology
Quality Assurance 20 Channel Center
Boston, MA 02210
USA
Cengage Learning is a leading provider of customized learning
solutions with office locations around the globe, including Singapore,
the United Kingdom, Australia, Mexico, Brazil, and Japan. Locate your
local office at: international.cengage.com/region.
Cengage Learning products are represented in Canada by
Nelson Education, Ltd.
For your lifelong learning solutions, visit course.cengage.com
Purchase any of our products at your local college store or at our
preferred online store www.cengagebrain.com.
Printed in the United States of America
1 2 3 4 5 6 7 8 9 14 13 12 11 10
Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
, To Rhonda, Rachel, Alex, and Meghan, thank you for your loving support.
—MEW
To my wife Carola; without your support, none of this would be possible.
—HJM
Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
, Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
, Brief Table of Contents
PREFACE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
CHAPTER 1
Introduction to Information Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
CHAPTER 2
The Need for Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
CHAPTER 3
Legal, Ethical, and Professional Issues in Information Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
CHAPTER 4
Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
CHAPTER 5
Planning for Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
CHAPTER 6
Security Technology: Firewalls and VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
CHAPTER 7
Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools . . . . . 291
CHAPTER 8
Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
CHAPTER 9
Physical Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
CHAPTER 10
Implementing Information Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
CHAPTER 11
Security and Personnel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
CHAPTER 12
Information Security Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
GLOSSARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579
INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601
vii
Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
, Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.