This book covers the technical as well as administrative aspects of security in modern digital enterprises using Apache, MySQL, PHP, and ACID from a total systems point of view instead of concentrating on one issue (e.g., network security, host security, data security, cryptography). The book starts with a comprehensive overview of security principles and practices that are needed to satisfy the IS systems integrity, confidentiality and availability requirements. The topics in this phase of the book include security awareness, security requirements, IS security and control practices, risk analysis, policies, and security management. A methodology for IS security is also introduced in this phase. The second part of the book covers the core security tools and techniques that are common to almost all security and audit practices. The topics in this phase of the book include: encryption based on symmetric/asymmetric techniques, authentication, access control, digital certificates, and digital signatures. Discussion also includes common security packages that combine these techniques into solutions such as PKI, PGP, SSL, and VPN. In the third phase, these techniques and methodology are used to build security solutions at an enterprise level. Topics in this phase cover Internet security, Web and Web Services security, XML security, application security, e-commerce security, wireless and mobile computing security, and other emerging cyber security issues. The book concludes with a discussion of information assurance in web environments, IT audit and control principles, and security audits needed for continued secure operations
Le informazioni nella sezione "Riassunto" possono far riferimento a edizioni diverse di questo titolo.