Practical Information Security

Dr. Izzat Alsmadi is an Assistant Professor in the department of Computing and cyber security in Texas A&M, San Antonio.

He has his master and PhD in Software Engineering from North Dakota State University.

He has more than 100 conference and journal publications. His research interests include: Software security, software engineering, software testing, social networks and software defined networking. He is lead editor of Information Fusion for Cyber-Security Analytics, Alsmadi, Izzat M, Karabatis, George, Aleroud, Ahmed, Springer, 2017.

The author is also a member of The National Initiative for Cybersecurity Education (NICE) group, which meets frequently to discuss enhancements on cyber security education at the national level.

This textbook presents a practical introduction to information security using the Competency Based Education (CBE) method of teaching. The content and ancillary assessment methods explicitly measure student progress in the three core categories: Knowledge, Skills, and Experience, giving students a balance between background knowledge, context, and skills they can put to work. Students will learn both the foundations and applications of information systems security; safeguarding from malicious attacks, threats, and vulnerabilities; auditing, testing, and monitoring; risk, response, and recovery; networks and telecommunications security; source code security; information security standards; and compliance laws. The book can be used in introductory courses in security (information, cyber, network or computer security), including classes that don't specifically use the CBE method, as instructors can adjust methods and ancillaries based on their own preferences. The book content is also aligned with the Cybersecurity Competency Model, proposed by department of homeland security. The author is an active member of The National Initiative for Cybersecurity Education (NICE), which is led by the National Institute of Standards and Technology (NIST). NICE is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development.

Makes an explicit balance between knowledge and skills material in information security, giving readers immediate applicable skills

Introduction.- Information Systems Security.- Malicious Attacks, Threats, and Vulnerabilities.- Access Controls.- Security Operations and Administration.- Auditing, Testing, and Monitoring.- Risk, Response, and Recovery.- Cryptography.- Networks and Telecommunications Security.- Source Code Security.- Information Security Standards.- Information Systems Security Education and Training.- U.S. Compliance Laws.- Conclusion.