Enterprise Information Systems Assurance And System Security: Managerial And Technical Issues

I took a class for A+ and CCNA, but never certified. I also took a class in Net+ and decided to go get certified there. I worked for about five months as a tech-support technician and have build a few computers. So, that's my background. With a BS in History I decided to go for a master degree in Information Systems Security...you see the connection right? Actually I'm looking to turn a hobby into a profession, naturally not having a BS in CIS or CS I was typically worried about the course. This book had been a tremendous help. I use this book more than any other individual book, to include the course books. My masters degree will be a management degree and that is what this book is geared for...as the title indicates. I knew about routers, networks, basic security like strong passwords, AND since I'm an army reservist I'm familiar the concept of Risk Management; however, I knew ZERO about E-Commerce, E-Business, Security Policies, planning and implementing IT Architecture, etc. This book took me through the whole gambit step by step. It has diagrams that are logical yet simple to understand. Do you know what Defense-in-Depth is? -or put another way- How about the concept of Security in Layers? This book will explain it from outside in, top to bottom, and front to back. What about encryption? What's new and what's obsolete? This book was published in 2006, so it's still pretty current. The book breaks down a typical E-Business environment into easily understood models taking you from the customer outside the Internet or the corporate staff person logging onto a corporate network...to a Business Logic Layer of web servers and application servers...to the Data Layer of database servers and directory servers. It covers security from outside the perimeter of firewalls and routers to hardening the internal database applications. You want to know what security access controls encompass? This books covers complete security domain profiles. I will say that the matrix definition/method equations covered in Chapter VII were not exactly written at what I would call a beginners level, so I'm glad my classes haven't covered that. Wheew. There are plenty of examples and definitions to illustrate covered materials. The chapters are as follows: Ch I: A Model of Information Security Governance for E-Business Ch II: IT Security Governance and Centralized Security Controls Ch III: Case Study of Implemented Information Systems Security Policy Ch IV: Malware and Antivirus Deployment for Enterprise Security Ch V: The impact of the Sarbanes-Oxley (SOX) Act on Information Security Ch VI: A Security Blueprint for E-Business Applications Ch VII: Security Management for an E-Enterprise Ch VIII: Implementing IT Security for Small & Medium Enterprises Ch IX: E-Commerce Security Ch X: The Survivability Principle: IT-Enabled Dispersal of Organizational Capitol Ch XI: Security Engineering: IT is all about control and assurance objectives Ch XII: High Assuran