As organizations increasingly depend on electronic information, the lack of systematic training on effective operations and security principles is causing chaos. This book reviews fundamental concepts and practical recommendations for operations and security managers and staff.
As organizations increasingly depend on electronic information, the lack of systematic training on effective operations and security principles is causing chaos. This book reviews fundamental concepts and practical recommendations for operations and security managers and staff.
M. E. Kabay completed his BSc in genetics (1970) and his MSc in teratology (1972) at McGill University. In 1976, he completed his PhD from Dartmouth College in applied statistics and invertebrate zoology and then taught statistics, programming, and biology as a university professor in Canada and overseas. In 1979, he joined a compiler team for a new fourth-generation programming language (4GL) and relational database management system in the U.S. and then joined Hewlett-Packard Canada in 1980 as an operating-systems and DB-performance specialist, winning the Systems Engineer of the Year Award in 1982 and teaching MPE operating system, IMAGE/3000 database and VPLUS/3000 GUI-design courses as well as serving as support engineer to HP's hospital, university and government customers and managing HP's bilingual call center (Phone-In Consulting Service) for Québec and the Maritime provinces. He served as adjunct faculty in the 1980s in the University of Ottawa Institute for Government Informatics Professionals, the John Abbot College Programmers' Course and their Technical Support Program, and the McGill University Management Institute before joining Norwich University in 2001. He founded his own company, JINBU Corporation, in 1986; much of his consulting work in that firm was database-performance analysis and redesign for optimization. Other assignments included overall operating-system analysis and optimization for improved performance to meet service-level agreements for quality of service; he was assigned twelve such contracts for the Government of Canada in 1989. He also completed several contracts in organizational analysis to help improve operations and management processes. He served as Director of Education for the National Computer Security Association (later ICSA and then TruSecure) from 1991 to 1999 and taught security courses around the world, including Europe, Asia and North America. He was the Leader of the INFOSEC Delegation to the People's Republic of China in 1993 and provided a 100 page report on his contacts to the Canadian Security Information Service (CSIS). He worked with Adario/AtomicTangerine where he supported the International Institute for Information Integrity (I-4). He was a member of the committees defining the Common Body of Knowledge for the Certified Information Systems Security Professional (CISSP) designation in the mid-1990s and earned his CISSP in 1997. The committee used his 1996 textbook, The NCSA Guide to Enterprise Security (McGraw-Hill) as one of their resources. His certification as an Information Systems Security Management Professional (ISSMP) was granted in 2005. He terminated his use of the CISSP and ISSMP designations in 2021. Since 1986 (and as of early 2021), he has published over 2,000 articles in operations management and security, and served as Technical Editor of the 4th (2002), 5th (2009) and 6th (2014) editions of the Computer Security Handbook (Wiley). He wrote two security-management columns a week distributed by Network World from February 2000 to September 2011 and one per week for InfoSec Perception from October 2011 to the end of 2013. His public website has a total of over 2,000 PDF files and over 500 instructional PowerPoint files freely available to anyone for non-commercial use. He has been an invited lecturer at the U.S. War College, the Pentagon, and at NATO Counterintelligence training in Germany. He was inducted into the Information Systems Security Association (ISSA) Hall of Fame in December 2004. From 2002 to 2009, he was the creator and Director of the Master's Program in Information Assurance (MSIA) in the College of Graduate and Continuing Studies (CGCS) at Norwich University, Northfield, Vermont where he was also the Chief Technical Officer of the CGCS from 2007 to 2009. Returning full time to the School of Business & Management in 2009, he was promoted to Professor of Computer Information Systems in May 2011 and was appointed Associate Director of the Norwich University Center for Advanced Computing and Digital Forensics in July 2011. He retired on 31 December 2020 after teaching at Norwich for 20 years. In May 2021, he was anointed (er, appointed) Emeritus Professor of Computer Science in the School of Cybersecurity, Data Science and Computing, College of Professional Schools, Norwich University.
Inhaltsangabe
1. The Parkerian Hexad 2. Confidentiality 3. Control or Possession 4. Data Integrity 5. Authenticity 6. Availability 7. Utility 8. Threats 9. Management Principles 10. Employment 11. Operations Management in IT 12. Technical Support 13. Security-Policy Style 14. Programming for Security 15. INFOWAR 16. Cyberlaw Issues 17. Protecting Your Organization's Reputation in Cyberspace
