MANAGEMENT OF INFORMATION SECURITY ISBN: 0-619-21515-1 Copyright 2004 by Course Technology, a division of Thomson Learning. Original language publishe

] Michael E. Whitman, Herbert J. Mattord

MANAGEMENT OF INFORMATION SECURITY ISBN: 0-619-21515-1 Copyright 2004 by Course Technology, a division of Thomson Learning. Original language published by Thomson Learning. All Rights reserved., Chongqing University Press is authorized by Thomson Learning to publish and distribute exclusively this simplified Chinese edition. This edition is authorized for sale in the People s Republic of China only ( excluding Hong Kong, Macao SAR and Taiwan). Unauthorized export of this edition is a violation of the Copyright Act. No part of this publication may be reproduced or distributed by any means, or stored in a database or retrieval system, without the prior written permission of the publisher. ( ), 981-265-278-7 ( 2004) 40 ( CIP) / ( ) ( Whitman, A. E. ), ( ) ( Mattord, H. J. ) ;. :, 2005. 3 ( ) ISBN 7-5624-3172-8.................. -. TP309 CIP ( 2004) 120105 Xinxi Anquan Guanli [ ] Michael E. Whitman( ) and Herbert J. Mattord( ) : : 174 ( A ) : http: / / www. cqup. com. cn : 400030 : ( 023) 65102378 65105781 : ( 023) 65103686 65105565 : : : : : : : : 787 1092 1 /16 : 33. 5 : 711 : 2005 3 1 2005 3 1 : ISBN 7-5624-3172-8 : 1 4 000 : 47. 00

,,,,,,,,,,,,,,,,, IT, ( CISSP, Certified Information Systems Security Professionals), CISSP, CISSP ( ) ( chapter scenarios),,, ( viewpoint),, ( offline) ( threat management boxes), ( hands-on learning),,, 1

, Michael Whitman and Herbert Mattord Michael Whitman ( ), KSU Herbert Mattord ( Principles of Information Security), Course Technology Whitman, : Information Systems Research, the Communication of the ACM, Information and Management, the Journal of International Business Studies the journal of Computer Information Systems Whitman The Hands-On Information Security Lab Manual, Thomson Learning Custom Publishing Herbert Herbert Mattord ( M. B. A CISSP ) IT 24,, Michael Whitman IT, ( Southern Polytechnic State University, ) ( ) ( ),, Georgia-Pacific, 12 1 1 1 2,,,

2, 3,, 3 4,, 3 ;, 5,,,, 6 ( ),, IT NIST SP 800-26,, ( NIST), 4 7,, 3

8,,,,, OCTAVE 9, : ; ;, 5 10 5,,,, 11,, 12,, 4,, THOMSON ( ),, PowerPoint,, Thomson Learning,

,,, Course Technology,, 5, Course Technology,,,,, Carola Mattord,,,, 8, Denise Padavano, Peirce College George Proeller, Colorado Technical University Bill Schiano, Bentley College Bill Uminowicz, DeVry University Course Technology, : Alyssa Pratt, Product Manager Lynne Raughley, Developmental Editor Jennifer Locke, Executive Editor Brooke Booth, Production Editor Mirella Misiazcek, Associate Product Manager,, : The Human Firewall Council NetIQ Corporation The viewpoint authors: Morgan Alexander-LeStat Henry Bonin George Hulme Lee Imrey Steve Kahan Eng-Kiat Koh 5

Chris Pick Bruce Schneier Krizi Trivisani Todd Tucker NetIQ, Steven Kahan Charles Cresson Wood Merle King,, Course Technology : mis@ course. com Charles Cresson Wood 6 23, 125,,,, ;, ;,,,, ( Arthur Andersen),,,,,,,,,,,,,,, Harris Interactive, 79%,,,,,,,,,, (

,, ( ),,,,,,,,,?,,,,,,,,,, ( Social Engineering), IT,,,,,,,,,,,,,,,,,,,,, 42% (,! ) ;, 50%,,,,, Charles Cresson Wood, CIAS, CISSP Sausalito, California 7

1 3 4? 5? 12 20 22 23 23 24 2 2 27 28 30 37 58 58 59 60 3 63 64? 65 67 85 94 97 98 1

100 100 101 3 4 105 106? 106 109 114 119 124 145 146 147 147 5 149 150 150 158 170 171 174 192 192 193 194 2 6 197 198 198 218 226 231 232 233

234 4 7 : 239 240 240 244 260 264 266 267 268 269 8 : 271 272 273 277 278-282 289 293 OCTAVE 294 304 305 306 307 9 311 312 314 324 334 336 339 344 3

358 359 360 360 5 10 365 366 367 378 386 397 397 398 398 11 401 402 402 403 417 423 427 429 429 430 431 431 4 12 433 434 436 437 454 463 463

464 464 467 NIST SP 800-26,, 479 5