xvi Introduction Chapter 2:Identification and Authentication In Chapter 2,we cover the security principles of identification and authentica- tion.We discuss identification as a process by which we assert the identity of pary whether thisis ttWelalk aho he of auen ns of validating whether is true.We o cover multifactor auther and the use of biometisand hardware tokens to enhance surety in the authentication process. Chapter 3:Authorization and Access Control In this chapter,we discuss the use of authorization and access control. Authorization is the next step in the process that we work through in order to allow entities access to resources.We cover the various access control models that we use when putting together such systems like discretionary access con- trol,mandatory access control,and role-based access control.We also talk about multilevel access control models,including Bell LaPadula,Biba,Clark. Wilson and B ewer and Nash.In addition to the monly discussed con of logical ac 080 ofthespedialized ept pplications 1oO。SsW08OO1Os1u Chapter 4:Auditing and Accountability We discuss the use of auditing and accountability in this chapter.We talk abou the need to hold others accountable when we provide access to the resources on which our businesses are based,or to personal information of a sensitive nature. We also go over the processes that we carry out in order to ensure that our environment is compliant with the laws,regulations,and policies that bind it, referred to as auditing.In addition,we address the tools that we use to support audit,accountability,and monitoring activities,such as logging and monitoring. Chapter 5:Cryptography In this chapter,we discuss the use of cryptography.We go over the history of uch tools fr om very simple substitution ciphers to the fairly lex electro s tha e used just beforehe e first mod ern computing systems and how they for rm the our m algorithms.We cover the three main categories of cryptographic algorithms: symmetric key cryptography,also known as private key cryptography,asym- metric key cryptography,and hash functions.We also talk about digital signa- tures that can be used to ensure that data has not been altered and certificates that allow us to link a public key to a particular identity.In addition,we cover the mechanisms that we use to protect data at rest,in motion,and,to a certain extent,in use Chapter 6:Operations Security apter Covere onprational security.We talk about the history tional security,which reaches at least as far back as the writings of Sunxvi Introduction Chapter 2: Identification and Authentication In Chapter 2, we cover the security principles of identification and authentica￾tion. We discuss identification as a process by which we assert the identity of a particular party, whether this is true or not. We talk about the use of authen￾tication as the means of validating whether the claim of identity is true. We also cover multifactor authentication and the use of biometrics and hardware tokens to enhance surety in the authentication process. Chapter 3: Authorization and Access Control In this chapter, we discuss the use of authorization and access control. Authorization is the next step in the process that we work through in order to allow entities access to resources. We cover the various access control models that we use when putting together such systems like discretionary access con￾trol, mandatory access control, and role-based access control. We also talk about multilevel access control models, including Bell LaPadula, Biba, Clark￾Wilson, and Brewer and Nash. In addition to the commonly discussed concepts of logical access control, we also go over some of the specialized applications that we might see when looking specifically at physical access control. Chapter 4: Auditing and Accountability We discuss the use of auditing and accountability in this chapter. We talk about the need to hold others accountable when we provide access to the resources on which our businesses are based, or to personal information of a sensitive nature. We also go over the processes that we carry out in order to ensure that our environment is compliant with the laws, regulations, and policies that bind it, referred to as auditing. In addition, we address the tools that we use to support audit, accountability, and monitoring activities, such as logging and monitoring. Chapter 5: Cryptography In this chapter, we discuss the use of cryptography. We go over the history of such tools, from very simple substitution ciphers to the fairly complex electro￾mechanical machines that were used just before the invention of the first mod￾ern computing systems and how they form the basis for many of our modern algorithms. We cover the three main categories of cryptographic algorithms: symmetric key cryptography, also known as private key cryptography, asym￾metric key cryptography, and hash functions. We also talk about digital signa￾tures that can be used to ensure that data has not been altered and certificates that allow us to link a public key to a particular identity. In addition, we cover the mechanisms that we use to protect data at rest, in motion, and, to a certain extent, in use. Chapter 6: Operations Security This chapter covers operational security. We talk about the history of opera￾tional security, which reaches at least as far back as the writings of Sun Tzu