Information Security and Auditing in the Digital Age

A Managerial and Practical Perspective

General Book Information

Amjad Umar, Ph.D.
NGE solutions
Includes glossary of terms and index
Publication Date:
December 2003 Edition (Revised: AUG 2004)
Number of Pages:
440 pages

Book Objectives and Salient Features

The objective of this book is to provide a practical and managerial perspective on the information security issues vital in this digital age. The topics discussed include:

  • Management issues of policies, procedures, risks, controls, and requirements.
  • Practical review of security technologies such as cryptography, authentication, authorization, non-repuduation, and commercially available security packages (PKI, PGP, Kerberos, SSL, VPN)
  • Securing wireless and wired networks by using the security technologies.
  • Securing applications, databases, and platforms by using the security technologies.
  • Examination of security risks associated with newer areas such as e-business, mobile applications, XML and Web Services, wireless communications, and application server.
  • Audits and controls for continued secure operations.
  • A methodology that puts all of the above into a procedure.

The salient features of this classroom tested book are:

  1. Broad coverage of recent and relevant topics such as the following based on a systems approach to security:
    • Wireless security that includes Wi-Fi security, cellular network security, satellite security, wireless home networking security, and wireless middleware security.
    • Semantic Web security with a discussion of XML security.
    • Web Services security, SAML (Security Assertion Markup Language) and .NET security.
    • Internet security (Public Internet, Intranet, Extranet), firewalls, remote access and perimeter security.
    • Application and database security with emphasis on modern issues such as e-commerce and mobile application security.
  2. A systematic approach to build total systems solutions that combine policies, procedures, risk analysis, threat assessment through attack trees, honeypots, and commercially available security packages to secure the IT assets (applications, databases, hosts) as well as the paths (the network) to these assets.
  3. Discussion of security technologies (cryptography), authentication, authorization, accountability and availability with emphasis on intrusion detection, intrusion tolerance, and non-repudiation.
  4. Discussion of how audits and controls can be used for continued compliance to a solution after deployment.
  5. Case study orientation with numerous real-life examples and a single case study that is developed throughout to clarify and illustrate key points.
  6. A mixture of management and technical issues for a balanced coverage of the topics.
  7. Complete instructor materials (PowerPoint slides, course outline, project assignments) to support an academic or industrial course.

Table of Contents

    • Chapter 1: Information Security in the Digital Age -- An Overview
    • Chapter 2: Security Management: Polices, Requirements, and Organizational Issues
    • Chapter 3: A Systematic Methodology: Tying People, Processes, and Technologies

    • Chapter 4: Cryptography and Encryption
    • Chapter 5: Authorization, Authentication, Accountability, and Availability Technologies - The 4As
    • Chapter 6: Common Security Packages: PKI, VPN, SSL, PGP and Kerberos

    • Chapter 7: Overview of IT Assets in Modern Digital Enterprises
    • Chapter 8: Network Security, Internet Security, and Firewalls
    • Chapter 9: Wireless Security: Wifi, Cellular and Satellite Security

    • Chapter 10: Web, Semantic Web, and XML Security
    • Chapter 11: Modern Distributed Platform, Web Services and .NET Security
    • Chapter 12: Application Security: Protecting e-Commerce and Mobile Applications
    • Chapter 13: Audits and Controls for Security
    • Chapter 14: Security Policies for Audits and Controls
    • Chapter 15: Sample Audit and Control Checklist
    • Chapter 16: Building a Security Solution – The Wrap-up

Look inside the Book

  • Preface
  • Suggested use in Courses
  • Glossary of Terms
  • Detailed Table of Contents
  • Chapter 1: Information Security in the Digital Age -- An Overview (35 pages)

Click here to download Zip of PDF Files

Free Download

Downloads of the text chapters (e-book version)

You can download chapters of this book by clicking on the following links.

Appendix B: Closer Look at Physical Wireless Communications

Click here to download the Appendices

Free Download

Tutorials on Special Topics -- Free

  • Chapter 1: Network Technologies - A Tutorial
  • Chapter 2: Object-Orientation, Java, and UML - A Tutorial
  • Chapter 3: Database Technologies and SQL - A Tutorial
  • Chapter 8: e-Commerce Platforms and Distributed Transaction Management (Detailed)

Click here to download Zip File.

Free Download

How To Purchase This Book

You can buy this book only as paperbacks from online booksellers such as, Barnes and Noble, etc.

To buy paperback version from Amazon, for example, go to and type ‘Amjad Umar’ under "Books" menu. It will list all of my books. Pick and buy the one(s) you need by using the regular Amazon system.

Buying Through Other Means:
If you do not have a credit card, want to pay by check, or by other means, send email to and make a suggestion. You will find the publisher quite accommodating.
In case of problems:
Send email to Indicate "Book" in the subject title of your email.