Information Security Management Handbook, Sixth EditionConsidered the gold-standard reference on information security, the Information Security Management Handbook provides an authoritative compilation of the fundamental knowledge, skills, techniques, and tools required of today's IT security professional. Now in its sixth edition, this 3200 page, 4 volume stand-alone reference is organized under the CISSP Common Body of Knowledge domains and has been updated yearly. Each annual update, the latest is Volume 6, reflects the changes to the CBK in response to new laws and evolving technology. |
Contents
INFORMATION SECURITY AND RISK | 4 |
Corporate Governance | 35 |
Top Management Support Essential for Effective Information | 51 |
Information Security for Mergers and Acquisitions | 67 |
Information Security Governance | 89 |
or Security Council Critical Success Factors | 105 |
Validating Your Business Partners | 123 |
Measuring ROI on Security | 133 |
Cryptographic Key Management Concepts | 1067 |
Message Authentication | 1079 |
Fundamentals of Cryptography and Encryption | 1095 |
The Art of Hiding Messages | 1115 |
An Introduction to Cryptography | 1121 |
From Message Digests to Signatures | 1141 |
A Look at the Advanced Encryption Standard AES | 1151 |
Principles and Applications of Cryptographic Key Management | 1159 |
The Human Side of Information Security | 139 |
Security Management | 155 |
It Is All about Control | 165 |
2 Change Control Management | 179 |
The Process | 185 |
Charting the Course for | 201 |
3 Data Classification | 221 |
Ownership and Custody of Data | 233 |
4 Risk Management | 243 |
Developing and Conducting a Security Test and Evaluation | 251 |
Enterprise Security Management Program | 261 |
Management Model | 271 |
The Role of Information Security in the Enterprise Risk | 281 |
A Matter of Trust | 295 |
Trust Governance in a Web Services World | 311 |
Risk Management and Analysis | 321 |
New Trends in Information Risk Management | 331 |
Technical and Insurance Controls | 339 |
5 Policies Standards Procedures and Guidelines | 355 |
Encouraging Personal Accountability | 367 |
Functions | 377 |
A Winning | 389 |
Building an Effective Privacy Program | 401 |
Preventing | 415 |
Ten Steps to Effective WebBased Security Policy | 427 |
Security Officer | 443 |
Some Human Resources Issues | 451 |
Information Security Policies from the Ground | 465 |
Policy Development | 475 |
Training Your Employees to Identify Potential Fraud and How | 499 |
6 Security Awareness Training | 521 |
Maintaining Managements Commitment | 531 |
Making Security Awareness Happen | 541 |
It Is Time | 555 |
7 Security Management Planning | 567 |
Make Security Part of Your Companys DNA | 579 |
Building an Effective and Winning Security Team | 591 |
Moving Your Development | 607 |
Selling Management | 625 |
How to Work with a Managed Security Service Provider | 631 |
Considerations for Outsourcing Security | 643 |
The Ethical and Legal Concerns of Spyware | 659 |
8 Ethics | 673 |
Computer Ethics | 685 |
1 Access Control Techniques | 699 |
New Emerging Information Security Technologies and Solutions | 707 |
Sensitive or Critical Data Access Controls | 739 |
An Introduction to RoleBased Access Control | 751 |
Smart Cards | 765 |
A Guide to Evaluating Tokens | 775 |
Providing Secured Data Transfers | 785 |
Deciding | 803 |
Benefits and Challenges | 823 |
Passwords and Policy | 843 |
3 Identification and Authentication Techniques | 869 |
Single SignOn for the Enterprise | 887 |
4 Access Control Methodologies and Implementation | 909 |
An Introduction to Secure Remote Access | 923 |
5 Methods of Attack | 935 |
A New Breed of Hacker Tools and Defenses | 951 |
Hacker Atacks and Defenses | 965 |
CounterEconomic Espionage | 977 |
6 Monitoring and Penetration Testing | 993 |
1 Use of Cryptography | 1021 |
3 Private Key Algorithms | 1022 |
Cryptographic Transitions | 1029 |
Blind Detection of Steganographic Content in Digital Images | 1039 |
An Overview of Quantum Cryptography | 1045 |
Delivering HighPerformance | 1059 |
4 Public Key Infrastructure PKI | 1175 |
PKI Registration | 1183 |
5 System Architecture for Implementing Cryptographic | 1189 |
Implementing Kerberos in Distributed Systems | 1197 |
6 Methods of Attack | 1255 |
PHYSICAL ENVIRONMENTAL SECURITY | 1271 |
Melding Physical Security and Traditional Information Systems | 1289 |
A Foundation for Information Security | 1317 |
Controlled Access and Layered Defense | 1327 |
Computing Facility Physical Security | 1339 |
2 Technical Controls | 1357 |
The Threat after September 11 2001 | 1373 |
SECURITY ARCHITECTURE AND DESIGN | 1393 |
System | 1395 |
Common Models for Architecting an Enterprise Security | 1413 |
The Reality of Virtual Computing | 1431 |
Formulating an Enterprise Information | 1451 |
Security Architecture and Models | 1469 |
The Common Criteria for IT Security Evaluation | 1487 |
Common System Design Flaws and Security Issues | 1501 |
BUSINESS CONTINUITY PLANNING | 1511 |
Building Maintenance Processes for Business Continuity Plans | 1529 |
Identifying Critical Business Functions | 1541 |
Selecting the Right Business Continuity Strategy | 1549 |
Contingency Planning Best Practices and Program Maturity | 1557 |
Reengineering the Business Continuity Planning Process | 1573 |
The Role of Continuity Planning in the Enterprise Risk | 1587 |
2 Disaster Recovery Planning | 1601 |
The Business Impact Assessment Process and the Importance | 1611 |
Testing Business Continuity and Disaster Recovery Plans | 1629 |
Restoration Component of Business Continuity Planning | 1645 |
A Case History | 1655 |
3 Elements of Business Continuity Planning | 1675 |
TELECOMMUNICATIONS AND NETWORK | 1695 |
The Five Ws and Designing a Secure IdentityBased | 1709 |
Closing the Back Door | 1731 |
TLS | 1751 |
Understanding SSL | 1777 |
Packet Sniffers and Network Monitors | 1791 |
Secured Connections to External Networks | 1811 |
Security and Network Technologies | 1827 |
Network Router Security | 1855 |
Whats Not So Simple about SNMP? | 1867 |
Security from | 1879 |
Security and the Physical Network Layer | 1895 |
Wireless LAN Security Challenge | 1903 |
ISOOSI and TCPIP Network Model Characteristics | 1917 |
2 Internet Intranet Extranet Security | 1929 |
An Examination of Firewall Architectures | 1941 |
Voice over WLAN | 1997 |
How To Deal with Junk EMail | 2007 |
Holes and Fillers | 2013 |
IPSec Virtual Private Networks | 2025 |
Securing the Perimeter | 2051 |
ApplicationLayer Security Protocols for Networks | 2061 |
Next Level of Security | 2073 |
An Introduction to IPSec | 2093 |
VPN Deployment and Evaluation Strategy | 2103 |
Comparing Firewall Technologies | 2123 |
What They Are and How They Work | 2133 |
Security for Broadband Internet Access Users | 2143 |
3 Email Security | 2151 |
4 Secure Voice Communications | 2169 |
Secure Voice Communications Vol | 2181 |
5 Network Attacks and Countermeasures | 2195 |
Case Study and Countermeasures | 2203 |
Defenses against Communications | 2213 |
Insecurity by Proxy | 2229 |
Other editions - View all
Information Security Management Handbook, Volume 1 Harold F. Tipton,Micki Krause Limited preview - 2007 |
Common terms and phrases
acceptable access control actions activities administrators application appropriate areas assessment assets audit authentication authority awareness become CISSP communication complete compliance configuration considered continuity corporate cost create critical decision defined determine document e-mail effective employees ensure enterprise environment established evaluation example executive Exhibit existing function governance identify impact implementation important incident individual information security integrity internal Internet involved issues maintain measures monitoring necessary objectives officer operations organization organization's organizational outsourcing patch perform personnel practices prevent problem procedures professionals protection reporting requirements responsibilities risk risk management role security policy server specific standards success technical threats trust understand vulnerability