Information Security Management Handbook, Sixth Edition

Front Cover
CRC Press, May 14, 2007 - Business & Economics - 3280 pages

Considered the gold-standard reference on information security, the Information Security Management Handbook provides an authoritative compilation of the fundamental knowledge, skills, techniques, and tools required of today's IT security professional. Now in its sixth edition, this 3200 page, 4 volume stand-alone reference is organized under the CISSP Common Body of Knowledge domains and has been updated yearly. Each annual update, the latest is Volume 6, reflects the changes to the CBK in response to new laws and evolving technology.

 

Contents

INFORMATION SECURITY AND RISK
4
Corporate Governance
35
Top Management Support Essential for Effective Information
51
Information Security for Mergers and Acquisitions
67
Information Security Governance
89
or Security Council Critical Success Factors
105
Validating Your Business Partners
123
Measuring ROI on Security
133
Cryptographic Key Management Concepts
1067
Message Authentication
1079
Fundamentals of Cryptography and Encryption
1095
The Art of Hiding Messages
1115
An Introduction to Cryptography
1121
From Message Digests to Signatures
1141
A Look at the Advanced Encryption Standard AES
1151
Principles and Applications of Cryptographic Key Management
1159

The Human Side of Information Security
139
Security Management
155
It Is All about Control
165
2 Change Control Management
179
The Process
185
Charting the Course for
201
3 Data Classification
221
Ownership and Custody of Data
233
4 Risk Management
243
Developing and Conducting a Security Test and Evaluation
251
Enterprise Security Management Program
261
Management Model
271
The Role of Information Security in the Enterprise Risk
281
A Matter of Trust
295
Trust Governance in a Web Services World
311
Risk Management and Analysis
321
New Trends in Information Risk Management
331
Technical and Insurance Controls
339
5 Policies Standards Procedures and Guidelines
355
Encouraging Personal Accountability
367
Functions
377
A Winning
389
Building an Effective Privacy Program
401
Preventing
415
Ten Steps to Effective WebBased Security Policy
427
Security Officer
443
Some Human Resources Issues
451
Information Security Policies from the Ground
465
Policy Development
475
Training Your Employees to Identify Potential Fraud and How
499
6 Security Awareness Training
521
Maintaining Managements Commitment
531
Making Security Awareness Happen
541
It Is Time
555
7 Security Management Planning
567
Make Security Part of Your Companys DNA
579
Building an Effective and Winning Security Team
591
Moving Your Development
607
Selling Management
625
How to Work with a Managed Security Service Provider
631
Considerations for Outsourcing Security
643
The Ethical and Legal Concerns of Spyware
659
8 Ethics
673
Computer Ethics
685
1 Access Control Techniques
699
New Emerging Information Security Technologies and Solutions
707
Sensitive or Critical Data Access Controls
739
An Introduction to RoleBased Access Control
751
Smart Cards
765
A Guide to Evaluating Tokens
775
Providing Secured Data Transfers
785
Deciding
803
Benefits and Challenges
823
Passwords and Policy
843
3 Identification and Authentication Techniques
869
Single SignOn for the Enterprise
887
4 Access Control Methodologies and Implementation
909
An Introduction to Secure Remote Access
923
5 Methods of Attack
935
A New Breed of Hacker Tools and Defenses
951
Hacker Atacks and Defenses
965
CounterEconomic Espionage
977
6 Monitoring and Penetration Testing
993
1 Use of Cryptography
1021
3 Private Key Algorithms
1022
Cryptographic Transitions
1029
Blind Detection of Steganographic Content in Digital Images
1039
An Overview of Quantum Cryptography
1045
Delivering HighPerformance
1059
4 Public Key Infrastructure PKI
1175
PKI Registration
1183
5 System Architecture for Implementing Cryptographic
1189
Implementing Kerberos in Distributed Systems
1197
6 Methods of Attack
1255
PHYSICAL ENVIRONMENTAL SECURITY
1271
Melding Physical Security and Traditional Information Systems
1289
A Foundation for Information Security
1317
Controlled Access and Layered Defense
1327
Computing Facility Physical Security
1339
2 Technical Controls
1357
The Threat after September 11 2001
1373
SECURITY ARCHITECTURE AND DESIGN
1393
System
1395
Common Models for Architecting an Enterprise Security
1413
The Reality of Virtual Computing
1431
Formulating an Enterprise Information
1451
Security Architecture and Models
1469
The Common Criteria for IT Security Evaluation
1487
Common System Design Flaws and Security Issues
1501
BUSINESS CONTINUITY PLANNING
1511
Building Maintenance Processes for Business Continuity Plans
1529
Identifying Critical Business Functions
1541
Selecting the Right Business Continuity Strategy
1549
Contingency Planning Best Practices and Program Maturity
1557
Reengineering the Business Continuity Planning Process
1573
The Role of Continuity Planning in the Enterprise Risk
1587
2 Disaster Recovery Planning
1601
The Business Impact Assessment Process and the Importance
1611
Testing Business Continuity and Disaster Recovery Plans
1629
Restoration Component of Business Continuity Planning
1645
A Case History
1655
3 Elements of Business Continuity Planning
1675
TELECOMMUNICATIONS AND NETWORK
1695
The Five Ws and Designing a Secure IdentityBased
1709
Closing the Back Door
1731
TLS
1751
Understanding SSL
1777
Packet Sniffers and Network Monitors
1791
Secured Connections to External Networks
1811
Security and Network Technologies
1827
Network Router Security
1855
Whats Not So Simple about SNMP?
1867
Security from
1879
Security and the Physical Network Layer
1895
Wireless LAN Security Challenge
1903
ISOOSI and TCPIP Network Model Characteristics
1917
2 Internet Intranet Extranet Security
1929
An Examination of Firewall Architectures
1941
Voice over WLAN
1997
How To Deal with Junk EMail
2007
Holes and Fillers
2013
IPSec Virtual Private Networks
2025
Securing the Perimeter
2051
ApplicationLayer Security Protocols for Networks
2061
Next Level of Security
2073
An Introduction to IPSec
2093
VPN Deployment and Evaluation Strategy
2103
Comparing Firewall Technologies
2123
What They Are and How They Work
2133
Security for Broadband Internet Access Users
2143
3 Email Security
2151
4 Secure Voice Communications
2169
Secure Voice Communications Vol
2181
5 Network Attacks and Countermeasures
2195
Case Study and Countermeasures
2203
Defenses against Communications
2213
Insecurity by Proxy
2229
Copyright

Other editions - View all

Common terms and phrases

Bibliographic information