6th Edition

Information Security Management Handbook, Volume 3




ISBN 9781420090925
Published June 24, 2009 by Auerbach Publications
392 Pages 47 B/W Illustrations

USD $180.00

Prices & shipping based on shipping country


Preview

Book Description

Every year, in response to new technologies and new laws in different countries and regions, there are changes to the fundamental knowledge, skills, techniques, and tools required by all IT security professionals. In step with the lightning-quick, increasingly fast pace of change in the technology field, the Information Security Management Handbook, updated yearly, has become the standard on which all IT security programs and certifications are based. It reflects new updates to the Common Body of Knowledge (CBK) that IT security professionals all over the globe need to know.

Captures the crucial elements of the CBK

Exploring the ten domains of the CBK, the book explores access control, telecommunications and network security, information security and risk management, application security, and cryptography. In addition, the expert contributors address security architecture and design, operations security, business continuity planning and disaster recovery planning. The book also covers legal regulations, compliance, investigation, and physical security. In this anthology of treatises dealing with the management and technical facets of information security, the contributors examine varied topics such as anywhere computing, virtualization, podslurping, quantum computing, mashups, blue snarfing, mobile device theft, social computing, voting machine insecurity, and format string vulnerabilities.

Also available on CD-ROM

Safeguarding information continues to be a crucial concern of all IT professionals. As new risks threaten the security of our systems, it is imperative that those charged with protecting that information continually update their armor of knowledge to guard against tomorrow’s hackers and software vulnerabilities. This comprehensive Handbook, also available in fully searchable CD-ROM format keeps IT professionals abreast of new developments on the security horizon and reinforces timeless concepts, providing them with the best information, guidance, and counsel they can obtain.

Table of Contents

Domain 1 Access Control

Expanding PKI-Based Access Control Capabilities with Attribute Certificates, A. Golod

Five Components to Identity Management Systems, K. Castellow

Security Weaknesses of System and Application Interfaces Used to Process Sensitive Information, S. M. Price

Domain 2 Telecommunications and Network Security

Mobile Data Security, G. G. McBride

Integrated Security through Open Standards: A Path to Enhanced Network Visibility, D. O’Berry

Web Application Firewalls, G. J. Jahchan

Botnets, R. M. Slade

Domain 3 Information Security and Risk

Management

Collaborating Information Security and Privacy to Create

Effective Awareness and Training, R. Herold

Security Information and Event Management (SIEM)

Technology, E. E. Schultz

The Insider Threat: A View from The Outside, T. Fitzgerald

Pod Slurping, B. Rothke

The USB (Universal Serial Bus) Nightmare:

Pod Slurping and other High Storage Capacity Portable Device Vulnerabilities, K. F. Belva

Diary of a Security Assessment: "Put that In Your Pipe and

Smoke It!", K. M. Shaurette

NERC Compliance: A Compliance Review, B. G. Pilewski and C. A. Pilewski

Domain 4 Application Security

Mashup Security, M. Paul

Format String Vulnerabilities, M. Paul

Fast Scanning Worms, P. A. Henry

Domain 5 Cryptography

Message Digests, R. S. Poore

Quantum Computing: The Rise of the Machine, R. Fussell

Domain 6 Security Architecture & Design

Information Flow and Covert Channels, S. M. Price

Securing Data at Rest: From Smart phones to Tapes Defining Data at Rest, S. Chun and L. Kahng

Domain 7 Operations Security

Validating Tape Backups, S. Bacik

Domain 8 Business Continuity Planning and Disaster Recovery Planning

Determining Business Unit Priorities in Business Continuity Management, K. Henry

Continuity Program Testing, Maintenance, Training, and

Awareness, C. Jackson

Domain 9 Legal Regulations, Compliance, and Investigation

Bluesnarfing, M. Paul

Virtualization and Digital Investigations, M. K. Rogers and S. C. Leshney

Domain 10 Physical Security

Halon Fire Suppression Systems, C. Hare

Crime Prevention through Environmental Design, M. E. Krehnke

Data Center Site Selection and Facility Design Considerations, S. Bacik

Index

...
View More

Featured Author Profiles

Author - Harold F.  Tipton
Author

Harold F. Tipton

Independent Consultant, HFT Associates
Los Angeles, CA,

Learn more about Harold F. Tipton »

Author - Todd  Fitzgerald
Contributor

Todd Fitzgerald

Global Director Information Security, Grant Thornton International, Ltd
Oak Brook Terrace, IL, USA

Learn more about Todd Fitzgerald »