Information Security Management Handbook, Volume 3: 6th Edition (Hardback) book cover

Information Security Management Handbook, Volume 3

6th Edition

Edited by Harold F. Tipton, Micki Krause

Auerbach Publications

392 pages | 47 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781420090925
pub: 2009-06-24
SAVE ~$27.00
eBook (VitalSource) : 9780429116018
pub: 2009-06-24
from $28.98

FREE Standard Shipping!


Every year, in response to new technologies and new laws in different countries and regions, there are changes to the fundamental knowledge, skills, techniques, and tools required by all IT security professionals. In step with the lightning-quick, increasingly fast pace of change in the technology field, the Information Security Management Handbook, updated yearly, has become the standard on which all IT security programs and certifications are based. It reflects new updates to the Common Body of Knowledge (CBK) that IT security professionals all over the globe need to know.

Captures the crucial elements of the CBK

Exploring the ten domains of the CBK, the book explores access control, telecommunications and network security, information security and risk management, application security, and cryptography. In addition, the expert contributors address security architecture and design, operations security, business continuity planning and disaster recovery planning. The book also covers legal regulations, compliance, investigation, and physical security. In this anthology of treatises dealing with the management and technical facets of information security, the contributors examine varied topics such as anywhere computing, virtualization, podslurping, quantum computing, mashups, blue snarfing, mobile device theft, social computing, voting machine insecurity, and format string vulnerabilities.

Also available on CD-ROM

Safeguarding information continues to be a crucial concern of all IT professionals. As new risks threaten the security of our systems, it is imperative that those charged with protecting that information continually update their armor of knowledge to guard against tomorrow’s hackers and software vulnerabilities. This comprehensive Handbook, also available in fully searchable CD-ROM format keeps IT professionals abreast of new developments on the security horizon and reinforces timeless concepts, providing them with the best information, guidance, and counsel they can obtain.

Table of Contents

Domain 1 Access Control

Expanding PKI-Based Access Control Capabilities with Attribute Certificates, A. Golod

Five Components to Identity Management Systems, K. Castellow

Security Weaknesses of System and Application Interfaces Used to Process Sensitive Information, S. M. Price

Domain 2 Telecommunications and Network Security

Mobile Data Security, G. G. McBride

Integrated Security through Open Standards: A Path to Enhanced Network Visibility, D. O’Berry

Web Application Firewalls, G. J. Jahchan

Botnets, R. M. Slade

Domain 3 Information Security and Risk


Collaborating Information Security and Privacy to Create

Effective Awareness and Training, R. Herold

Security Information and Event Management (SIEM)

Technology, E. E. Schultz

The Insider Threat: A View from The Outside, T. Fitzgerald

Pod Slurping, B. Rothke

The USB (Universal Serial Bus) Nightmare:

Pod Slurping and other High Storage Capacity Portable Device Vulnerabilities, K. F. Belva

Diary of a Security Assessment: "Put that In Your Pipe and

Smoke It!", K. M. Shaurette

NERC Compliance: A Compliance Review, B. G. Pilewski and C. A. Pilewski

Domain 4 Application Security

Mashup Security, M. Paul

Format String Vulnerabilities, M. Paul

Fast Scanning Worms, P. A. Henry

Domain 5 Cryptography

Message Digests, R. S. Poore

Quantum Computing: The Rise of the Machine, R. Fussell

Domain 6 Security Architecture & Design

Information Flow and Covert Channels, S. M. Price

Securing Data at Rest: From Smart phones to Tapes Defining Data at Rest, S. Chun and L. Kahng

Domain 7 Operations Security

Validating Tape Backups, S. Bacik

Domain 8 Business Continuity Planning and Disaster Recovery Planning

Determining Business Unit Priorities in Business Continuity Management, K. Henry

Continuity Program Testing, Maintenance, Training, and

Awareness, C. Jackson

Domain 9 Legal Regulations, Compliance, and Investigation

Bluesnarfing, M. Paul

Virtualization and Digital Investigations, M. K. Rogers and S. C. Leshney

Domain 10 Physical Security

Halon Fire Suppression Systems, C. Hare

Crime Prevention through Environmental Design, M. E. Krehnke

Data Center Site Selection and Facility Design Considerations, S. Bacik


About the Originator


About the Series

(ISC)2 Press

Learn more…

Subject Categories

BISAC Subject Codes/Headings:
COMPUTERS / Information Technology
COMPUTERS / Security / General