6th Edition

Information Security Management Handbook, Volume 3

Edited By Harold F. Tipton, Micki Krause Nozaki Copyright 2010
    438 Pages 47 B/W Illustrations
    by Auerbach Publications

    Every year, in response to new technologies and new laws in different countries and regions, there are changes to the fundamental knowledge, skills, techniques, and tools required by all IT security professionals. In step with the lightning-quick, increasingly fast pace of change in the technology field, the Information Security Management Handbook, updated yearly, has become the standard on which all IT security programs and certifications are based. It reflects new updates to the Common Body of Knowledge (CBK) that IT security professionals all over the globe need to know.

    Captures the crucial elements of the CBK

    Exploring the ten domains of the CBK, the book explores access control, telecommunications and network security, information security and risk management, application security, and cryptography. In addition, the expert contributors address security architecture and design, operations security, business continuity planning and disaster recovery planning. The book also covers legal regulations, compliance, investigation, and physical security. In this anthology of treatises dealing with the management and technical facets of information security, the contributors examine varied topics such as anywhere computing, virtualization, podslurping, quantum computing, mashups, blue snarfing, mobile device theft, social computing, voting machine insecurity, and format string vulnerabilities.

    Also available on CD-ROM

    Safeguarding information continues to be a crucial concern of all IT professionals. As new risks threaten the security of our systems, it is imperative that those charged with protecting that information continually update their armor of knowledge to guard against tomorrow’s hackers and software vulnerabilities. This comprehensive Handbook, also available in fully searchable CD-ROM format keeps IT professionals abreast of new developments on the security horizon and reinforces timeless concepts, providing them with the best information, guidance, and counsel they can obtain.

    Domain 1 Access Control

    Expanding PKI-Based Access Control Capabilities with Attribute Certificates, A. Golod

    Five Components to Identity Management Systems, K. Castellow

    Security Weaknesses of System and Application Interfaces Used to Process Sensitive Information, S. M. Price

    Domain 2 Telecommunications and Network Security

    Mobile Data Security, G. G. McBride

    Integrated Security through Open Standards: A Path to Enhanced Network Visibility, D. O’Berry

    Web Application Firewalls, G. J. Jahchan

    Botnets, R. M. Slade

    Domain 3 Information Security and Risk


    Collaborating Information Security and Privacy to Create

    Effective Awareness and Training, R. Herold

    Security Information and Event Management (SIEM)

    Technology, E. E. Schultz

    The Insider Threat: A View from The Outside, T. Fitzgerald

    Pod Slurping, B. Rothke

    The USB (Universal Serial Bus) Nightmare:

    Pod Slurping and other High Storage Capacity Portable Device Vulnerabilities, K. F. Belva

    Diary of a Security Assessment: "Put that In Your Pipe and

    Smoke It!", K. M. Shaurette

    NERC Compliance: A Compliance Review, B. G. Pilewski and C. A. Pilewski

    Domain 4 Application Security

    Mashup Security, M. Paul

    Format String Vulnerabilities, M. Paul

    Fast Scanning Worms, P. A. Henry

    Domain 5 Cryptography

    Message Digests, R. S. Poore

    Quantum Computing: The Rise of the Machine, R. Fussell

    Domain 6 Security Architecture & Design

    Information Flow and Covert Channels, S. M. Price

    Securing Data at Rest: From Smart phones to Tapes Defining Data at Rest, S. Chun and L. Kahng

    Domain 7 Operations Security

    Validating Tape Backups, S. Bacik

    Domain 8 Business Continuity Planning and Disaster Recovery Planning

    Determining Business Unit Priorities in Business Continuity Management, K. Henry

    Continuity Program Testing, Maintenance, Training, and

    Awareness, C. Jackson

    Domain 9 Legal Regulations, Compliance, and Investigation

    Bluesnarfing, M. Paul

    Virtualization and Digital Investigations, M. K. Rogers and S. C. Leshney

    Domain 10 Physical Security

    Halon Fire Suppression Systems, C. Hare

    Crime Prevention through Environmental Design, M. E. Krehnke

    Data Center Site Selection and Facility Design Considerations, S. Bacik



    Harold F. Tipton, Micki Krause