Information Security Management Handbook, Volume 4: 6th Edition (Hardback) book cover

Information Security Management Handbook, Volume 4

6th Edition

Edited by Harold F. Tipton, Micki Krause Nozaki

Auerbach Publications

529 pages | 126 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781439819029
pub: 2010-06-22
$160.00
x
eBook (VitalSource) : 9780429146084
pub: 2010-06-22
from $28.98


FREE Standard Shipping!

Description

Every year, in response to advancements in technology and new laws in different countries and regions, there are many changes and updates to the body of knowledge required of IT security professionals. Updated annually to keep up with the increasingly fast pace of change in the field, the Information Security Management Handbook is the single most comprehensive and up-to-date resource on information security and assurance.

Providing an up-to-date compilation of the fundamental skills, techniques, tools, and understanding required of IT security professionals, the Information Security Management Handbook, Sixth Edition, Volume 4 reflects the latest changes to information security and the CISSP® Common Body of Knowledge (CBK®). This edition updates the benchmark Volume 1 with a wealth of new information on mobile device security, adaptive threat defense, Web 2.0, virtualization, data leakage, and governance. New material also addresses risk management, business continuity planning, disaster recovery planning, and cryptography.

As the risks that threaten the security of our systems continue to evolve, it is imperative that those charged with protecting that information stay ahead of the curve. Also available in a fully searchable CD-ROM format, this comprehensive resource provides the up-to-date understanding required to keep you abreast of the latest developments, new vulnerabilities, and possible threats.

Reviews

As a compendium of knowledge from recognized experts on information security, this book contains a wealth of information for security practitioners. It is a compilation of several important topics that are relevant to information security. As practitioner references go, this book is one that an information security practitioner should take notice of, since it touches on a number of timely information security topics and blends the practices of security with business.

The book organizes the information security topics into ten domains, which various authors then cover. As the publisher's site states, the collection as a whole provides a ‘compilation of the fundamental knowledge, skills, techniques, and tools required of information technology (IT) security professionals.’ The ten domains are:

Domain 1: Access Control

Domain 2: Telecommunications and Network Security

Domain 3: Information Security and Risk Management

Domain 4: Application Security

Domain 5: Cryptography

Domain 6: Security Architecture and Design

Domain 7: Operations Security

Domain 8: Business Continuity Planning and Disaster Recovery Planning

Domain 9: Law, Regulations, Compliance, and Investigation

Domain 10: Physical Security

Though all of the topics are interesting, from the perspective of emerging trends and technologies, the most interesting chapters are ‘Managing Mobile Device Security,’ ‘Best Practices in Virtualization Security,’ ‘A Brief Summary of Warfare and Commercial Entities,’ and ‘Cyberstalking.’ These four chapters resonate most with information security practitioners because each of these topics takes the form of a trend that occurs increasingly in both the news and in trade journals.

I recommend this book, not only to information security practitioners but also to managers, executives, attorneys, risk managers, and technology operators. The book covers a significant number of important topics that are both timely and relevant to the contemporary practices one finds in daily life when performing a security duty within the discipline of information security.

—Eric W. Yocam in Computing Reviews, July 2011

Table of Contents

DOMAIN 1: ACCESS CONTROL

Access Control Administration

Back to the Future, Paul A. Henry

DOMAIN 2: TELECOMMUNICATIONS AND NETWORK SECURITY

Communications and Network Security

Adaptive Threats and Defenses, Sean Price

Achieving Global Information Systems Transformation (GIST) through Standards: Foundations for Standards-Based Network Visibility via IF-MAP and Beyond, David O'Berry

A Primer on De-mystifying US Government Networks, Samuel Chun, CISSP

Network Attacks and Countermeasures

Anti-spam: Bayesian Filtering, George Jahchan

DOMAIN 3: INFORMATION SECURITY AND RISK MANAGEMENT

Security Management Concepts and Principles

Measuring Information Security and Privacy Training and Awareness Effectiveness, Rebecca Herold

Managing Mobile Device Security, E. Eugene Schultz and Gal Shpantzer

Establishing an Information Security Program for Local Government, Robert Pittman

Policies, Standards, Procedures and Guidelines

A Business Case for ISO 27001 Certification, Tom Carlson and Robert Forbes

Achieving PCI DSS Compliance: A Compliance Review, Bonnie Goins Pilewski and Christopher A. Pilewski

Risk Management

Leveraging IT Control Frameworks for Compliance, Todd Fitzgerald, CISSP, CISA, CISM, ISO27000, CGEIT

Rats in the Cellar and Bats in the Attic, Not Enough Depth to My Security, Ken Shaurette

The Outsourcing of IT: Seeing the Big Picture, Foster Henderson

Understanding Information Risk Management, Tom Carlson and Nick Halvorson

The Sarbanes-Oxley Revolution: Hero or Hindrance? Seth Kinnett

DOMAIN 4: APPLICATION SECURITY

System Development Controls

Data Loss Prevention Program, Powell Hamilton

Data Reliability: Trusted Time Stamps, Jeff Stapleton

Security in the.NET Framework, James D. Murray

DOMAIN 5: CRYPTOGRAPHY

Crypto Concepts, Methodologies and Practices

Cryptography: A Unifying Principle in Compliance Programs, Ralph Spencer Poore

DOMAIN 6: SECURITY ARCHITECTURE & DESIGN

Principles of Computer and Network Organizations, Architectures and Designs

Best Practices in Virtualization Security, Shanit Gupta

Everything New Is Old Again, Robert M. Slade

DOMAIN 7: OPERATIONS SECURITY

Operations Controls

A Brief Summary of Warfare and Commercial Entities, Rob Shein

Information Destruction Requirements and Techniques, Ben Rothke

DOMAIN 8: BUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY PLANNING

Business Continuity Planning

Integrated Business Continuity Planning, James Murphy

CERT/BERT: Community and Business Emergency Response, Carl Jackson

DOMAIN 9: LEGAL, REGULATIONS, COMPLIANCE AND INVESTIGATION

Major Categories of Computer Crime

Cyberstalking, Micki Krause

Incident Handling

Is Software Write Blocking a Viable Alternative to Hardware Write Blocking in Computer Forensics? Paul A. Henry

DOMAIN 10: PHYSICAL SECURITY

Elements of Physical Security

Protection of Sensitive Data, Sandy Bacik

Water Leakage and Flooding, Sandy Bacik

Site Selection and Facility Design Considerations, Sandy Bacik

An Overview of IP-based Video Surveillance, Leo Kahng

About the Editors

Contributor

Harold F. Tipton, HFT Associates, Villa Park, California, USA

Micki Krause Nozaki, Pacific Life Insurance Company, Newport Beach, California, USA

Subject Categories

BISAC Subject Codes/Headings:
BUS073000
BUSINESS & ECONOMICS / Commerce
COM032000
COMPUTERS / Information Technology
COM053000
COMPUTERS / Security / General