Information Security Management Handbook, Volume 7

Domain 1: TELECOMMUNICATIONS AND NETWORK SECURITY
Communications and Network Security
1. Securing the Grid; Terry Komperda
Network Attacks and Countermeasures
2. Attacks in Mobile Environments; Noureddine Boudriga

Domain 2: INFORMATION SECURITY GOVERNANCE AND RISK MANAGEMENT
Security Management Concepts and Principles
3. Security in the Cloud; Sandy Bacik
4. Getting the Best Out of Information Security Projects; Todd Fitzgerald
5. Mobility and Its Impact on Enterprise Security; Prashanth Venkatesh and Balaji Raghunathan
6. An Introduction to Digital Rights Management; Ashutosh Saxena and Ravi Sankar Veerubhotla
7. Information Security on the Cheap; Beau Woods
8. Organizational Behavior (Including Institutions) Can Cultivate Your Information Security Program; Robert K. Pittman, Jr.
9. Metrics for Monitoring; Sandy Bacik
Policies, Standards, Procedures, and Guidelines
10. Security Implications of Bring Your Own Device, IT Consumerization, and Managing User Choices; Sandy Bacik
11. Information Assurance: Open Research Questions and Future Directions; Seth J. Kinnett
Security Awareness Training
12. Protecting Us from Us: Human Firewall Vulnerability Assessments; Ken M. Shaurette and Tom Schleppenbach

Domain 3: APPLICATION DEVELOPMENT SECURITY
Application Issues
13. Service-Oriented Architecture; Walter B. Williams
Systems Development Controls
14. Managing the Security Testing Process; Anthony Meholic
15. Security and Resilience in the Software Development Life Cycle; Mark S. Merkow and Lakshmikanth Raghavan

Domain 4: CRYPTOGRAPHY
Cryptographic Concepts, Methodologies, and Practices
16. Cloud Cryptography; Jeff Stapleton

Domain 5: SECURITY ARCHITECTURE AND DESIGN
Principles of Security Models, Architectures, and Evaluation Criteria
17. Identity and Access Management Architecture; Jeff Crume
18. FedRAMP ^SM: Entry or Exit Ramp for Cloud Security?; Debra S. Herrmann

Domain 6: OPERATIONS SECURITY
Concepts
19. Data Storage and Network Security; Greg Schulz

Domain 7: LEGAL, REGULATIONS, COMPLIANCE, AND INVESTIGATIONS
Information Law
20. National Patient Identifier and Patient Privacy in the Digital Era; Tim Godlove and Adrian Ball
21. Addressing Social Media Security and Privacy Challenges; Rebecca Herold
Investigations
22. What Is Digital Forensics and What Should You Know about It?; Greg Gogolin
23. eDiscovery; David G. Hill
24. Overview of the Steps of the Electronic Discovery Reference Model; David G. Hill
25. Cell Phone Protocols and Operating Systems; Eamon P. Doherty
Major Categories of Computer Crime
26. Hacktivism: The Whats, Whys, and Wherefores; Chris Hare
Compliance
27. PCI Compliance; Tyler Justin Speed
28. HIPAA /HITECH Compliance Overview

Biography

James S. Tiller, CISM, CISA, CISSP, is the Head of Security Consulting, Americas, HP Enterprise Security Services, Hewlett-Packard Company. Formerly Vice President of Security North America for BT Global Services, Jim has provided security solutions for global organizations for the past 20 years. He is the author of the following books published by Auerbach: CISO's Guide to Penetration Testing: A Framework to Plan, Manage, and Maximize Benefits; Adaptive Security Management Architecture; and A Technical Guide to IPSec Virtual Private Networks.

Richard O'Hanley is the Publisher for Information and Communications Technology, Business, and Security at CRC Press. Mr. O'Hanley can be reached at [email protected]