Information Security Management Handbook | Volume IV | Harold Tipton |

Book

Information Security Management Handbook

ABSTRACT

The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.

The changes in the technology of information security and the increasing threats to security make a complete and up-to-date understanding of this material essential. Volume 4 supplements the information in the earlier volumes of this handbook, updating it and keeping it current. Organized by the ten domains of the Common Body of Knowledge (CBK) on which the CISSP exam is based, this volume gives you the information you need to understand what makes information secure and how to secure it.

Because the knowledge required to master information security - the CBK - is growing so quickly, there is little duplication of material among the four volumes. As a study guide or resource that you can use on the job, the Information Security Management Handbook, Fourth Edition, Volume 4 is the book you will refer to over and over again.

TABLE OF CONTENTS

part 1|88 pages

Access Control Systems and Methodology

chapter 1|18 pages

It Is All about Control

chapter 2|22 pages

Controlling Ftp: Providing Secured Data Transfers

chapter 3|8 pages

The Case for Privacy

chapter 4|16 pages

Breaking News: The Latest Hacker Attacks and Defenses

chapter 5|22 pages

Counter-Economic Espionage

part 2|148 pages

Telecommunications and Network Security

chapter 6|14 pages

What’s Not So Simple about SNMP?

chapter 7|12 pages

Security for Broadband Internet Access Users

chapter 8|10 pages

New Perspectives on VPNs

chapter 9|26 pages

An Examination of Firewall Architectures

chapter 10|12 pages

Deploying Host-Based Firewalls across the Enterprise: A Case Study

chapter 11|8 pages

Overcoming Wireless LAN Security Vulnerabilities

chapter 12|16 pages

Voice Security

chapter 13|20 pages

Secure Voice Communications (Vol)

chapter 14|14 pages

Packet Sniffers: Use and Misuse

chapter 15|12 pages

ISPs and Denial-of-Service Attacks

part |236 pages

Domain 3 Security Management Practices

chapter 16|24 pages

The Human Side of Information Security

chapter 17|12 pages

Security Management

chapter 18|22 pages

The Common Criteria for IT Security Evaluation

chapter 19|16 pages

The Security Policy Life Cycle: Functions and Responsibilities

chapter 20|12 pages

Security Assessment

chapter 21|16 pages

Evaluating the Security Posture of an Information Technology Environment: The Challenges of Balancing Risk, Cost, and Frequency of Evaluating Safeguards

chapter 22|24 pages

Cyber-Risk Management: Technical and Insurance Controls for Enterprise-Level Security

chapter 23|18 pages

How to Work with a Managed Security Service Provider

chapter 24|22 pages

Considerations for Outsourcing Security

chapter 25|10 pages

Roles and Responsibilities of the Information Systems Security Officer

chapter 26|26 pages

Information Protection: Organization, Roles, and Separation of Duties

chapter 27|20 pages

Organizing for Success: Some Human Resources Issues in Information Security

chapter 28|12 pages

Ownership and Custody of Data

part |143 pages

Domain 4 Application Program Security

chapter 29|10 pages

Application Security

chapter 30|24 pages

Certification and Accreditation Methodology

chapter 31|31 pages

A Framework for Certification Testing

chapter 32|24 pages

Malicious Code: The Threat, Detection, and Protection

chapter 33|51 pages

Malware and Computer Viruses

part 5|63 pages

Domain 5: Cryptography

chapter 34|8 pages

Steganography: The Art of Hiding Messages

chapter 35|26 pages

An Introduction to Cryptography

chapter 36|12 pages

Hash Algorithms: From Message Digests to Signatures

chapter 37|15 pages

PKI Registration

part 6|65 pages

Domain 6 Computer, System, and Security Architecture

chapter 38|16 pages

Security Infrastructure: Basics of Intrusion Detection Systems

chapter 39|20 pages

Firewalls, Ten Percent of the Solution: A Security Architecture Primer

chapter 40|26 pages

The Reality of Virtual Computing

part 7|14 pages

Operations Security

chapter 41|12 pages

Directory Security

part Domain 8|30 pages

Business Continuity Planning

chapter 42|14 pages

The Changing Face of Continuity Planning

chapter 43|14 pages

Business Continuity Planning: A Collaborative Approach

part 9|110 pages

Domain 9 Law, Investigation, and Ethics

chapter 44|8 pages

Liability for Lax Computer Security in DDoS Attacks

chapter 45|16 pages

HIPAA201: A Framework Approach to HIPAA Security Readiness

chapter 46|26 pages

The International Dimensions of Cyber-Crime

A Look at the Council of Europe’s Cyber-Crime Convention and the Need for an International Regime to Fight Cyber-Crime

chapter 47|14 pages

Reporting Security Breaches

chapter 48|17 pages

Incident Response Management

chapter 49|16 pages

Managing the Response to a Computer Security Incident

chapter 50|10 pages

Cyber-Crime: Response, Investigation, and Prosecution

part 10|58 pages

Physical Security

chapter 51|14 pages

Computing Facility Physical Security

chapter 52|12 pages

Closed-Circuit Television and Video Surveillance

chapter 53|30 pages

Physical Security: The Threat after September 11