Information Security Management Handbook | Harold F. Tipton, Harold F.

Book

No Image Available

ABSTRACT

This handbook covers the ten domains of the Information Security Common Body of Knowledge. It is designed to empower the security professional and the chief information officer with information such that they can do their duty, protect the information assets of their organizations.

TABLE OF CONTENTS

part I|2 pages

Access Control Systems and Methodology

chapter 1|22 pages

Enhancing Security through Biometric Technology

chapter 2|8 pages

Biometrics: What is New?

chapter 3|22 pages

Controlling FTP: Providing Secured Data Transfers

chapter 4|14 pages

Privacy in the Healthcare Industry

chapter 5|8 pages

The Case for Privacy

chapter 6|24 pages

Biometric Identification

chapter 7|29 pages

Single Sign-On for the Enterprise

chapter 8|16 pages

Centralized Authentication Services (RADIUS, TACACS, DIAMETER)

chapter 9|16 pages

An Introduction to Secure Remote Access

chapter 10|19 pages

Hacker Tools and Techniques

chapter 11|16 pages

A New Breed of Hacker Tools and Defenses

chapter 12|11 pages

Social Engineering: The Forgotten Risk

chapter 13|14 pages

Breaking News: The Latest Hacker Attacks and Defenses

chapter 14|19 pages

Counter-Economic Espionage

chapter 15|17 pages

Penetration Testing

chapter 16|7 pages

Penetration Testing

part II|3 pages

TELECOMMUNICATIONS, NETWORK, AND INTERNET SECURITY

chapter 17|18 pages

Understanding SSL

chapter 18|25 pages

Packet Sniffers and Network Monitors

chapter 19|20 pages

Secured Connections to External Networks

chapter 20|26 pages

Security and Network Technologies

chapter 21|10 pages

Wired and Wireless Physical Layer Security Issues

chapter 22|13 pages

Network Router Security

chapter 23|12 pages

What's Not So Simple About SNMP?

chapter 24|19 pages

Network and Telecommunications Media: Security from the Ground Up

chapter 25|10 pages

Security and the Physical Network Layer

chapter 26|14 pages

Security of Wireless Local Area Networks

chapter 27|14 pages

Securing Wireless Networks

chapter 28|13 pages

Wireless Security Mayhem: Restraining the Insanity of Convenience

chapter 29|19 pages

Wireless LAN Security Challenge

chapter 30|13 pages

ISO/OSI and TCP/IP Network Model Characteristics

chapter 31|12 pages

Enclaves: The Enterprise as an Extranet

chapter 32|33 pages

IPSec Virtual Private Networks

chapter 33|8 pages

Firewalls: An Effective Solution for Internet Security

chapter 34|14 pages

Internet Security: Securing the Perimeter

chapter 35|15 pages

Extranet Access Control Issues

chapter 36|16 pages

Application-Layer Security Protocols for Networks

chapter 37|12 pages

Application Layer: Next Level of Security

chapter 38|13 pages

Security of Communication Protocols and Services

chapter 39|11 pages

An Introduction to IPSec

chapter 40|25 pages

VPN Deployment and Evaluation Strategy

chapter 41|22 pages

How to Perform a Security Review of a Checkpoint Firewall

chapter 42|13 pages

Comparing Firewall Technologies

chapter 43|22 pages

The (In)Security of Virtual Private Networks

chapter 44|12 pages

Cookies and Web Bugs: What They are and How They Work Together

chapter 45|17 pages

Leveraging Virtual Private Networks

chapter 46|7 pages

Wireless LAN Security

chapter 47|10 pages

Security for Broadband Internet Access Users

chapter 48|9 pages

New Perspectives on VPNs

chapter 49|26 pages

An Examination of Firewall Architectures

chapter 50|22 pages

Instant Messaging Security Issues

chapter 51|14 pages

Voice Security

chapter 52|17 pages

Secure Voice Communications (VoI)

chapter 53|14 pages

Packet Sniffers: Use and Misuse

chapter 54|11 pages

ISPs and Denial-of-Service Attacks

part III|2 pages

INFORMATION SECURITY MANAGEMENT

chapter 55|20 pages

The Human Side of Information Security

chapter 56|11 pages

Security Management

chapter 57|6 pages

Measuring ROI on Security

chapter 58|11 pages

Security Patch Management

chapter 59|25 pages

Configuration Management: Charting the Course for the Organization

chapter 60|16 pages

Information Classification: A Corporate Implementation Guide

chapter 61|19 pages

A Matter of Trust

chapter 62|13 pages

Trust Governance in a Web Services World

chapter 63|11 pages

Risk-Management and Analysis

chapter 64|10 pages

New Trends in Information Risk Management

chapter 65|17 pages

Information Security in the Enterprise

chapter 66|23 pages

Managing Enterprise Security Information

chapter 67|36 pages

Risk Analysis and Assessment

chapter 68|11 pages

Security Assessment

chapter 69|22 pages

Cyber-Risk Management: Technical and Insurance Controls for Enterprise-Level Security

chapter 70|28 pages

A Progress Report on the CVE Initiative

chapter 71|8 pages

Roles and Responsibilities of the Information Systems Security Officer

chapter 72|23 pages

Information Protection: Organization, Roles, and Separation of Duties

chapter 73|17 pages

Organizing for Success: Some Human Resources Issues in Information Security

chapter 74|11 pages

Ownership and Custody of Data

chapter 75|15 pages

Hiring Ex-Criminal Hackers

chapter 76|12 pages

Information Security Policies from the Ground Up

chapter 77|29 pages

Policy Development

chapter 78|11 pages

Toward Enforcing Security Policy: Encouraging Personal Accountability for Corporate Information Security Policy

chapter 79|20 pages

The Common Criteria for IT Security Evaluation

chapter 80|12 pages

A Look at the Common Criteria

chapter 81|14 pages

The Security Policy Life Cycle: Functions and Responsibilities

chapter 82|14 pages

Maintaining Management’s Commitment

chapter 83|17 pages

Making Security Awareness Happen

chapter 84|16 pages

Making Security Awareness Happen: Appendices

chapter 85|8 pages

Maintaining Information Security during Downsizing

chapter 86|8 pages

The Business Case for Information Security: Selling Management on the Protection of Vital Secrets and Products

chapter 87|16 pages

How to Work with a Managed Security Service Provider

chapter 88|21 pages

Considerations for Outsourcing Security

chapter 89|17 pages

Outsourcing Security

part IV|1 pages

APPLICATION PROGRAM SECURITY

chapter 90|9 pages

Security Models for Object-Oriented Databases

chapter 91|15 pages

Web Application Security

chapter 92|11 pages

Security for XML and Other Metadata Languages

chapter 93|11 pages

XML and Information Security

chapter 94|8 pages

Application Security

chapter 95|10 pages

Covert Channels

chapter 96|22 pages

Security as a Value Enhancer in Application Systems Development

chapter 97|28 pages

Open Source Versus Closed Source

chapter 98|10 pages

Reflections on Database Integrity

chapter 99|14 pages

Digital Signatures in Relational Database Applications

chapter 100|25 pages

Security and Privacy for Data Warehouses: Opportunity or Threat?

chapter 101|15 pages

Enterprise Security Architecture

chapter 102|22 pages

Certification and Accreditation Methodology

chapter 103|21 pages

System Development Security Methodology

chapter 104|21 pages

A Security-Oriented Extension of the Object Model for the Development of an Information System

chapter 105|9 pages

A Look at Java Security

chapter 106|45 pages

Malware and Computer Viruses

chapter 107|11 pages

Methods of Auditing Applications

part V|2 pages

Cryptography

chapter 108|14 pages

Three New Models for the Application of Cryptography

chapter 109|6 pages

Auditing Cryptography: Assessing System Security

chapter 110|19 pages

Message Authentication

chapter 111|8 pages

Stegnography: The Art of Hiding Messages

chapter 112|23 pages

An Introduction to Cryptography

chapter 113|11 pages

Hash Algorithms: From Message Digests to Signatures

chapter 114|11 pages

A Look at the Advanced Encryption Standard (AES)

chapter 115|19 pages

Principles and Applications of Cryptographic Key Management

chapter 116|8 pages

Preserving Public Key Hierarchy

chapter 117|16 pages

PKI Registration

chapter 118|73 pages

Implementing Kerberos in Distributed Systems

chapter 119|18 pages

Methods of Attacking and Defending Cryptosystems

part VI|3 pages

Enterprise Security Architecture

chapter 120|14 pages

Security Infrastructure: Basics of Intrusion Detection Systems

chapter 121|20 pages

Firewalls, Ten Percent of the Solution: A Security Architecture Primer

chapter 122|24 pages

The Reality of Virtual Computing

chapter 123|7 pages

Overcoming Wireless LAN Security Vulnerabilities

chapter 124|23 pages

Formulating and Enterprise Information Security Architecture

chapter 125|22 pages

Security Architecture and Models

chapter 126|11 pages

Common System Design Flaws and Security Issues

part VII|2 pages

Operations Security

chapter 127|9 pages

Operations: The Center of Support and Control

chapter 128|6 pages

Why Today's Security Technologies are So Inadequate: History, Implications, and New Approaches

chapter 129|23 pages

Physical Access Control

chapter 130|21 pages

Auditing the Electronic Commerce Environment

chapter 131|22 pages

Improving Network-Level Security Through Real-Time Monitoring and Intrusion Detection

chapter 132|18 pages

Intelligent Intrusion Analysis: How Thinking Machines can Recognize Computer Intrusions

chapter 133|11 pages

Directory Security

part VIII|2 pages

Business Continuity Planning

chapter 134|17 pages

Reengineering the Business Continuity Planning Process

chapter 135|13 pages

The Changing Face of Continuity Planning

chapter 136|16 pages

The Role of Continuity Planning in the Enterprise Risk-Management Structure

chapter 137|13 pages

Restoration Component of Business Continuity Planning

chapter 138|14 pages

Business Resumption Planning and Disaster Recovery: A Case History

chapter 139|13 pages

Business Continuity Planning: A Colloborative Approach

chapter 140|21 pages

The Business Impact Assessment Process

part IX|1 pages

LAW, INVESTIGATION, AND ETHICS

chapter 141|11 pages

Jurisdiction Issues in Global Transmissions

chapter 142|8 pages

Liability for Lax Computer Security in DDoS Attacks

chapter 143|23 pages

The Final HIPAA Security Rule is Here! Now What?

chapter 144|18 pages

HIPAA 201: A Framework Approach to HIPAA Security Readiness

chapter 145|20 pages

Computer Crime Investigations: Managing a Process Without any Golden Rules

chapter 146|40 pages

Computer Crime Investigation and Computer Forensics

chapter 147|8 pages

Operational Forensics

chapter 148|5 pages

What Happened?

chapter 149|25 pages

The International Dimensions of Cyber-Crime

chapter 150|8 pages

Honeypot Essentials

chapter 151|19 pages

CIRT: Responding to Attack

chapter 152|15 pages

Incident Response Management

chapter 153|14 pages

Managing the Response to a Computer Security Incident

chapter 154|8 pages

Cyber-Crime: Response, Investigation, and Prosecution

chapter 155|13 pages

Incident Response Exercises

chapter 156|20 pages

Software Forensics

chapter 157|14 pages

Ethics and the Internet

part X|3 pages

Physical Security

chapter 158|14 pages

Physical Security: A Foundation For Information Security

chapter 159|17 pages

Physical Security: Controlled Access and Layered Defense

chapter 160|14 pages

Computing Facility Physical Security

chapter 161|11 pages

Closed-Circuit Television and Video Surveillance

chapter 162|15 pages

Types of Information Security Controls

chapter 163|30 pages

Physical Security: The Threat After September 11, 2001