Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 6 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2(R) CISSP Common Body of Knowledge (CBK(R)), this volume features new information on advanced persistent threats, HIPAA requirements, social networks, virtualization, and SOA. Its comprehensive coverage touches on all the key areas IT security professionals need to know, including: Access Control: Technologies and administration including the requirements of current laws Telecommunications and Network Security: Addressing the Internet, intranet, and extranet Information Security and Risk Management: Organizational culture, preparing for a security audit, and the risks of social media Application Security: Ever-present malware threats and building security into the development process Security Architecture and Design: Principles of design including zones of trust Cryptography: Elliptic curve cryptosystems, format-preserving encryption Operations Security: Event analysis Business Continuity and Disaster Recovery Planning: Business continuity in the cloud Legal, Regulations, Compliance, and Investigation: Persistent threats and incident response in the virtual realm Physical Security: Essential aspects of physical security The ubiquitous nature of computers and networks will always provide the opportunity and means to do harm. This edition updates its popular predecessors with the information you need to address the vulnerabilities created by recent innovations such as cloud computing, mobile banking, digital wallets, and near-field communications. This handbook is also available on CD.
| ISBN | 1439893136 | | Pages | 504 | | ISBN13 | 9781439893135
(What's this?) | | Weight (grammes) | 1126 | | Publisher | Taylor & Francis Ltd | | Published in | London | | Imprint | Auerbach Publishers Inc. | | Previous ISBN | 9781439853450 | | Format | Hardback | | Height (mm) | 254 | | Publication date | 05 Apr 2012 | | Width (mm) | 178 | | DEWEY | 658.472 | | Spine width (mm) | 33 | | DEWEY edition | DC23 | | Academic level | Postgraduate |
|
|
|
Access Control Access Control Techniques Access Control Administration Methods of Attack Telecommunications & Network Security Communications & Network Security Internet, Intranet, Extranet Security Network Attacks & Countermeasures Information Security & Risk Management Security Management Concepts & Principles Policies, Standards, Procedures & Guidelines Risk Management Security Management Planning Employment Policies & Practices Application Security Application Issues System Development Controls Malicious Code Methods of Attack Cryptography Crypto Concepts, Methodologies & Practices Security Architecture & Design Principles of Computer & Network Organizations, Architectures & Designs Operations Security Operations Controls Resource Protection Requirements Business Continuity Planning & Disaster Recovery Planning Business Continuity Planning Disaster Recovery Planning Legal, Regulations, Compliance & Investigation Information Law Major Categories of Computer Crime Incident Handling Physical Security
DOMAIN 1: ACCESS CONTROL Access Control Administration What Business Associates Need to Know About Protected Health Information Under HIPAA and HITECH; Rebecca Herold DOMAIN 2: TELECOMMUNICATIONS AND NETWORK SECURITY Internet, Intranet, Extranet Security E-mail Security; Terence Fernandes DOMAIN 3: INFORMATION SECURITY AND RISK MANAGEMENT Security Management Concepts and Principles Appreciating Organizational Behavior and Institutions to Solidify Your Information Security Program; Robert Pittman Risk Management The Information Security Auditors Have Arrived, Now What?; Todd Fitzgerald Continuous Monitoring: Extremely Valuable to Deploy Within Reason; Foster J. Henderson and Mark A. Podracky Social Networking; Sandy Bacik Insider Threat Defense; Sandy Bacik Risk Management in Public Key Certificate Applications; Alex Golod Server Virtualization: Information Security Considerations; Thomas A. Johnson Security Management Planning Security Requirements Analysis; Sean M. Price CERT Resilience Management Model: An Overview; Bonnie A. Goins Pilewski and Christopher Pilewski Managing Bluetooth Security; E. Eugene Schultz, Matthew W. A. Pemble, and Wendy Goucher Employment Policies and Practices Slash and Burn: In Times of Recession, Do Not Let Emotions Drive Business Decisions; Seth Kinnett A "Zero Trust" Model for Security; Ken Shaurette and Thomas J. Schleppenbach DOMAIN 4: APPLICATION DEVELOPMENT SECURITY System Development Controls Application Whitelisting; Georges Jahchan Design of Information Security for Large System Development Projects; James C. Murphy Building Application Security Testing into the Software Development Life Cycle; Sandy Bacik Malicious Code Twenty-Five (or Forty) Years of Malware History; Robert M. Slade DOMAIN 5: CRYPTOGRAPHY Cryptographic Concepts, Methodologies, and Practices Format Preserving Encryption; Ralph Spencer Poore Elliptic Curve Cryptosystems; Jeff Stapleton Pirating the Ultimate Killer APP: Hacking Military Unmanned Aerial Vehicles; Sean P. Mcbride DOMAIN 6: SECURITY ARCHITECTURE AND DESIGN Principles of Computer and Network Organizations, Architectures, and Designs Service-Oriented Architecture; Walter B. Williams Cloud Security; Terry Komperda Enterprise Zones of Trust; Sandy Bacik DOMAIN 7: OPERATIONS SECURITY: OPERATIONS CONTROLS Complex Event Processing for Automated Security Event Analysis; Rob Shein Records Management; Sandy Bacik DOMAIN 8: BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Business Continuity Planning Data Backup Strategies: Traditional Versus Cloud: Carl B. Jackson DOMAIN 9: LEGAL, REGULATIONS, COMPLIANCE, AND INVESTIGATIONS Major Categories of Computer Crime Managing Advanced Persistent Threats; Eugene Schultz and Cuc Du Incident Handling Virtualization Forensics; Paul A. Henry DOMAIN 10: PHYSICAL (ENVIRONMENTAL) SECURITY Elements of Physical Security Terrorism: An Overview; Frank Bolz, Kenneth J. Dudonis, and David P. Schulz Technical Controls Countermeasure Goals and Strategies; Thomas L. Norman Index
Be the first to write a
customer review
Enlarge
