Information Security Management Handbook, Volume 4

Every year, in response to advancements in technology and new laws in different countries and regions, there are many changes and updates to the body of knowledge required of IT security professionals. Updated annually to keep up with the increasingly fast pace of change in the field, the Information Security Management Handbook is the single most comprehensive and up-to-date resource on information security and assurance.

Providing an up-to-date compilation of the fundamental skills, techniques, tools, and understanding required of IT security professionals, the Information Security Management Handbook, Sixth Edition, Volume 4 reflects the latest changes to information security and the CISSP^®Common Body of Knowledge (CBK^®). This edition updates the benchmark Volume 1 with a wealth of new information on mobile device security, adaptive threat defense, Web 2.0, virtualization, data leakage, and governance. New material also addresses risk management, business continuity planning, disaster recovery planning, and cryptography.

As the risks that threaten the security of our systems continue to evolve, it is imperative that those charged with protecting that information stay ahead of the curve. Also available in a fully searchable CD-ROM format, this comprehensive resource provides the up-to-date understanding required to keep you abreast of the latest developments, new vulnerabilities, and possible threats.

1133035761

Information Security Management Handbook, Volume 4

190.0 In Stock

Information Security Management Handbook, Volume 4

Add to Wishlist

Information Security Management Handbook, Volume 4

Hardcover(6th ed.)

$190.00

View All Available Formats & Editions

Hardcover(6th ed.)
$190.00

View All Available Formats & Editions

SHIP THIS ITEM

In stock. Ships in 1-2 days.
PICK UP IN STORE

Your local store may have stock of this item.

Available within 2 business hours

Want it Today?
Check Store Availability

Related collections and offers

Overview

Product Details

ISBN-13:	9781439819029
Publisher:	Taylor & Francis
Publication date:	06/22/2010
Series:	Information Security Management Handbook , #4
Edition description:	6th ed.
Pages:	530
Product dimensions:	7.20(w) x 10.10(h) x 1.30(d)

About the Author

Harold F. Tipton, HFT Associates, Villa Park, California, USA

Micki Krause Nozaki, Pacific Life Insurance Company, Newport Beach, California, USA

Preface ix

Editors xi

Domain 1 Access Control

Access Control Administration

1 Back to the Future Paul A. Henry 3

Domain 2 Telecommunications and Network Security

Communications and Network Security

2 Adaptive Threats and Defenses Sean M. Price 29

3 Achieving a Global Information Systems Transformation (GIST): Foundations for Infrastructure 2.0 via Standards-Based Interoperability: IF-MAP and Beyond David O'Berry 45

4 A Primer on Demystifying U.S. Government Networks Samuel Chun 59

Network Attacks and Countermeasures

5 Antispam: Bayesian Filtering Georges J. Jahchan 75

Domain 3 Information Security and Risk Management

Security Management Concepts and Principles

6 Measuring Information Security and Privacy Training and Awareness Effectiveness Rebecca Herold 87

7 Managing Mobile Device Security E. Eugene Schultz Gal Shpantzer 107

8 Establishing an Information Security Program for Local Government Robert K. Pittman, Jr. 127

Policies, Standards, Procedures, and Guidelines

9 A Business Case for ISO 27001 Certification Tom Carlson Robert Forbes 141

10 Achieving PCI DSS Compliance: A Compliance Review Bonnie Goins Pilewski Christopher A. Pilewski 149

Risk Management

11 Leveraging IT Control Frameworks for Compliance Todd Fitzgerald 169

12 Rats in the Cellar and Bats in the Attic, "Not Enough Depth to My Security" Ken M. Shaurette 179

13 The Outsourcing of IT: Seeing the Big Picture Foster Henderson 193

14 Understanding Information Risk Management Tom Carlson Nick Halvorson 209

15 The Sarbanes-Oxley Revolution: Hero or Hindrance Seth Kinnett 219

Domain 4 Application Security

System Development Controls

16 Data Loss Prevention Program Powell Hamilton 229

17 Data Reliability: Trusted Time Stamps Jeff Stapleton 245

18 Security in the .NET Framework James D. Murray 259

Domain 5 Cryptography

Crypto Concepts, Methodologies, and Practices

19 Cryptography: A Unifying Principle in Compliance Programs Ralph Spencer Poore 281

Domain 6 Security Architecture and Design

Principles of Computer and Network Organizations, Architectures, and Designs

20 Best Practices in Virtualization Security Shanit Gupta 291

21 Everything New Is Old Again Robert M. Slade 325

Domain 7 Operations Security

Operations Controls

22 A Brief Summary of Warfare and Commercial Entities Rob Shein 335

23 Information Destruction Requirements and Techniques Ben Rothke 347

Domain 8 Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning

24 Integrated Business Continuity Planning James C. Murphy 357

25 CERT/BERT: Community and Business Emergency Response Carl Jackson 397

Domain 9 Law, Regulations, Compliance, and Investigation

Major Categories of Computer Crime

26 Cyberstalking Micki Krause Nozaki 413

Incident Handling

27 Is Software Write Blocking a Viable Alternative to Hardware Write Blocking in Computer Forensics Paul A. Henry 425

Domain 10 Physical Security

Elements of Physical Security

28 Protection of Sensitive Data Sandy Bacik 449

29 Water Leakage and Flooding Sandy Bacik 457

30 Site Selection and Facility Design Considerations Sandy Bacik 463

31 An Overview of IP-Based Video Surveillance Leo Kahng 471

Index 485

Information Security Management Handbook, Sixth Edition: Comprehensive Table of Contents 495

What People are Saying About This

From the Publisher

As a compendium of knowledge from recognized experts on information security, this book contains a wealth of information for security practitioners. It is a compilation of several important topics that are relevant to information security. As practitioner references go, this book is one that an information security practitioner should take notice of, since it touches on a number of timely information security topics and blends the practices of security with business.

The book organizes the information security topics into ten domains, which various authors then cover. As the publisher's site states, the collection as a whole provides a ‘compilation of the fundamental knowledge, skills, techniques, and tools required of information technology (IT) security professionals.’ The ten domains are:

Domain 1: Access Control Domain 2: Telecommunications and Network Security Domain 3: Information Security and Risk Management Domain 4: Application Security Domain 5: Cryptography Domain 6: Security Architecture and Design Domain 7: Operations Security Domain 8: Business Continuity Planning and Disaster Recovery Planning Domain 9: Law, Regulations, Compliance, and Investigation Domain 10: Physical Security

Though all of the topics are interesting, from the perspective of emerging trends and technologies, the most interesting chapters are ‘Managing Mobile Device Security,’ ‘Best Practices in Virtualization Security,’ ‘A Brief Summary of Warfare and Commercial Entities,’ and ‘Cyberstalking.’ These four chapters resonate most with information security practitioners because each of these topics takes the form of a trend that occurs increasingly in both the news and in trade journals.

I recommend this book, not only to information security practitioners but also to managers, executives, attorneys, risk managers, and technology operators. The book covers a significant number of important topics that are both timely and relevant to the contemporary practices one finds in daily life when performing a security duty within the discipline of information security.
—Eric W. Yocam in Computing Reviews, July 2011

From the B&N Reads Blog

Page 1 of

Editorial Reviews

As a compendium of knowledge from recognized experts on information security, this book contains a wealth of information for security practitioners. It is a compilation of several important topics that are relevant to information security. As practitioner references go, this book is one that an information security practitioner should take notice of, since it touches on a number of timely information security topics and blends the practices of security with business.
The book organizes the information security topics into ten domains, which various authors then cover. As the publisher's site states, the collection as a whole provides a ‘compilation of the fundamental knowledge, skills, techniques, and tools required of information technology (IT) security professionals.’ The ten domains are:
Domain 1: Access Control
Domain 2: Telecommunications and Network Security
Domain 3: Information Security and Risk Management
Domain 4: Application Security
Domain 5: Cryptography
Domain 6: Security Architecture and Design
Domain 7: Operations Security
Domain 8: Business Continuity Planning and Disaster Recovery Planning
Domain 9: Law, Regulations, Compliance, and Investigation
Domain 10: Physical Security
Though all of the topics are interesting, from the perspective of emerging trends and technologies, the most interesting chapters are ‘Managing Mobile Device Security,’ ‘Best Practices in Virtualization Security,’ ‘A Brief Summary of Warfare and Commercial Entities,’ and ‘Cyberstalking.’ These four chapters resonate most with information security practitioners because each of these topics takes the form of a trend that occurs increasingly in both the news and in trade journals.

I recommend this book, not only to information security practitioners but also to managers, executives, attorneys, risk managers, and technology operators. The book covers a significant number of important topics that are both timely and relevant to the contemporary practices one finds in daily life when performing a security duty within the discipline of information security.
—Eric W. Yocam in Computing Reviews, July 2011

From the Publisher

Related collections and offers

Overview

Product Details

About the Author

Table of Contents

What People are Saying About This

Related Subjects

Customer Reviews