Official (ISC)2 Guide to the ISSMP CBK

Overview

As the recognized leader in the field of information security education and certification, the (ISC) promotes the development of information security professionals around the world. The Certified Information Systems Security Professional-Information Systems Security Management Professional (CISSP-ISSMP®) examination assesses individuals’ understanding of security management practices. Obtaining certification validates your ability to create and implement effective information security management programs that meet the security needs of today’s organizations.



Preparing professionals for certification and job readiness, the Official (ISC) Guide to the ISSMP® CBK® supplies a complete overview of the management topics related to information security. It provides for an expanded enterprise model of security and management that delves into project management, risk management, and continuity planning. Facilitating the mastery of the five ISSEP domains required for certification, the book includes authoritative coverage of enterprise security management, enterprise-wide system development, compliance of operations security, business continuity planning, disaster recovery planning, as well as legal and ethical considerations.





  • Presents a complete overview of the managerial elements related to information security

  • Examines a larger enterprise model of security and management

  • Provides an all-inclusive analysis of the five domains of the CISSP-ISSMP CBK—including sample questions for each domain



Representing over a century of combined experience working at the forefront of information security, the editor and distinguished team of contributors provide unprecedented coverage of the things you need to know to achieve certification. This book will not only help you prepare for the CISSP-ISSMP certification exam, but also provide you with a solid foundation to enhance your career path—whether you’re a seasoned security veteran or just starting out.

Read More Show Less

Product Details

  • ISBN-13: 9781136586736
  • Publisher: Taylor & Francis, Inc.
  • Publication date: 7/13/2011
  • Series: (ISC)2 Press Series
  • Sold by: Barnes & Noble
  • Format: eTextbook
  • Pages: 468
  • File size: 5 MB

Meet the Author

About the Editor:

Hal Tipton, currently an independent consultant, is a past president of the International Information System Security Certification Consortium and was a director of computer security for Rockwell International Corporation for about 15 years. He initiated the Rockwell computer and data security program in 1977 and then continued to administer, develop, enhance, and expand the program to accommodate the control needs produced by technological advances until his retirement from Rockwell in 1994.

Tipton has been a member of the Information Systems Security Association (ISSA) since 1982. He was the president of the Los Angeles chapter in 1984 and the president of the national organization of ISSA (1987–1989). He was added to the ISSA Hall of Fame and the ISSA Honor Role in 2000.

Tipton was a member of the National Institute for Standards and Technology (NIST), the Computer and Telecommunications Security Council, and the National Research Council Secure Systems Study Committee (for the National Academy of Sciences). He received his BS in engineering from the U.S. Naval Academy and his MA in personnel administration from George Washington University; he also received his certificate in computer science from the University of California at Irvine. He is a certified information system security professional (CISSP), ISSAP, and ISSMP.

He has been a speaker at all the major information security conferences including the following: Computer Security Institute, the ISSA Annual Working Conference, the Computer Security Workshop, MIS Conferences, AIS Security for Space Operations, DOE Computer Security Conference, National Computer Security Conference, IIA Security Conference, EDPAA, UCCEL Security & Audit Users Conference, and Industrial Security Awareness Conference.

He has conducted/participated in information security seminars for (ISC)2, Frost & Sullivan, UCI, CSULB, System Exchange Seminars, and the Institute for International Research. He participated in the Ernst & Young video "Protecting Information Assets." He is currently the editor of the Handbook of Information Security Management (Auerbach Publications). He chairs the (ISC)2 CBK Committees and the QA Committee. He received the Computer Security Institute’s Lifetime Achievement Award in 1994, the (ISC)2’s Hal Tipton Award in 2001, and the (ISC)2 Founders Award in 2009.

About the Contributors:

James Litchko, CISSP-ISSEP, CAP, MBCI, CMAS, Senior Security Expert, Litchko & Associates. Mr. Litchko has worked as a security and management expert for over 30 years. He has been an executive with five organizations and supervised and supported the securing of over 200 military, government, and commercial IT systems. Since 2008, he supported the securing of IT systems at DHS, DOE, VHA, NASA, EPA, USAF, DOJ, and FEMA. Jim created and taught the first graduate IT security course at Johns Hopkins University (JHU) and was a manager at NSA. Jim holds a masters degree from JHU and has authored five books on security and management topics.

Craig S. Wright, CISSP-ISSAP, ISSMP, is a director with Information Defense in Australia. He holds both the GSE-Malware and GSE-Compliance certifications from GIAC. He is a perpetual student with numerous postgraduate degrees including an LLM specializing in international commercial law and ecommerce law, a masters degree in mathematical statistics from Newcastle, and is working on his fourth IT-focused masters degree (in system development) at Charles Stuart University, Australia, where he lectures on subjects in digital forensics. He is writing his second doctorate on the quantification of information system risk at CSU.

Cheryl Hennell, EdD, MSc, CISSP, SBCI, has worked in the IT industry for 40 years. Her employment includes systems development for the Ministry of Defence, systems analysis for the Civil Service, European Consultancy for a blue chip organization, and 20 years as a senior university lecturer. She is currently head of IT and information assurance for Openreach, BT. She earned her master’s in information systems design from Kingston University, London, and her doctorate from the University of Southampton, UK, and is a specialist in the Business Continuity Institute, UK. She is also an ambassador for Childnet. Cheryl was the course director for the first digital forensics degree in the UK, which she created and delivered for the University of Portsmouth. She has been an invited speaker at international conferences in Europe, the Middle East, and Africa. Her subjects include information assurance, audit, risk and governance, physical security, and business continuity and disaster recovery.

Maura van der Linden spent over a decade in software testing at Microsoft Corporation with a specialization in security testing, including working in the Security Technology Unit on the Malware Response Team. After serving as a technical reviewer for MSDN Magazine, she wrote her first article on SQL injection testing for MSDN Magazine. She then wrote her first book, Testing Code Security, Auerbach, Boca Raton, FL, in order to teach other testers the need for and intricacy of security testing. Though now working as a programming writer, she maintains her close ties to the test and security communities.

Keith Willet, CISSP-ISSAP, has over 25 years experience in information technology spanning academia and commercial, local, and national governments. Mr. Willett has a BS in computer science from Towson University, Maryland, an MS in business from the University of Baltimore, Maryland, and an MSIA from Norwich University, Vermont, and he holds the CISSP and ISSAP designations from (ISC)2. Willett is the author of Information Assurance Architecture and coauthor of How to Achieve 27001 Certification, both published by Auerbach. When not working, Mr. Willet enjoys world travel, cuisine, and wine, and has enjoyed all in over 125 cities across 30 countries.

Read More Show Less

Table of Contents

Enterprise Security Management Practices; James Litchko
Enterprise-Wide Systems Development Security; Maura Van Der Linden
Overseeing Compliance of Security Operations; Keith D. Willett
Understanding Business Continuity Planning (BCP), Disaster Recovery Planning (DRP), and Continuity of Operations Planning (COOP); Cheryl Hennell
Law Investigation, Forensics, and Ethics; Craig Steven Wright
Appendix: Answers to Review Questions

Read More Show Less

Customer Reviews

Average Rating 4.5
( 6 )
Rating Distribution

5 Star

(4)

4 Star

(2)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)