Overview

Updated annually, the Information Security Management Handbook, Sixth Edition is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2® CISSP Common Body of Knowledge (CBK®), Volume 7 features 27 new chapters on topics such as BYOD, IT consumerization, smart grids, security, and privacy. Covers the fundamental knowledge, skills, techniques, and tools required by IT security professionals Updates its bestselling predecessors with new developments in information security and the (ISC)2® CISSP® CBK® Provides valuable insights from leaders in the field on the theory and practice of computer security technology Facilitates the comprehensive and up-to-date understanding you need to stay fully informed The ubiquitous nature of computers and networks will always provide the opportunity and means to do harm. This edition updates its popular predecessors with the information you need to address the vulnerabilities created by recent innovations such as cloud computing, mobile banking, digital wallets, and near-field communications. This handbook is also available on CD.

Full Product Details

Author:   Richard O'Hanley (Auerbach Publications, New York, New York) ,  James S. Tiller (Raleigh, North Carolina, USA)
Publisher:   Taylor & Francis Ltd
Imprint:   Auerbach
Edition:   6th edition
Dimensions:   Width: 17.80cm , Height: 2.80cm , Length: 25.40cm
Weight:   0.960kg
ISBN:  

9781466567498

ISBN 10:   146656749
Pages:   434
Publication Date:   29 August 2013
Audience:   College/higher education ,  Professional and scholarly ,  Undergraduate ,  Postgraduate, Research & Scholarly
Format:   Hardback
Publisher's Status:   Active
Availability:   In Print  
This item will be ordered in for you from one of our suppliers. Upon receipt, we will promptly dispatch it out to you. For in store availability, please contact us.

Table of Contents

Access Control. Telecommunications & Network Security. Information Security & Risk Management. Application Security. Cryptography. Security Architecture & Design. Operations Security. Business Continuity Planning & Disaster Recovery Planning. Legal, Regulations, Compliance & Investigation. Physical Security.

Reviews

"DOMAIN 1: ACCESS CONTROL Access Control Administration What Business Associates Need to Know About Protected Health Information Under HIPAA and HITECH; Rebecca Herold DOMAIN 2: TELECOMMUNICATIONS AND NETWORK SECURITY Internet, Intranet, Extranet Security E-mail Security; Terence Fernandes DOMAIN 3: INFORMATION SECURITY AND RISK MANAGEMENT Security Management Concepts and Principles Appreciating Organizational Behavior and Institutions to Solidify Your Information Security Program; Robert Pittman Risk Management The Information Security Auditors Have Arrived, Now What?; Todd Fitzgerald Continuous Monitoring: Extremely Valuable to Deploy Within Reason; Foster J. Henderson and Mark A. Podracky Social Networking; Sandy Bacik Insider Threat Defense; Sandy Bacik Risk Management in Public Key Certificate Applications; Alex Golod Server Virtualization: Information Security Considerations; Thomas A. Johnson Security Management Planning Security Requirements Analysis; Sean M. Price CERT Resilience Management Model: An Overview; Bonnie A. Goins Pilewski and Christopher Pilewski Managing Bluetooth Security; E. Eugene Schultz, Matthew W. A. Pemble, and Wendy Goucher Employment Policies and Practices Slash and Burn: In Times of Recession, Do Not Let Emotions Drive Business Decisions; Seth Kinnett A ""Zero Trust"" Model for Security; Ken Shaurette and Thomas J. Schleppenbach DOMAIN 4: APPLICATION DEVELOPMENT SECURITY System Development Controls Application Whitelisting; Georges Jahchan Design of Information Security for Large System Development Projects; James C. Murphy Building Application Security Testing into the Software Development Life Cycle; Sandy Bacik Malicious Code Twenty-Five (or Forty) Years of Malware History; Robert M. Slade DOMAIN 5: CRYPTOGRAPHY Cryptographic Concepts, Methodologies, and Practices Format Preserving Encryption; Ralph Spencer Poore Elliptic Curve Cryptosystems; Jeff Stapleton Pirating the Ultimate Killer APP: Hacking Military Unmanned Aerial Vehicles; Sean P. Mcbride DOMAIN 6: SECURITY ARCHITECTURE AND DESIGN Principles of Computer and Network Organizations, Architectures, and Designs Service-Oriented Architecture; Walter B. Williams Cloud Security; Terry Komperda Enterprise Zones of Trust; Sandy Bacik DOMAIN 7: OPERATIONS SECURITY: OPERATIONS CONTROLS Complex Event Processing for Automated Security Event Analysis; Rob Shein Records Management; Sandy Bacik DOMAIN 8: BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Business Continuity Planning Data Backup Strategies: Traditional Versus Cloud: Carl B. Jackson DOMAIN 9: LEGAL, REGULATIONS, COMPLIANCE, AND INVESTIGATIONS Major Categories of Computer Crime Managing Advanced Persistent Threats; Eugene Schultz and Cuc Du Incident Handling Virtualization Forensics; Paul A. Henry DOMAIN 10: PHYSICAL (ENVIRONMENTAL) SECURITY Elements of Physical Security Terrorism: An Overview; Frank Bolz, Kenneth J. Dudonis, and David P. Schulz Technical Controls Countermeasure Goals and Strategies; Thomas L. Norman Index"

<p>DOMAIN 1: ACCESS CONTROL<br>Access Control Administration<br>What Business Associates Need to Know About Protected Health Information Under HIPAA and HITECH; Rebecca Herold <p>DOMAIN 2: TELECOMMUNICATIONS AND NETWORK SECURITY<br>Internet, Intranet, Extranet Security<br>E-mail Security; Terence Fernandes <p>DOMAIN 3: INFORMATION SECURITY AND RISK MANAGEMENT<br>Security Management Concepts and Principles<br>Appreciating Organizational Behavior and Institutions to Solidify Your Information Security Program; Robert Pittman<br>Risk Management<br>The Information Security Auditors Have Arrived, Now What?; Todd Fitzgerald<br>Continuous Monitoring: Extremely Valuable to Deploy Within Reason; Foster J. Henderson and Mark A. Podracky<br>Social Networking; Sandy Bacik<br>Insider Threat Defense; Sandy Bacik<br>Risk Management in Public Key Certificate Applications; Alex Golod<br>Server Virtualization: Information Security Considerations; Thomas A. Johnson<br>Security Management Planning<br>Security Requirements Analysis; Sean M. Price<br>CERT Resilience Management Model: An Overview; Bonnie A. Goins Pilewski and Christopher Pilewski<br>Managing Bluetooth Security; E. Eugene Schultz, Matthew W. A. Pemble, and Wendy Goucher<br>Employment Policies and Practices<br>Slash and Burn: In Times of Recession, Do Not Let Emotions Drive Business Decisions; Seth Kinnett<br>A Zero Trust Model for Security; Ken Shaurette and Thomas J. Schleppenbach <p>DOMAIN 4: APPLICATION DEVELOPMENT SECURITY<br>System Development Controls<br>Application Whitelisting; Georges Jahchan<br>Design of Information Security for Large System Development Projects; James C. Murphy<br>Building Application Security Testing into the Software Development Life Cycle; Sandy Bacik<br>Malicious Code<br>Twenty-Five (or Forty) Years of Malware History; Robert M. Slade <p>DOMAIN 5: CRYPTOGRAPHY<br>Cryptographic Concepts, Methodologies, and Practices<br>Format Preserving Encryption; Ralph Spencer Poore<br>Elli

DOMAIN 1: ACCESS CONTROL Access Control Administration What Business Associates Need to Know About Protected Health Information Under HIPAA and HITECH; Rebecca Herold DOMAIN 2: TELECOMMUNICATIONS AND NETWORK SECURITY Internet, Intranet, Extranet Security E-mail Security; Terence Fernandes DOMAIN 3: INFORMATION SECURITY AND RISK MANAGEMENT Security Management Concepts and Principles Appreciating Organizational Behavior and Institutions to Solidify Your Information Security Program; Robert Pittman Risk Management The Information Security Auditors Have Arrived, Now What?; Todd Fitzgerald Continuous Monitoring: Extremely Valuable to Deploy Within Reason; Foster J. Henderson and Mark A. Podracky Social Networking; Sandy Bacik Insider Threat Defense; Sandy Bacik Risk Management in Public Key Certificate Applications; Alex Golod Server Virtualization: Information Security Considerations; Thomas A. Johnson Security Management Planning Security Requirements Analysis; Sean M. Price CERT Resilience Management Model: An Overview; Bonnie A. Goins Pilewski and Christopher Pilewski Managing Bluetooth Security; E. Eugene Schultz, Matthew W. A. Pemble, and Wendy Goucher Employment Policies and Practices Slash and Burn: In Times of Recession, Do Not Let Emotions Drive Business Decisions; Seth Kinnett A Zero Trust Model for Security; Ken Shaurette and Thomas J. Schleppenbach DOMAIN 4: APPLICATION DEVELOPMENT SECURITY System Development Controls Application Whitelisting; Georges Jahchan Design of Information Security for Large System Development Projects; James C. Murphy Building Application Security Testing into the Software Development Life Cycle; Sandy Bacik Malicious Code Twenty-Five (or Forty) Years of Malware History; Robert M. Slade DOMAIN 5: CRYPTOGRAPHY Cryptographic Concepts, Methodologies, and Practices Format Preserving Encryption; Ralph Spencer Poore Elliptic Curve Cryptosystems; Jeff Stapleton Pirating the Ultimate Killer APP: Hacking Military Unmanned Aerial Vehicles; Sean P. Mcbride DOMAIN 6: SECURITY ARCHITECTURE AND DESIGN Principles of Computer and Network Organizations, Architectures, and Designs Service-Oriented Architecture; Walter B. Williams Cloud Security; Terry Komperda Enterprise Zones of Trust; Sandy Bacik DOMAIN 7: OPERATIONS SECURITY: OPERATIONS CONTROLS Complex Event Processing for Automated Security Event Analysis; Rob Shein Records Management; Sandy Bacik DOMAIN 8: BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Business Continuity Planning Data Backup Strategies: Traditional Versus Cloud: Carl B. Jackson DOMAIN 9: LEGAL, REGULATIONS, COMPLIANCE, AND INVESTIGATIONS Major Categories of Computer Crime Managing Advanced Persistent Threats; Eugene Schultz and Cuc Du Incident Handling Virtualization Forensics; Paul A. Henry DOMAIN 10: PHYSICAL (ENVIRONMENTAL) SECURITY Elements of Physical Security Terrorism: An Overview; Frank Bolz, Kenneth J. Dudonis, and David P. Schulz Technical Controls Countermeasure Goals and Strategies; Thomas L. Norman Index

Author Information

James S. Tiller, CISM, CISA, CISSP, is the Head of Security Consulting, Americas, HP Enterprise Security Services, Hewlett-Packard Company. Formerly Vice President of Security North America for BT Global Services, Jim has provided security solutions for global organizations for the past 20 years. He is the author of the following books published by Auerbach: CISO's Guide to Penetration Testing: A Framework to Plan, Manage, and Maximize Benefits; Adaptive Security Management Architecture; and A Technical Guide to IPSec Virtual Private Networks. Richard O'Hanley is the Publisher for Information and Communications Technology, Business, and Security at CRC Press. Mr. O'Hanley can be reached at rich.ohanley@taylorandfrancis.com

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions