Information Security Management Handbook, Fifth EditionCRC Press, 30 dic 2003 - 2036 pagine Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a comprehensive, up-to-date reference. |
Sommario
Enhancing Security through Biometric Technology | 9 |
Biometrics What Is New? | 19 |
Controlling FTP Providing Secured Data Transfers | 25 |
Privacy in the Healthcare Industry | 43 |
The Case for Privacy | 53 |
Biometric Identification | 59 |
Single SignOn for the Enterprise | 75 |
Centralized Authentication Services RADIUS TACACS DIAMETER | 95 |
Making Security Awareness Happen Appendices Susan D Hansche CISSP | 979 |
Maintaining Information Security during Downsizing | 991 |
The Business Case for Information Security Selling Management on the Protection of Vital Secrets and Products | 997 |
How to Work with a Managed Security Service Provider | 1003 |
Considerations for Outsourcing Security | 1015 |
Outsourcing Security | 1029 |
Applications and Systems Development Security | 1041 |
Security Models for ObjectOriented Databases | 1045 |
An Introduction to Secure Remote Access | 107 |
Hacker Tools and Techniques | 119 |
A New Breed of Hacker Tools and Defenses | 133 |
Social Engineering The Forgotten Risk | 145 |
Breaking News The Latest Hacker Attacks and Defenses | 153 |
CounterEconomic Espionage | 163 |
Penetration Testing | 177 |
Penetration Testing | 189 |
Telecommimications Network and Internet Security | 195 |
Understanding SSL | 201 |
Packet Sniffers and Network Monitors | 213 |
Secured Connections to External Networks | 231 |
Security and Network Technologies | 245 |
Wired and Wireless Physical Layer Security Issues | 265 |
Network Router Security | 273 |
Whats Not So Simple about SNMP? | 283 |
Network and Telecommunications Media Security from the Ground Up | 293 |
Security and the Physical Network Layer | 309 |
Security of Wireless Local Area Networks | 317 |
Securing Wireless Networks | 329 |
Wireless Security Mayhem Restraining the Insanity of Convenience | 324 |
Wireless LAN Security ChallengeP | 337 |
ISOOSI and TCPIP Network Model Characteristics | 351 |
Enclaves The Enterprise as an Extranet | 361 |
IPSec Virtual Private Networks | 371 |
Firewalls An Effective Solution for Internet Security | 395 |
Internet Security Securing the Perimeter | 401 |
Extranet Access Control Issues | 411 |
ApplicationLayer Security Protocols for Networks | 423 |
Application Layer Next Level of Security | 435 |
Security of Communication Protocols and Services | 445 |
An Introduction to IPSec | 455 |
VPN Deployment and Evaluation Strategy | 463 |
How to Perform a Security Review of a Checkpoint Firewall | 481 |
Comparing Firewall Technologies | 485 |
The InSecurity of Virtual Private Networks | 495 |
Cookies and Web Bugs | 509 |
Leveraging Virtual Private Networks | 519 |
Wireless LAN Security | 529 |
New Perspectives on VPNs | 543 |
An Examination of Firewall Architectures | 549 |
Instant Messaging Security Issues | 569 |
Voice Security | 585 |
Secure Voice Communications Vol | 595 |
Packet Sniffers Use and Misuse | 607 |
ISPs and DenialofService Attacks | 617 |
Security Management Practices | 625 |
The Human Side of Information Security | 631 |
Security Management | 645 |
Measuring ROI on Security | 653 |
Security Patch Management | 657 |
Configuration Management Charting the Course for the Organization | 665 |
Information Classification A Corporate Implementation Guide Jim Appleyard Introduction | 685 |
A Matter of Trust | 697 |
Trust Governance in a Web Services World | 709 |
Risk Management and Analysis | 719 |
New Trends in Information Risk Management | 727 |
Information Security in the Enterprise | 735 |
Managing Enterprise Security Information | 747 |
Risk Analysis and Assessment | 763 |
Security Assessment | 789 |
CyberRisk Management Technical and Insurance Controls for EnterpriseLevel Security | 797 |
A Progress Report on the CVE Initiative | 813 |
Roles and Responsibilities of the Information Systems Security Officer | 833 |
Information Protection Organization Roles and Separation of Duties | 839 |
Organizing for Success Some Human Resources Issues in Information Security | 855 |
Ownership and Custody of Data | 867 |
Hiring ExCriminal Hackers | 875 |
Information Security Policies from the Ground Up | 885 |
Policy Development | 893 |
Toward Enforcing Security Policy Encouraging Personal Accountability for Corporate Information Security Policy | 913 |
The Common Criteria for IT Security Evaluation | 921 |
A Look at the Common Criteria | 937 |
The Security Policy Life Cycle Functions and Responsibilities | 947 |
Maintaining Managements Commitment | 957 |
Making Security Awareness Happen | 967 |
Web Application Security | 1051 |
Security for XML and Other Metadata Languages | 1061 |
XML and Information Security | 1069 |
Application Security | 1077 |
Security as a Value Enhancer in Application Systems Development | 1091 |
Open Source versus Closed Source | 1107 |
Reflections on Database Integrity | 1123 |
Digital Signatures in Relational Database Applications | 1131 |
Security and Privacy for Data Warehouses Opportunity or Threat? | 1141 |
Enterprise Security Architecture | 1159 |
Certification and Accreditation Methodology | 1171 |
System Development Security Methodology | 1187 |
A SecurityOriented Extension of the Object Model for the Development of an Information System | 1201 |
A Look at Java Security | 1217 |
Malware and Computer Viruses | 1223 |
Methods of Auditing Applications | 1253 |
Cryptography | 1261 |
Three New Models for the Application of Cryptography | 1265 |
Auditing Cryptography Assessing System Security | 1275 |
Message Authentication | 1279 |
Steganography The Art of Hiding Messages | 1293 |
An Introduction to Cryptography | 1299 |
Hash Algorithms From Message Digests to Signatures | 1315 |
A Look at the Advanced Encryption Standard AES | 1323 |
Principles and Applications of Cryptographic Key Management | 1331 |
Preserving Public Key Hierarchy | 1347 |
PKI Registration | 1353 |
Implementing Kerberos in Distributed Systems | 1365 |
Methods of Attacking and Defending Cryptosystems | 1413 |
Enterprise Security Architecture | 1427 |
Security Infrastructure Basics of Intrusion Detection Systems | 1431 |
Firewalls Ten Percent of the Solution A Security Architecture Primer | 1441 |
The Reality of Virtual Computing | 1455 |
Overcoming Wireless LAN Security Vulnerabilities | 1473 |
Security Architecture and Models | 1497 |
Common System Design Flaws and Security Issues | 1513 |
Operations Security | 1521 |
Operations The Center of Support and Control | 1525 |
Why Todays Security Technologies Are So Inadequate History Implications and New Approaches | 1531 |
Auditing the Electronic Commerce Environment | 1551 |
Improving Network Level Security through RealTime Monitoring and Intrusion Detection | 1567 |
Intelligent Intrusion Analysis How Thinking Machines Can Recognize Computer Intrusions | 1585 |
Business Continuity Planning | 1607 |
Reengineering the Business Continuity Planning Process | 1611 |
The Changing Face of Continuity Planning | 1623 |
The Role of Continuity Planning in the Enterprise Risk Management Structure | 1633 |
Restoration Component of Business Continuity Planning | 1645 |
Business Resumption Planning and Disaster Recovery A Case History | 1655 |
Business Continuity Planning A Collaborative Approach | 1665 |
The Business Impact Assessment Process | 1675 |
Law Investigations and Ethics | 1691 |
Jurisdictional Issues in Global Transmissions | 1695 |
Liability for Lax Computer Security in DDoS Attacks | 1703 |
The Final HIPAA Security Rule Is Here Now What? | 1709 |
HIPAA 201 A Framework Approach to HIPAA Security Readiness | 1725 |
Computer Crime Investigations Managing a Process without Any Golden Rules George Wade CISSP | 1737 |
Computer Crime Investigation and Computer Forensics Thomas Welch CISSP | 1751 |
Operational Forensics | 1779 |
What Happened? | 1785 |
The International Dimensions of CyberCrime | 1789 |
Honeypot Essentials | 1807 |
CIRT Responding to Attack | 1813 |
Incident Response Management | 1827 |
Managing the Response to a Computer Security Incident | 1837 |
CyberCrime Response Investigation and Prosecution | 1847 |
Incident Response Exercises | 1853 |
Software Forensics | 1863 |
Ethics and the Internet | 1877 |
Physical Security | 1887 |
Physical Security A Foundation for Information Security | 1891 |
Physical Security Contolled Access and Layered Defense | 1901 |
Computing Facility Physical Security | 1913 |
ClosedCircuit Television and Video Surveillance | 1923 |
Types of Information Security Controls | 1931 |
Physical Security The Threat after September 112001 | 1941 |
Parole e frasi comuni
access control access point administrator algorithm allow application architecture attacker authentication biometric cable certificate CISA CISSP client communication configuration connection cookie corporate database defined denial-of-service attacks devices e-mail employees encryption engineering ensure enterprise environment Ethernet example Exhibit extranet firewall functions gateway header host identify implementation information security infrastructure installed integrity interface internal network Internet IP address IPSec layer MAC address monitoring operating system organization packet filter packet sniffer password patch penetration test performance physical port problem protection protocol proxy remote access response risk Rootkits router scanning security policy server session sniffer SNMP solution specific standard switch TACACS target tester threats traffic transmission trust vendors virtual private networks vulnerabilities Web bugs WEP key wireless network WLAN