Information Security Management Handbook, Fifth Edition

Copertina anteriore
CRC Press, 30 dic 2003 - 2036 pagine
Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a ...must have... book, both for preparing for the CISSP exam and as a comprehensive, up-to-date reference.
 

Sommario

Enhancing Security through Biometric Technology
9
Biometrics What Is New?
19
Controlling FTP Providing Secured Data Transfers
25
Privacy in the Healthcare Industry
43
The Case for Privacy
53
Biometric Identification
59
Single SignOn for the Enterprise
75
Centralized Authentication Services RADIUS TACACS DIAMETER
95
Making Security Awareness Happen Appendices Susan D Hansche CISSP
979
Maintaining Information Security during Downsizing
991
The Business Case for Information Security Selling Management on the Protection of Vital Secrets and Products
997
How to Work with a Managed Security Service Provider
1003
Considerations for Outsourcing Security
1015
Outsourcing Security
1029
Applications and Systems Development Security
1041
Security Models for ObjectOriented Databases
1045

An Introduction to Secure Remote Access
107
Hacker Tools and Techniques
119
A New Breed of Hacker Tools and Defenses
133
Social Engineering The Forgotten Risk
145
Breaking News The Latest Hacker Attacks and Defenses
153
CounterEconomic Espionage
163
Penetration Testing
177
Penetration Testing
189
Telecommimications Network and Internet Security
195
Understanding SSL
201
Packet Sniffers and Network Monitors
213
Secured Connections to External Networks
231
Security and Network Technologies
245
Wired and Wireless Physical Layer Security Issues
265
Network Router Security
273
Whats Not So Simple about SNMP?
283
Network and Telecommunications Media Security from the Ground Up
293
Security and the Physical Network Layer
309
Security of Wireless Local Area Networks
317
Securing Wireless Networks
329
Wireless Security Mayhem Restraining the Insanity of Convenience
324
Wireless LAN Security ChallengeP
337
ISOOSI and TCPIP Network Model Characteristics
351
Enclaves The Enterprise as an Extranet
361
IPSec Virtual Private Networks
371
Firewalls An Effective Solution for Internet Security
395
Internet Security Securing the Perimeter
401
Extranet Access Control Issues
411
ApplicationLayer Security Protocols for Networks
423
Application Layer Next Level of Security
435
Security of Communication Protocols and Services
445
An Introduction to IPSec
455
VPN Deployment and Evaluation Strategy
463
How to Perform a Security Review of a Checkpoint Firewall
481
Comparing Firewall Technologies
485
The InSecurity of Virtual Private Networks
495
Cookies and Web Bugs
509
Leveraging Virtual Private Networks
519
Wireless LAN Security
529
New Perspectives on VPNs
543
An Examination of Firewall Architectures
549
Instant Messaging Security Issues
569
Voice Security
585
Secure Voice Communications Vol
595
Packet Sniffers Use and Misuse
607
ISPs and DenialofService Attacks
617
Security Management Practices
625
The Human Side of Information Security
631
Security Management
645
Measuring ROI on Security
653
Security Patch Management
657
Configuration Management Charting the Course for the Organization
665
Information Classification A Corporate Implementation Guide Jim Appleyard Introduction
685
A Matter of Trust
697
Trust Governance in a Web Services World
709
Risk Management and Analysis
719
New Trends in Information Risk Management
727
Information Security in the Enterprise
735
Managing Enterprise Security Information
747
Risk Analysis and Assessment
763
Security Assessment
789
CyberRisk Management Technical and Insurance Controls for EnterpriseLevel Security
797
A Progress Report on the CVE Initiative
813
Roles and Responsibilities of the Information Systems Security Officer
833
Information Protection Organization Roles and Separation of Duties
839
Organizing for Success Some Human Resources Issues in Information Security
855
Ownership and Custody of Data
867
Hiring ExCriminal Hackers
875
Information Security Policies from the Ground Up
885
Policy Development
893
Toward Enforcing Security Policy Encouraging Personal Accountability for Corporate Information Security Policy
913
The Common Criteria for IT Security Evaluation
921
A Look at the Common Criteria
937
The Security Policy Life Cycle Functions and Responsibilities
947
Maintaining Managements Commitment
957
Making Security Awareness Happen
967
Web Application Security
1051
Security for XML and Other Metadata Languages
1061
XML and Information Security
1069
Application Security
1077
Security as a Value Enhancer in Application Systems Development
1091
Open Source versus Closed Source
1107
Reflections on Database Integrity
1123
Digital Signatures in Relational Database Applications
1131
Security and Privacy for Data Warehouses Opportunity or Threat?
1141
Enterprise Security Architecture
1159
Certification and Accreditation Methodology
1171
System Development Security Methodology
1187
A SecurityOriented Extension of the Object Model for the Development of an Information System
1201
A Look at Java Security
1217
Malware and Computer Viruses
1223
Methods of Auditing Applications
1253
Cryptography
1261
Three New Models for the Application of Cryptography
1265
Auditing Cryptography Assessing System Security
1275
Message Authentication
1279
Steganography The Art of Hiding Messages
1293
An Introduction to Cryptography
1299
Hash Algorithms From Message Digests to Signatures
1315
A Look at the Advanced Encryption Standard AES
1323
Principles and Applications of Cryptographic Key Management
1331
Preserving Public Key Hierarchy
1347
PKI Registration
1353
Implementing Kerberos in Distributed Systems
1365
Methods of Attacking and Defending Cryptosystems
1413
Enterprise Security Architecture
1427
Security Infrastructure Basics of Intrusion Detection Systems
1431
Firewalls Ten Percent of the Solution A Security Architecture Primer
1441
The Reality of Virtual Computing
1455
Overcoming Wireless LAN Security Vulnerabilities
1473
Security Architecture and Models
1497
Common System Design Flaws and Security Issues
1513
Operations Security
1521
Operations The Center of Support and Control
1525
Why Todays Security Technologies Are So Inadequate History Implications and New Approaches
1531
Auditing the Electronic Commerce Environment
1551
Improving Network Level Security through RealTime Monitoring and Intrusion Detection
1567
Intelligent Intrusion Analysis How Thinking Machines Can Recognize Computer Intrusions
1585
Business Continuity Planning
1607
Reengineering the Business Continuity Planning Process
1611
The Changing Face of Continuity Planning
1623
The Role of Continuity Planning in the Enterprise Risk Management Structure
1633
Restoration Component of Business Continuity Planning
1645
Business Resumption Planning and Disaster Recovery A Case History
1655
Business Continuity Planning A Collaborative Approach
1665
The Business Impact Assessment Process
1675
Law Investigations and Ethics
1691
Jurisdictional Issues in Global Transmissions
1695
Liability for Lax Computer Security in DDoS Attacks
1703
The Final HIPAA Security Rule Is Here Now What?
1709
HIPAA 201 A Framework Approach to HIPAA Security Readiness
1725
Computer Crime Investigations Managing a Process without Any Golden Rules George Wade CISSP
1737
Computer Crime Investigation and Computer Forensics Thomas Welch CISSP
1751
Operational Forensics
1779
What Happened?
1785
The International Dimensions of CyberCrime
1789
Honeypot Essentials
1807
CIRT Responding to Attack
1813
Incident Response Management
1827
Managing the Response to a Computer Security Incident
1837
CyberCrime Response Investigation and Prosecution
1847
Incident Response Exercises
1853
Software Forensics
1863
Ethics and the Internet
1877
Physical Security
1887
Physical Security A Foundation for Information Security
1891
Physical Security Contolled Access and Layered Defense
1901
Computing Facility Physical Security
1913
ClosedCircuit Television and Video Surveillance
1923
Types of Information Security Controls
1931
Physical Security The Threat after September 112001
1941
Copyright

Parole e frasi comuni

Informazioni bibliografiche