Information Security Management Handbook, Volume 1Considered the gold-standard reference on information security, the Information Security Management Handbook provides an authoritative compilation of the fundamental knowledge, skills, techniques, and tools required of today's IT security professional. Now in its sixth edition, this 3200 page, 4 volume stand-alone reference is organized under the C |
Contents
9 | |
15 | |
35 | |
45 | |
51 | |
59 | |
67 | |
89 | |
Chapter 116 Selecting the Right Business Continuity Strategy | 1549 |
Chapter 117 Contingency Planning Best Practices and Program Maturity | 1557 |
Chapter 118 Reengineering the Business Continuity Planning Process | 1573 |
Chapter 119 The Role of Continuity Planning in the Enterprise Risk Management Structure | 1587 |
Chapter 120 Contingency at a Glance | 1601 |
Chapter 121 The Business Impact Assessment Process and the Importance of Using Business Process Mapping | 1611 |
Chapter 122 Testing Business Continuity and Disaster Recovery Plans | 1629 |
Chapter 123 Restoration Component of Business Continuity Planning | 1645 |
95 | |
105 | |
Chapter 11 Validating Your Business Partners | 123 |
Chapter 12 Measuring ROI on Security | 133 |
Chapter 13 The Human Side of Information Security | 139 |
Chapter 14 Security Management | 155 |
Chapter 15 It Is All about Control | 165 |
It Just Makes Good Sense | 179 |
The Process | 185 |
Charting the Course for the Organization | 201 |
A Corporate Implementation Guide | 221 |
Chapter 20 Ownership and Custody of Data | 233 |
Chapter 21 Information Security Risk Assessment | 243 |
Chapter 22 Developing and Conducting a Security Test and Evaluation | 251 |
Chapter 23 Enterprise Security Management Program | 261 |
A Simplified Risk Management Model | 271 |
Chapter 25 The Role of Information Security in the Enterprise Risk Management Structure | 281 |
Chapter 26 A Matter of Trust | 295 |
Chapter 27 Trust Governance in a Web Services World | 311 |
Chapter 28 Risk Management and Analysis | 321 |
Chapter 29 New Trends in Information Risk Management | 331 |
Technical and Insurance Controls for EnterpriseLevel Security | 339 |
Chapter 31 Committee of Sponsoring Organizations COSO | 355 |
Encouraging Personal Accountablity for Corporate Information Security Policy | 367 |
Functions and Responsibilities | 377 |
A Winning Combination | 389 |
Chapter 35 Building an Effective Privacy Program | 401 |
Preventing Potential Legal Nightmares | 415 |
Chapter 37 Ten Steps to Effective WebBased Security Policy Development and Distribution | 427 |
Chapter 38 Roles and Responsibilities of the Information Systems Security Officer | 443 |
Some Human Resources Issues in Information Security | 451 |
Chapter 40 Information Security Policies from the Ground Up | 465 |
Chapter 41 Policy Development | 475 |
Chapter 42 Training Your Employees to Identify Potential Fraud and How to Encourage Them to Come Forward | 499 |
The ABCs of a Persuasive Security Awareness Program | 521 |
Chapter 44 Maintaining Managements Commitment | 531 |
Chapter 45 Making Security Awareness Happen | 541 |
It Is Time To Change the Culture | 555 |
Chapter 47 Overview of an IT Corporate Security Organization | 567 |
Chapter 48 Make Security Part of Your Companys DNA | 579 |
Chapter 49 Building an Effective and Winning Security Team | 591 |
Moving Your Development Work Offshore | 607 |
Chapter 51 Maintaining Information Security during Downsizing | 619 |
Selling Management on the Protection of Vital Secrets and Products | 625 |
Chapter 53 How to Work with a Managed Security Service Provider | 631 |
Chapter 54 Considerations for Outsourcing Security | 643 |
Chapter 55 The Ethical and Legal Concerns of Spyware | 659 |
Chapter 56 Ethics and the Internet | 673 |
Chapter 57 Computer Ethics | 685 |
Access Control | 697 |
Chapter 58 A Look at RFID Security | 701 |
Chapter 59 New Emerging Information Security Technologies and Solutions | 707 |
Chapter 60 Sensitive or Critical Data Access Controls | 739 |
Chapter 61 An Introduction to RoleBased Access Control | 751 |
Chapter 62 Smart Cards | 765 |
Chapter 63 A Guide to Evaluating Tokens | 775 |
Providing Secured Data Transfers | 785 |
Deciding Among Different Strategies | 803 |
Benefits and Challenges | 823 |
Passwords and Policy | 843 |
Chapter 68 Enhancing Security through Biometric Technology | 869 |
Chapter 69 Single SignOn for the Enterprise | 887 |
Chapter 70 Centralized Authentication Services RADIUS TACACS DIAMETER | 909 |
Chapter 71 An Introduction to Secure Remote Access | 923 |
Chapter 72 Hacker Tools and Techniques | 935 |
Chapter 73 A New Breed of Hacker Tools and Defenses | 951 |
Chapter 74 Hacker Attacks and Defenses | 965 |
Chapter 75 CounterEconomic Espionage | 977 |
Chapter 76 Insight into Intrusion Prevention Systems | 993 |
Chapter 77 Penetration Testing | 1005 |
Domain III Cryptography | 1019 |
Assessing System Security | 1023 |
Chapter 79 Cryptographic Transitions | 1029 |
Chapter 80 Blind Detection of Steganographic Content in Digital Images Using Cellular Automata | 1039 |
Chapter 81 An Overview of Quantum Cryptography | 1045 |
Delivering HighPerformance Security for ECommerce and Communications | 1059 |
Chapter 83 Cryptographic Key Management Concepts | 1067 |
Chapter 84 Message Authentication | 1079 |
Chapter 85 Fundamentals of Cryptography and Encryption | 1095 |
The Art of Hiding Messages | 1115 |
Chapter 87 An Introduction to Cryptography | 1121 |
From Message Digests to Signatures | 1141 |
Chapter 89 A Look at the Advanced Encryption Standard AES | 1151 |
Chapter 90 Principles and Applications of Cryptographic Key Management | 1159 |
Chapter 91 Preserving Public Key Hierarchy | 1175 |
Chapter 92 PKI Registration | 1183 |
Chapter 93 Implementing Kerberos in Distributed Systems | 1197 |
Chapter 94 Methods of Attacking and Defending Cryptosystems | 1255 |
Physical Environmental Security | 1271 |
Chapter 95 Perimeter Security | 1275 |
Chapter 96 Melding Physical Security and Traditional Information Systems Security | 1289 |
Chapter 97 Physical Security for MissionCritical Facilities and Data Centers | 1293 |
A Foundation for Information Security | 1317 |
Controlled Access and Layered Defense | 1327 |
Chapter 100 Computing Facility Physical Security | 1339 |
Chapter 101 ClosedCircuit Television and Video Surveillance | 1349 |
Chapter 102 Types of Information Security Controls | 1357 |
Event Characteristics and Prevention | 1367 |
The Threat after September 11 2001 | 1373 |
Security Architecture and Design | 1393 |
A Framework Explored | 1397 |
Chapter 106 Creating a Secure Architecture | 1403 |
Chapter 107 Common Models for Architecting an Enterprise Security Capability | 1413 |
Chapter 108 The Reality of Virtual Computing | 1431 |
Chapter 109 Formulating an Enterprise Information Security Architecture | 1451 |
Chapter 110 Security Architecture and Models | 1469 |
Chapter 111 The Common Criteria for IT Security Evaluation | 1487 |
Chapter 112 Common System Design Flaws and Security Issues | 1501 |
Business Continuity Planning and Disaster Recovery Planning | 1511 |
Chapter 113 Developing Realistic Continuity Planning Process Metrics | 1515 |
Chapter 114 Building Maintenance Processes for Business Continuity Plans | 1529 |
Chapter 115 Identifying Critical Business Functions | 1541 |
A Case History | 1655 |
A Collaborative Approach | 1665 |
Chapter 126 The Business Impact Assessment Process | 1675 |
Telecommunications and Network Security | 1693 |
Chapter 127 Network Security Utilizing an Adaptable Protocol Framework | 1699 |
Chapter 128 The Five Ws and Designing a Secure IdentityBased SelfDefending Network 5W Network | 1709 |
Availability via Intelligent Agents | 1721 |
Closing the Back Door | 1731 |
Chapter 131 Network Security Overview | 1739 |
TLS | 1751 |
Chapter 133 WLAN Security Update | 1761 |
Chapter 134 Understanding SSL | 1777 |
Chapter 135 Packet Sniffers and Network Monitors | 1791 |
Chapter 136 Secured Connections to External Networks | 1811 |
Chapter 137 Security and Network Technologies | 1827 |
Chapter 138 Wired and Wireless Physical Layer Security Issues | 1847 |
Chapter 139 Network Router Security | 1855 |
Chapter 140 Whats Not So Simple about SNMP? | 1867 |
Security from the Ground Up | 1879 |
Chapter 142 Security and the Physical Network Layer | 1895 |
Chapter 143 Wireless LAN Security Challenge | 1903 |
Chapter 144 ISOOSI and TCPIP Network Model Characteristics | 1917 |
Chapter 145 VoIP Security Issues | 1929 |
Chapter 146 An Examination of Firewall Architectures | 1941 |
Chapter 147 Voice over WLAN | 1997 |
How To Deal with Junk EMail | 2007 |
Holes and Fillers | 2013 |
Chapter 150 IPSec Virtual Private Networks | 2025 |
Securing the Perimeter | 2051 |
Chapter 152 ApplicationLayer Security Protocols for Networks | 2061 |
Next Level of Security | 2073 |
Chapter 154 Security of Communication Protocols and Services | 2083 |
Chapter 155 An Introduction to IPSec | 2093 |
Chapter 156 VPN Deployment and Evaluation Strategy | 2103 |
Chapter 157 Comparing Firewall Technologies | 2123 |
What They Are and How They Work Together | 2133 |
Chapter 159 Security for Broadband Internet Access Users | 2143 |
Chapter 160 Instant Messaging Security Issues | 2151 |
Chapter161 Voice Security | 2169 |
Chapter 162 Secure Voice Communications VoI | 2181 |
Chapter 163 Deep Packet Inspection Technologies | 2195 |
Case Study and Countermeasures | 2203 |
Defenses against Communications Security Breaches and Toll Fraud | 2213 |
Chapter 166 Insecurity by Proxy | 2229 |
Chapter 167 Wireless Security | 2233 |
Use and Misuse | 2243 |
Chapter 169 ISPs and DenialofService Attacks | 2253 |
Application Security | 2263 |
Ensuring a Secure Relationship for the Client and the ASP | 2267 |
Chapter 171 StackBased Buffer Overflows | 2289 |
Chapter 172 Web Application Security | 2301 |
Chapter 173 Security for XML and Other Metadata Languages | 2311 |
Chapter 174 XML and Information Security | 2319 |
Chapter 175 Application Security | 2327 |
Chapter 176 Covert Channels | 2335 |
Chapter 177 Security as a Value Enhancer in Application Systems Development | 2343 |
Chapter 178 Open Source versus Closed Source | 2361 |
Chapter 179 A Look at Java Security | 2381 |
Chapter 180 Reflections on Database Integrity | 2387 |
Chapter 181 Digital Signatures in Relational Database Applications | 2395 |
Opportunity or Threat? | 2405 |
Chapter 183 Building and Assessing Security in the Software Development Lifecycle | 2425 |
Chapter 184 Avoiding Buffer Overflow Attacks | 2437 |
Chapter 185 Secure Development Life Cycle | 2449 |
Chapter 186 System Development Security Methodology | 2457 |
Chapter 187 Software Engineering Institute Capability Maturity Model | 2475 |
Chapter 188 Enterprise Security Architecture | 2491 |
Chapter 189 Certification and Accreditation Methodology | 2503 |
Chapter 190 System Development Security Methodology | 2521 |
Chapter 191 Methods of Auditing Applications | 2537 |
Chapter 192 Hacking Methods | 2547 |
Chapter 193 Enabling Safer Deployment of Internet Mobile Code Technologies | 2557 |
Operations Security | 2569 |
A Grid Security Overivew | 2573 |
Chapter 195 Managing Unmanaged Systems | 2579 |
Chapter 196 Storage Area Networks Security Protocols and Mechanisms | 2597 |
The Center of Support and Control | 2615 |
History Implications and New Apporaches | 2623 |
Chapter 199 Operations Security and Controls | 2629 |
Chapter 200 The Nebulous Zero Day | 2641 |
Chapter 201 Understanding Service Level Agreements | 2645 |
Chapter 202 Physical Access Control | 2651 |
Chapter 203 Auditing the Electronic Commerce Environment | 2669 |
Law Compliance and Investigations | 2689 |
A Technology Practitioners Guide | 2693 |
Chapter 205 Health Insurance Portability and Accounability Act Security Rule | 2703 |
Chapter 206 Jurisdictional Issues in Global Transmissions | 2717 |
Chapter 207 An Emerging Information Security Minimum Standard of Due Care | 2725 |
Chapter 208 ISPs and Accountability | 2745 |
Chapter 209 The Case for Privacy | 2761 |
Chapter 210 Liability for Lax Computer Security in DDoS Attacks | 2767 |
Chapter 211 Operational Forensics | 2773 |
Chapter 212 Computer Crime Investigation and Computer Forensics | 2781 |
Chapter 213 What Happened? | 2813 |
Chapter 214 Potential Cyber Terrorist Attacks | 2817 |
Chapter 215 The Evolutiont of the Sploit | 2831 |
Chapter 216 Computer Crime | 2845 |
A New Twist to an Old Game | 2853 |
Information Warfare Tactics by Terrorists Activists and Miscreants | 2873 |
The Human Factor in Information Assurance | 2897 |
Chapter 220 Privacy Breach Incident Response | 2911 |
Chapter 221 Security Event Management | 2929 |
A Practical Approach to Digital Crime Scene Analysis | 2945 |
Chapter 223 What a Computer Security Professional Needs to Know about EDiscovery and Digital Forensics | 2961 |
Chapter 224 How To Begin A NonLiturgical Forensic Examination | 2967 |
Chapter 225 Honeypot Essentials | 2983 |
Chapter 226 Managing the Response to a Computer Security Incident | 2989 |
Response Investigation and Prosecution | 3001 |
Glossary | 3009 |
3151 | |
Back cover | 3233 |
Other editions - View all
Information Security Management Handbook, Sixth Edition Harold F. Tipton,Micki Krause Limited preview - 2007 |
Common terms and phrases
acceptable actions activities administrators application appropriate areas assessment assets audit authentication authority awareness become CISSP communication complete compliance configuration considered continuity controls corporate cost create critical decision defined determine document e-mail effective employees ensure enterprise environment established evaluation example executive Exhibit existing function governance identify impact implementation important incident individual information security integrity internal Internet involved issues maintain measures meet monitoring necessary objectives officer operations organization organization’s organizational outsourcing patch perform personnel practices prevent problem procedures professionals protection reporting requirements responsibilities risk risk management role security policy server specific standards success technical threats trust understand vulnerability