Information Security Management Handbook, Fifth Edition
Purchasing Options
Features
Summary
Whether you are active in security management or studying for the CISSP exam, you need accurate information that you can trust. A practical reference and study guide, this set gives you the information you need to understand the exam's core subjects. There is no duplication of material between any of the three volumes. Top experts throughout the country share their secrets of success in all security-related areas - ensuring safe and secure information systems. This four-volume set provides the tools for taking the offensive in the battle against information security threats.
Table of Contents
VOLUME I: DOMAIN 1: ACCESS CONTROL SYSTEMS & METHODOLOGY. Access Control Issues. DOMAIN 2: TELECOMMUNICATIONS & NETWORK SECURITY. Network Security. Internet, Intranet. Extranet Security. DOMAIN 3: SECURITY MANAGEMENT PRACTICES. Security Awareness. Organization Architecture. Risk Management. DOMAIN 4: APPLICATIONS & SYSTEMS DEVELOPMENT SECURITY. Application Security. DOMAIN 5: CRYPTOGRAPHY. Crypto Technology & Implementations. DOMAIN 6: SECURITY ARCHITECTURE & MODELS. Microcomputer & Lan Security. DOMAIN 7: OPERATIONS SECURITY. Threats. DOMAIN 8: BUSINESS CONTINUITY PLANNING & DISASTER RECOVERY PLANNING. Business Continuity Planning. Disaster Recovery Planning. DOMAIN 9: LAW, INVESTIGATIONS & ETHICS. Investigation. Information Ethics. Information Law. DOMAIN 10: PHYSICAL SECURITY. Threats & Facility Requirements.
VOLUME II: DOMAIN 1: ACCESS CONTROL SYSTEMS AND METHODOLOGY. Single Sign On. Centralized Authentication Services (RADIUS, TACACS, DIAMETER). DOMAIN 2: TELECOMMUNICATIONS AND NETWORK SECURITY. E-Mail Security. Integrity and Security of ATM. An Introduction to Secure Remote Access. Packet Sniffers and Network Monitors. Enclaves: The Enterprise as an Extranet. IPSec Virtual Private Networks. DOMAIN 3: SECURITY MANAGEMENT PRACTICES. Penetration Testing. The Building Blocks of Information Security. The Business Case for Information Security: Selling Management on the Protection of Vital Secrets and Products. DOMAIN 4: APPLICATIONS AND SYSTEMS DEVELOPMENT SECURITY. Peoplesoft Security. World Wide Web Application Security. Common System Design Flaws and Security. Issues. Data Marts and Data Warehouses: Keys to the Future or Keys to the Kingdom? Mitigating E-business Security Risks: Public Key Infrastructures in the Real World. DOMAIN 5: CRYPTOGRAPHY. Introduction to Encryption. Three New Models for the Application of Cryptography. Methods of Attacking and Defending Cryptosystems. Message Authentication. DOMAIN 6: SECURITY ARCHITECTURE AND MODELS. Introduction to UNIX Security for Security Practitioners. DOMAIN 7: OPERATIONS SECURITY. Hacker Tools and Techniques. An Introduction to Hostile Code and Its Control. DOMAIN 8: BUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY PLANNING. The Business Impact Assessment Process. DOMAIN 10: LAW, INVESTIGATIONS, AND ETHICS. Computer Crime Investigations: Managing a Process without Any Golden Rules CIRT: Responding to Attack. Improving Network Level Security through Real Time Monitoring and Intrusion Detection. Operational Forensics.
VOLUME III: DOMAIN 1: ACCESS CONTROL SYSTEMS AND METHODOLOGY. Access Control Techniques. Access Control Administration. Privacy in the Healthcare Industry. Methods of Attack. DOMAIN 2: TELECOMMUNICATIONS AND NETWORK SECURITY. Communications and Network Security. Internet, Intranet, Extranet Security. DOMAIN 3: SECURITY MANAGEMENT PRACTICES. Security Management Practices. Policies, Standards, Procedures, and Guidelines. Risk Management. Change Control Management. DOMAIN 4: APPLICATIONS AND SYSTEMS DEVELOPMENT SECURITY. Application Issues. Databases and Data Warehousing. DOMAIN 5: CRYPTOGRAPHY. Private Key Algorithms. Public Key Infrastructure (PKI). Principles of Computer and Network Organizations, Architectures, and Designs. DOMAIN 7: OPERATIONS SECURITY. Intrusion Detection. Auditing. DOMAIN 8: BUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY PLANNING. Business Continuity Planning. Disaster Recovery Planning. DOMAIN 9: LAW, INVESTIGATIONS, AND ETHICS. Investigation. Information Law.
DOMAIN 10: THREATS AND FACILITY REQUIREMENTS. Threats and Facility Requirements.
VOLUME IV: DOMAIN 1: ACCESS CONTROL SYSTEMS AND METHODOLOGY. Access Control Techniques. Access Control Administration.
Methods of Attack. DOMAIN 2: TELECOMMUNICATIONS AND NETWORK SECURITY. Communications and Network Security. Internet, Intranet, and Extranet Security
Secure Voice Communication. Network Attacks and Countermeasures. DOMAIN 3: SECURITY MANAGEMENT PRACTICES. Security Management Concepts and Principles
Section. Policies, Standards, Procedures, and Guidelines. Risk Management. Security Management Planning. Employment Policies and Practices.
Domain 4: Applications and Systems Development Security. Application Issues. Systems Development Controls. Malicious Code. DOMAIN 5 : CRYPTOGRAPHY. Crypto Concepts, Methodologies and Practices. Public Key Infrastructure (PKI). DOMAIN 6: SECURITY ARCHITECTURE AND MODELS.Principles of Computer and Network Organizations, Architectures, and Designs. DOMAIN 7: OPERATIONS SECURITY. Operations Controls. DOMAIN 8: BUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY PLANNING. Business Continuity Planning.
Disaster Recovery Planning. DOMAIN 9: LAW, INVESTIGATIONS, AND ETHICS. INFORMATION LAW. Major Categories of Computer Crime. Incident Handling. DOMAIN 10: PHYSICAL SECURITY. Elements of Physical Security. Environment and Life Safety.
Related Titles
