6th Edition

Information Security Management Handbook, Volume 7

Edited By Richard O'Hanley, James S. Tiller Copyright 2014
    434 Pages 61 B/W Illustrations
    by Auerbach Publications

    Updated annually, the Information Security Management Handbook, Sixth Edition  is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations.

    Reporting on the latest developments in information security and recent changes to the (ISC) CISSP Common Body of Knowledge (CBK®), Volume 7 features 27 new chapters on topics such as BYOD, IT consumerization, smart grids, security, and privacy.

    • Covers the fundamental knowledge, skills, techniques, and tools required by IT security professionals
    • Updates its bestselling predecessors with new developments in information security and the (ISC) CISSP® CBK®
    • Provides valuable insights from leaders in the field on the theory and practice of computer security technology
    • Facilitates the comprehensive and up-to-date understanding you need to stay fully informed

    The ubiquitous nature of computers and networks will always provide the opportunity and means to do harm. This edition updates its popular predecessors with the information you need to address the vulnerabilities created by recent innovations such as cloud computing, mobile banking, digital wallets, and near-field communications. This handbook is also available on CD.

    Domain 1: TELECOMMUNICATIONS AND NETWORK SECURITY
    Communications and Network Security
    1. Securing the Grid; Terry Komperda
    Network Attacks and Countermeasures
    2. Attacks in Mobile Environments; Noureddine Boudriga

    Domain 2: INFORMATION SECURITY GOVERNANCE AND RISK MANAGEMENT
    Security Management Concepts and Principles
    3. Security in the Cloud; Sandy Bacik
    4. Getting the Best Out of Information Security Projects; Todd Fitzgerald
    5. Mobility and Its Impact on Enterprise Security; Prashanth Venkatesh and Balaji Raghunathan
    6. An Introduction to Digital Rights Management; Ashutosh Saxena and Ravi Sankar Veerubhotla
    7. Information Security on the Cheap; Beau Woods
    8. Organizational Behavior (Including Institutions) Can Cultivate Your Information Security Program; Robert K. Pittman, Jr.
    9. Metrics for Monitoring; Sandy Bacik
    Policies, Standards, Procedures, and Guidelines
    10. Security Implications of Bring Your Own Device, IT Consumerization, and Managing User Choices; Sandy Bacik
    11. Information Assurance: Open Research Questions and Future Directions; Seth J. Kinnett
    Security Awareness Training
    12. Protecting Us from Us: Human Firewall Vulnerability Assessments; Ken M. Shaurette and Tom Schleppenbach

    Domain 3: APPLICATION DEVELOPMENT SECURITY
    Application Issues
    13. Service-Oriented Architecture; Walter B. Williams
    Systems Development Controls
    14. Managing the Security Testing Process; Anthony Meholic
    15. Security and Resilience in the Software Development Life Cycle; Mark S. Merkow and Lakshmikanth Raghavan

    Domain 4: CRYPTOGRAPHY
    Cryptographic Concepts, Methodologies, and Practices
    16. Cloud Cryptography; Jeff Stapleton

    Domain 5: SECURITY ARCHITECTURE AND DESIGN
    Principles of Security Models, Architectures, and Evaluation Criteria
    17. Identity and Access Management Architecture; Jeff Crume
    18. FedRAMP SM: Entry or Exit Ramp for Cloud Security?; Debra S. Herrmann

    Domain 6: OPERATIONS SECURITY
    Concepts
    19. Data Storage and Network Security; Greg Schulz

    Domain 7: LEGAL, REGULATIONS, COMPLIANCE, AND INVESTIGATIONS
    Information Law
    20. National Patient Identifier and Patient Privacy in the Digital Era; Tim Godlove and Adrian Ball
    21. Addressing Social Media Security and Privacy Challenges; Rebecca Herold
    Investigations
    22. What Is Digital Forensics and What Should You Know about It?; Greg Gogolin
    23. eDiscovery; David G. Hill
    24. Overview of the Steps of the Electronic Discovery Reference Model; David G. Hill
    25. Cell Phone Protocols and Operating Systems; Eamon P. Doherty
    Major Categories of Computer Crime
    26. Hacktivism: The Whats, Whys, and Wherefores; Chris Hare
    Compliance
    27. PCI Compliance; Tyler Justin Speed
    28. HIPAA /HITECH Compliance Overview

    Biography

    James S. Tiller, CISM, CISA, CISSP, is the Head of Security Consulting, Americas, HP Enterprise Security Services, Hewlett-Packard Company. Formerly Vice President of Security North America for BT Global Services, Jim has provided security solutions for global organizations for the past 20 years. He is the author of the following books published by Auerbach: CISO's Guide to Penetration Testing: A Framework to Plan, Manage, and Maximize Benefits; Adaptive Security Management Architecture; and A Technical Guide to IPSec Virtual Private Networks.

    Richard O'Hanley is the Publisher for Information and Communications Technology, Business, and Security at CRC Press. Mr. O'Hanley can be reached at [email protected]