Information Security Management Handbook 4th Ed.

Volume 2

Harold F. Tipton, Micki Krause

Publisher: Auerbach, 2001, 626 pages

ISBN: 0-8493-0800-3

Keywords: Information Security

Last modified: June 30, 2021, 1:17 a.m.

Synopsis

The runaway growth of computer viruses and worms and the ongoing nuisance posed by malicious hackers and employees who exploit the security vulnerabilities of open network protocols make the tightness of an organization's security system an issue of prime importance. And information systems technology is advancing at a frenetic pace. Against this background, the challenges facing information security professionals are increasing rapidly.

Information Security Management Handbook, Fourth Edition, Volume 2 is an essential reference for anyone involved in the security of information system. This new volume of the all-important handbook addresses emerging trends and new concepts in information security, along with security methodologies for evolving technologies. It is one of the most important study aids used by candidates preparing for the CISSP certification examinations. In fact, as in the previous editions of the handbook, the material in this fourth edition is aligned with the Information Security Common Body of Knowledge (CBK). This format provides information security professionals with enabling material with which to conduct the rigorous review required for success in the CISSP certification examination. In addition, the practical information presented in the book make Information Security Management Handbook, Fourth Edition, Volume 2 an indispensable weapon in the arsenal of professionals and practitioners.

Features

  • Discuss new technologies
  • Provides comprehensive coverage of information security management
  • Discusses topics that may be tested on the CISSP certification exam for the first time
  • Includes expansive coverage of network security including ATM, frame relay, remote access, network monitoring, and TCP/IP
  • Covers intrusion detection, penetration testing, and secure voice communications

Table of Contents

  • Domain 1: Access Control Systems and Methodologies
    • Section 1.1: Access Control Issues
      1. Single Sign-on
        Ross Leo
    • Section 1.2: Access Control Administration
      1. Centralized Authentication Services /RADIUS, TACACS, DIAMETER)
        Bill Stackpole
  • Domain 2: Telecommunications and Network Security
    • Section 2.1: Network Security
      1. E-mail Security
        Bruce A. Lobree
      2. integrity and Security of ATM
        Steve Blanding
      3. An Introduction to Secure Remote Access
        Christina M. Bird
      4. Packet Sniffers and Network Monitors
        James S. Tiller and Bryan D. Fish
    • Section 2.2: Internet, Intranet, and Extranet Security
      1. Enclaves: The Enterprise as an Extranet
        Bryan T. Koch
      2. IPSec Virtual private Networks
        James S. Tiller
  • Domain 3: Security Management Practices
    • Section 3.1: Security Awareness
      1. Penetration Testing
        Stephen Fried
    • Section 3.2: Policies, Standards, Procedures, and Guidelines
      1. The Building Blocks of Information Security
        Ken M. Shaurette
    • Section 3.3: Risk Management
      1. The Business Case for Information Security: Selling Management on the Protection of Vital Secrets and Products
        Sanford Sherizen
  • Domain 4: Applications and Systems Development Security
    • Section 4.1: Application Security
      1. PeopleSoft Security
        Satnam Purewal
      2. World Wide Web Application Security
        Sean Scanlon
      3. Common System Design Flaws and Security Issues
        William Hugh Murray
    • Section 4.2: System Security
      1. Data Marts and data Warehouses: Keys to the Future or Keys to the Kingdom?
        M. E. Krehnke and D. K. Bradley
      2. Mitigating E-business Security Risks: Public Key Infrastructures in the Real Wo5rld
        Douglas C. Merrill and Eran Feigenbaum
  • Domain 5: Cryptography
    • Section 5.1: Crypto Technology and Implementations
      1. Introduction to Encryption
        Jay Heiser
      2. Those New Models for the Application of Cryptography
        Jay Heiser
      3. Methods of Attacking and Defending Cryptosystems
        Joost Houwen
      4. Message Authentication
        James S. Tiller
  • Domain 6: Security Architecture and Models
    • Section 6.1: System Architecture and Designs
      1. Introduction to UNIX Security for Security Practitioners
        Jeffery J. Lowder
  • Domain 7: Operations Security
    • Section 7.1: Threats
      1. Hacker Tools and Techniques
        Ed Skoudis
      2. An Introduction to Hostile Code and Its Control
        Jay Heiser
  • Domain 8: Business Continuity Planning and Disaster Recovery Planning
    • Section 8.1: Business Continuity Planning
      1. The Business Impact Assessment process
        Carl B. Jackson
  • Domain 9: Law, Investigation, and Ethics
    • Section 9.1: Investigation
      1. Computer Crime Investigations: Managing a Process Without Any Golden Rules
        George Wade
      2. CIRT: Responding to Attack
        Chris Hare
      3. Improving Network Level Security Through real-Time Monitoring and Intrusion Detection
        Chris Hare
      4. Operational Forensics
        Michael J. Corby

Reviews

Information Security Management Handbook

Reviewed by Roland Buresund

Disappointing *** (3 out of 10)

Last modified: Nov. 15, 2008, 2:20 a.m.

Opinion

Describes a lot of the fields within the CISSP. Nothing to get too excited about, a bit dry and boring, but not bad. Too shallow to use for a CISSP exam. You need volume 3 as well, I'm told, as it contains updates. But why bother?

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required