Information Security Management Handbook 5th Edition (PDF)

Information Security Management Handbook

Author:
Harold F. Tipton & Micki Krause
Release at: 2004
Pages: 3206
Edition:
Fifth Edition
File Size: 43 MB
File Type: pdf
Language: English



Description of Information Security Management Handbook 5th Edition (PDF)

Information Security Management Handbook 5th Edition by Harold F. Tipton & Micki Krause is a great Computer Security book available for PDF download. The research on risks, threats and exposures continues to demonstrate the need for taking an assertive approach to information risk management. According to published sources:

  • From 1989 to early 2003, the number of security incidents increased from 130 to over 42,000
  • From 2000 to early 2003, the number of security vulnerabilities reported total over 900, which is over twice that of the sum of vulnerabilities reported for the five previous years
  • Since 1995, the annual increase in risk from internet hacking is up 60% per year (U.S.)
  • Since 1995, the annual increase in risk from viruses and worms is up over 100% per year (U.S.)
  • Of course, precursors for taking an assertive approach to information risk management are possession of the requisite knowledge and skills as well as the ability to practically apply that knowledge. The mission of the Information Security Management Handbook (ISMH) is to arm the reader, so that you are prepared to do battle in this challenging environment. The ISMH is designed to cover in detail the ten domains of the Information Security Common Body of Knowledge and offer pragmatic counsel on implementation of technologies, processes and procedures. It is designed to empower the security professional, the information technology professional and the chief information officer with information such that they can do their duty, protect the information assets of their organizations.

    This Volume 5 is a blend of some of the most current articles from the previous edition along with new articles that may not have been covered previously. It also includes articles on tried and true topics such as policies, firewalls and Internet security, but with a differing focus or distinction based on the various authors’experiences. As always, this edition is a comprehensive tome that offers vast amounts of information protection and security advice, from policy development to cryptographic fundamentals and everything between. Whether the reader is an experienced and certified professional (CISSP), an IT executive, or a novice firewall administrator, there is something worthwhile for all.




    Content of Information Security Management Handbook 5th Edition (PDF)


    Introduction
    1 ACCESS CONTROL SYSTEMS AND METHODOLOGY
    Section 1.1 Access Control Techniques
    Enhancing Security through Biometric Technology
    Stephen D. Fried, CISSP
    Biometrics: What is New?
    Judith M. Myerson
    It is All About Control
    Chris Hare, CISSP, CISA
    Controlling FTP: Providing Secured Data Transfers
    Chris Hare, CISSP, CISA
    Section 1.2 Access Control Administration
    Types of Information Security Controls
    Harold F. Tipton
    When Technology and Privacy Collide
    Edward H. Freeman
    Privacy in the Healthcare Industry
    Kate Borten, CISSP
    The Case for Privacy
    Michael J. Corby, CISSP
    Section 1.3 Identification and Authentication Techniques
    Biometric Identification
    Donald R. Richards, CPP
    Single Sign-On for the Enterprise
    Ross A. Leo, CISSP
    Single Sign-On
    Ross A. Leo, CISSP
    Section 1.4 Access Control Methodologies and Implementation
    Relational DataBase Access Controls Using SQL
    Ravi S. Sandhu
    Centralized Authentication Services (RADIUS, TACACS, DIAMETER)
    William Stackpole, CISSP
    Implementation of Access Controls
    Stanley Kurzban
    An Introduction to Secure Remote Access
    Christina M. Bird, Ph.D., CISSP
    Section 1.5 Methods of Attack
    Hacker Tools and Techniques
    Ed Skoudis, CISSP
    A New Breed of Hacker Tools and Defenses
    Ed Skoudis, CISSP
    Social Engineering: The Forgotten Risk
    John Berti, CISSP and Marcus Rogers, Ph.D., CISSP
    Breaking News: The Latest Hacker Attacks and Defenses
    Ed Skoudis, CISSP
    Counter-Economic Espionage
    Craig A. Schiller, CISSP
    Section 1.6 Monitoring and Penetration Testing
    Penetration Testing
    Stephen D. Fried, CISSP
    The Self-Hack Audit
    Stephen James
    Penetration Testing
    Chuck Bianco, FTTR, CISA, CISSP
    2 TELECOMMUNICATIONS, NETWORK, AND INTERNET SECURITY
    Section 2.1 Communications and Network Security
    Understanding SSL
    Chris Hare, CISSP, CISA
    Packet Sniffers and Network Monitors
    James S. Tiller, CISA, CISSP and Bryan D. Fish, CISSP
    Secured Connections to External Networks
    Steven F. Blanding
    Security and Network Technologies
    Chris Hare, CISSP, CISA
    Wired and Wireless Physical Layer Security Issues
    James Trulove
    Network Router Security
    Steven F. Blanding
    Dial-Up Security Controls
    Alan Berman and Jeffrey L. Ott
    What’s Not So Simple about SNMP?
    Chris Hare, CISSP, CISA
    Network and Telecommunications Media: Security from the Ground Up
    Samuel Chun, CISSP
    Security and the Physical Network Layer
    Matthew J. Decker, CISSP, CISA, CBCP
    Security of Wireless Local Area Networks
    Franjo Majstor, CISSP
    Securing Wireless Networks
    Sandeep Dhameja, CISSP
    Wireless Security Mayhem: Restraining the Insanity of Convenience
    Mark T. Chapman, MSCS, CISSP, IAM
    Wireless LAN Security Challenge
    Frandinata Halim, CISSP, CCSP, CCDA, CCNA, MSCE and Gildas Deograt, CISSP
    An Introduction to LAN/WAN Security
    Steven F. Blanding
    ISO/OSI and TCP/IP Network Model Characteristics
    George G. McBride, CISSP
    Integrity and Security of ATM
    Steve Blanding
    Section 2.2 Internet/Intranet/Extranet
    Enclaves: The Enterprise as an Extranet
    Bryan T. Koch, CISSP
    IPSec Virtual Private Networks
    James S. Tiller, CISA, CISSP
    Firewalls: An Effective Solution for Internet Security
    E. Eugene Schultz, Ph.D., CISSP
    Internet Security: Securing the Perimeter
    Douglas G. Conorich
    Extranet Access Control Issues
    Christopher King, CISSP
    Network Layer Security
    Steven F. Blanding
    Transport Layer Security
    Steven F. Blanding
    Application-Layer Security Protocols for Networks
    William Stackpole, CISSP
    Application Layer: Next Level of Security
    Keith Pasley, CISSP
    Security of Communication Protocols and Services
    William Hugh Murray, CISSP
    Security Management of the World Wide Web
    Lynda L. McGhie and Phillip Q. Maier
    An Introduction to IPSec
    William Stackpole, CISSP
    Wireless Internet Security
    Dennis Seymour Lee
    VPN Deployment and Evaluation Strategy
    Keith Pasley, CISSP
    How to Perform a Security Review of a Checkpoint Firewall
    Ben Rothke, CISSP
    Comparing Firewall Technologies
    Per Thorsheim
    The (In) Security of Virtual Private Networks
    James S. Tiller, CISA, CISSP
    Cookies and Web Bugs
    William T. Harding, Ph.D., Anita J. Reed, CPA, and Robert L. Gray, Ph.D.
    Leveraging Virtual Private Networks
    James S. Tiller, CISA, CISSP
    Wireless LAN Security
    Mandy Andress, CISSP, SSCP, CPA, CISA
    Expanding Internet Support with IPv6
    Gilbert Held
    Virtual Private Networks: Secure Remote Access Over the Internet
    John R. Vacca
    Applets and Network Security: A Management Overview
    Al Berg
    Security for Broadband Internet Access Users
    James Trulove
    New Perspectives on VPNs
    Keith Pasley, CISSP
    An Examination of Firewall Architectures
    Paul A. Henry, CISSP, CNE
    Deploying Host-Based Firewalls across the Enterprise: A Case Study
    Jeffery Lowder, CISSP
    Section 2.3 E-mail Security
    Instant Messaging Security Issues
    William Hugh Murray, CISSP
    Email Security
    Bruce A. Lobree
    Email Security
    Clay Randall
    Protecting Against Dial-In Hazards: Email and Data Communications
    Leo A. Wrobel
    Section 2.4 Secure Voice Communications
    Protecting Against Dial-In Hazards: Voice Systems
    Leo A. Wrobel
    Voice Security
    Chris Hare, CISSP, CISA
    Secure Voice Communications (VoI)
    Valene Skerpac, CISSP
    Section 2.5 Network Attacks and Countermeasures
    Preventing DNS Attacks
    Mark Bell
    Preventing a Network from Spoofing and Denial of Service Attacks
    Gilbert Held
    Packet Sniffers: Use and Misuse
    Steve A. Rodgers, CISSP
    ISPs and Denial-of-Service Attacks
    K. Narayanaswamy, Ph.D.
    3 INFORMATION SECURITY MANAGEMENT
    Section 3.1 Security Management Concepts and Principles
    Measuring ROI on Security
    Carl F. Endorf, CISSP, SSCP, GSEC
    Security Patch Management
    Jeffrey Davis, CISSP
    Purposes of Information Security Management
    Harold F. Tipton
    The Building Blocks of Information Security
    Ken M. Shaurette
    The Human Side of Information Security
    Kevin Henry, CISA, CISSP
    Security Management
    Ken Buszta, CISSP
    Securing New Information Technology
    Louis Fried
    E-mail Security Using Pretty Good Privacy
    William Stallings
    Section 3.2 Change Control Management
    Configuration Management: Charting the Course for the Organization
    Mollie E. Krehnke, CISSP, IAM and David C. Krehnke, CISSP, CISM, IAM
    Section 3.3 Data Classification
    Information Classification: A Corporate Implementation Guide
    Jim Appleyard
    Section 3.4 Risk Management
    A Matter of Trust
    Ray Kaplan, CISSP, CISA, CISM
    Trust Governance in a Web Services World
    Daniel D. Houser, CISSP, MBA, e-Biz+
    Risk Management and Analysis
    Kevin Henry, CISA, CISSP
    New Trends in Information Risk Management
    Brett Regan Young, CISSP, CBCP
    Information Security in the Enterprise
    Duane E. Sharp
    Managing Enterprise Security Information
    Matunda Nyanchama, Ph.D., CISSP and Anna Wilson, CISSP, CISA
    Risk Analysis and Assessment
    Will Ozier
    Managing Risk in an Intranet Environment
    Ralph L. Kliem
    Security Assessment
    Sudhanshu Kairab, CISSP, CISA
    Evaluating the Security Posture of an Information Technology Environment:
    The Challenges of Balancing Risk, Cost, and Frequency of Evaluating Safeguards
    Brian R. Schultz, CISSP, CISA
    Cyber-Risk Management: Technical and Insurance Controls for Enterprise-Level
    Security
    Carol A. Siegel, Ty R. Sagalow, and Paul Serritella
    Section 3.5 Employment Policies and Practices
    A Progress Report on the CVE Initiative
    Robert Martin, Steven Christey, and David Baker
    Roles and Responsibilities of the Information Systems Security Officer
    Carl Burney, CISSP
    Information Protection: Organization, Roles, and Separation of Duties
    Rebecca Herold, CISSP, CISA, FLMI
    Organizing for Success: Some Human Resources Issues in Information Security
    Jeffrey H. Fenton, CBCP, CISSP and James M. Wolfe, MSM
    Ownership and Custody of Data
    William Hugh Murray, CISSP
    Hiring Ex-Criminal Hackers
    Ed Skoudis, CISSP
    Information Security and Personnel Practices
    Edward H. Freeman
    Section 3.6 Risk Management
    Information Security Policies from the Ground Up
    Brian Shorten, CISSP, CISA
    Policy Development
    Chris Hare, CISSP, CISA
    Risk Analysis and Assessment
    Will Ozier
    Server Security Policies
    Jon David
    Toward Enforcing Security Policy: Encouraging Personal Accountability for
    Corporate Information Security Policy
    John O. Wylder, CISSP
    The Common Criteria for IT Security Evaluation
    Debra S. Herrmann
    A Look at the Common Criteria
    Ben Rothke, CISSP
    The Security Policy Life Cycle: Functions and Responsibilities
    Patrick D. Howard, CISSP
    Section 3.7 Security Awareness Training
    Security Awareness Program
    Tom Peltier
    Maintaining Management’s Commitment
    William Tompkins, CISSP, CBCP
    Making Security Awareness Happen
    Susan D. Hansche, CISSP
    Making Security Awareness Happen: Appendices
    Susan D. Hansche, CISSP
    Section 3.8 Security Management Planning
    Maintaining Information Security during Downsizing
    Thomas J. Bray, CISSP
    The Business Case for Information Security: Selling Management on the
    Protection of Vital Secrets and Products
    Sanford Sherizen, Ph.D., CISSP
    Information Security Management in the Healthcare Industry
    Micki Krause
    Protecting High-Tech Trade Secrets
    William C. Boni
    How to Work with a Managed Security Service Provider
    Laurie Hill McQuillan, CISSP
    Considerations for Outsourcing Security
    Michael J. Corby, CISSP
    Outsourcing Security
    James S. Tiller, CISA, CISSP
    4 APPLICATION PROGRAM SECURITY
    Section 4.1 APPLICATION ISSUES
    Security Models for Object-Oriented Databases
    James Cannady
    Web Application Security
    Mandy Andress, CISSP, SSCP, CPA, CISA
    The Perfect Security: A New World Order
    Ken Shaurette
    Security for XML and Other Metadata Languages
    William Hugh Murray, CISSP
    XML and Information Security
    Samuel C. McClintock
    Testing Object-Based Applications
    Polly Perryman Kuver
    Secure and Managed Object-Oriented Programming
    Louis B. Fried
    Application Service Providers
    Andres Llana Jr.
    Application Security
    Walter S. Kobus, Jr., CISSP
    Covert Channels
    Anton Chuvakin, Ph.D., GCIA, GCIH
    Security as a Value Enhancer in Application Systems Development
    Lowell Bruce McCulley, CISSP
    Open Source versus Closed Source
    Ed Skoudis, CISSP
    PeopleSoft Security
    Satnam Purewal
    World Wide Web Application Security
    Sean Scanlon
    Section 4.2 Databases and Data Warehousing
    Reflections on Database Integrity
    William Hugh Murray, CISSP
    Datamarts and Data Warehouses: Keys to the Future or Keys to the Kingdom?
    M. E. Krehnke and D. K. Bradley
    Digital Signatures in Relational Database Applications
    Mike R. Prevost
    Security and Privacy for Data Warehouses: Opportunity or Threat?
    David Bonewell, CISSP, CISA, Karen Gibbs, and Adriaan Veldhuisen
    Relational Database Security: Availability, Integrity, and Confidentiality
    Ravi S. Sandhu and Sushil Jojodia
    Section 4.3 Systems Development Controls
    Enterprise Security Architecture
    William Hugh Murray, CISSP
    Certification and Accreditation Methodology
    Mollie E. Krehnke, CISSP, IAM and David C. Krehnke, CISSP, CISM, IAM
    A Framework for Certification Testing
    Kevin J. Davidson, CISSP
    System Development Security Methodology
    Ian Lim, CISSP and Ioana V. Carastan, CISSP
    A Security-Oriented Extension of the Object Model for the Development of an Information System
    Sureerut Inmor, Vatcharaporn Esichaikul, and Dencho N. Batanov
    Methods of Auditing Applications
    David C. Rice, CISSP and Graham Bucholz
    Section 4.4 Malicious Code
    Malware and Computer Viruses
    Robert M. Slade, CISSP
    An Introduction to Hostile Code and It’s Control
    Jay Heiser
    A Look at Java Security
    Ben Rothke, CISSP
    Section 4.5 Methods of Attack
    The RAID Advantage
    Tyson Heyn
    Malicious Code: The Threat, Detection, and Protection
    Ralph Hoefelmeyer, CISSP and Theresa E. Phillips, CISSP
    5 CRYPTOGRAPHY
    Section 5.1 Use of Cryptography
    Three New Models for the Application of Cryptography
    Jay Heiser, CISSP
    Auditing Cryptography: Assessing System Security
    Steve Stanek
    Section 5.2 Cryptographic Concepts, Methodologies, and Practices
    Message Authentication
    James S. Tiller, CISA, CISSP
    Fundamentals of Cryptography and Encryption
    Ronald A. Gove
    Steganography: The Art of Hiding Messages
    Mark Edmead, CISSP, SSCP, TICSA
    An Introduction to Cryptography
    Javek Ikbel, CISSP
    Hash Algorithms: From Message Digests to Signatures
    Keith Pasley, CISSP
    A Look at the Advanced Encryption Standard (AES)
    Ben Rothke, CISSP
    Introduction to Encryption
    Jay Heiser
    Section 5.3 Private Key Algorithms
    Principles and Applications of Cryptographic Key
    Management
    William Hugh Murray, CISSP
    Section 5.4 Public Key Infrastructure (PKI)
    Getting Started with PKI
    Harry DeMaio
    Mitigating E-Business Security Risks: Public Key Infrastructures in the Real
    World
    Douglas C. Merrill and Eran Feigenbaum
    Preserving Public Key Hierarchy
    Geoffrey C. Grabow, CISSP
    PKI Registration
    Alex Golod, CISSP
    Section 5.5 System Architecture for Implementing Cryptographic Functions
    Implementing Kerberos in Distributed Systems
    Joe Kovara, CTP and Ray Kaplan, CISSP, CISA, CISM
    Section 5.6 Methods of Attack
    Methods of Attacking and Defending Cryptosystems
    Joost Houwen, CISSP
    6 ENTERPRISE SECURITY ARCHITECTURE
    Section 6.1 Principles of Computer and Network Organizations,
    Architectures, and Designs
    Security Infrastructure: Basics of Intrusion Detection Systems
    Ken M. Shaurette, CISSP, CISA, NSA, IAM
    Systems Integrity Engineering
    Don Evans
    Introduction to UNIX Security for Security Practitioners
    Jeffery J. Lowder
    Enterprise Security Architecture
    William Hugh Murray
    Microcomputer and LAN Security
    Stephen Cobb
    Reflections on Database Integrity
    William Hugh Murray
    Firewalls, 10 Percent of the Solution: A Security Architecture Primer
    Chris Hare, CISSP, CISA
    The Reality of Virtual Computing
    Chris Hare, CISSP, CISA
    Overcoming Wireless LAN Security Vulnerabilities
    Gilbert Held
    Section 6.2 Principles of Security Models, Architectures and Evaluation Criteria
    Formulating an Enterprise Information Security Architecture
    Mollie Krehnke, CISSP, IAM and David Krehnke,CISSP, CISM, IAM
    Security Architecture and Models
    Foster J. Henderson, CISSP, MCSE and Kellina M. Craig-Henderson, Ph.D.
    Security Models for Object-Oriented Data Bases
    James Cannady
    Section 6.3 Common Flaws and Security Issues — System Architecture and Design
    Common System Design Flaws and Security Issues
    William Hugh Murray, CISSP
    7 OPERATIONS SECURITY
    Section 7.1 Concepts
    Operations: The Center of Support and Control
    Kevin Henry, CISA, CISSP
    Why Today’s Security Technologies Are So Inadequate: History, Implications,
    and New Approaches
    Steven Hofmeyr, Ph.D.
    Information Warfare and the Information Systems Security Professional
    Jerry Kovacich
    Steps for Providing Microcomputer Security
    Douglas B. Hoyt
    Protecting the Portable Computing Environment
    Phillip Q. Maier
    Operations Security and Controls
    Patricia A.P. Fisher
    Data Center Security: Useful Intranet Security Methods and Tools
    John R. Vacca
    Section 7.2 Resource Protection Requirements
    Physical Access Control
    Dan M. Bowers, CISSP
    Software Piracy: Issues and Prevention
    Roxanne E. Burkey
    Section 7.3 Auditing
    Auditing the Electronic Commerce Environment
    Chris Hare, CISSP, CISA
    Section 7.4 Intrusion Detection
    Improving Network-Level Security through Real-Time Monitoring and
    Intrusion Detection
    Chris Hare, CISSP, CISA
    Intelligent Intrusion Analysis: How Thinking Machines Can
    Recognize Computer Intrusions
    Bryan D. Fish, CISSP
    How to Trap the Network Intruder
    Jeff Flynn
    Intrusion Detection: How to Utilize a Still Immature Technology
    E. Eugene Schultz and Eugene Spafford
    Section 7.5 Operations Controls
    Directory Security
    Ken Buszta, CISSP
    8 BUSINESS CONTINUITY PLANNING
    Section 8.1 Business Continuity Planning
    Reengineering the Business Continuity Planning Process
    Carl B. Jackson, CISSP, CBCP
    The Role of Continuity Planning in the Enterprise Risk
    Management Structure
    Carl B. Jackson, CISSP, CBCP
    Business Continuity in the Distributed Environment
    Steven P. Craig
    The Changing Face of Continuity Planning
    Carl Jackson, CISSP, CDCP
    Section 8.2 Disaster Recovery Planning
    Restoration Component of Business Continuity Planning
    John Dorf, ARM and Martin Johnson, CISSP
    Business Resumption Planning and Disaster Recovery: A Case History
    Kevin Henry, CISA, CISSP
    Business Continuity Planning: A Collaborative Approach
    Kevin Henry, CISA, CISSP
    Section 8.3 Elements of Business Continuity Planning
    The Business Impact Assessment Process
    Carl B. Jackson, CISSP, CBCP
    9 LAW, INVESTIGATION, AND ETHICS
    Section 9.1 Information Law
    Jurisdictional Issues in Global Transmissions
    Ralph Spencer Poore, CISSP, CISA, CFE
    Liability for Lax Computer Security in DDoS Attacks
    Dorsey Morrow, JD, CISSP
    The Final HIPAA Security Rule Is Here! Now What?
    Todd Fitzgerald, CISSP, CISA
    HIPAA 201: A Framework Approach to HIPAA Security Readiness
    David MacLeod, Ph.D., CISSP, Brian Geffert, CISSP, CISA, and David Deckter, CISSP
    Internet Gripe Sites: Bally v. Faber
    Edward H. Freeman
    State Control of Unsolicited E-mail: State of Washington v. Heckel
    Edward H. Freeman
    The Legal Issues of Disaster Recovery Planning
    Tari Schreider
    Section 9.2 Investigations
    Computer Crime Investigations: Managing a Process without Any Golden Rules
    George Wade, CISSP
    Operational Forensics
    Michael J. Corby, CISSP
    Computer Crime Investigation and Computer Forensics
    Thomas Welch, CISSP, CPP
    What Happened?
    Kelly J. Kuchta, CPP, CFE
    Section 9.3 Major Categories of Computer Crime
    The International Dimensions of Cybercrime
    Ed Gabrys, CISSP
    Computer Abuse Methods and Detection
    Donn B. Parker
    Section 9.4 Incident Handling
    Honeypot Essentials
    Anton Chuvakin, Ph.D., GCIA, GCIH
    CIRT: Responding to Attack
    Chris Hare, CISSP, CISA
    Managing the Response to a Computer Security Incident
    Michael Vangelos, CISSP
    Cyber-Crime: Response, Investigation, and Prosecution
    Thomas Akin, CISSP
    Incident Response Exercises
    Ken M. Shaurette, CISSP, CISA, CISM, IAM and Thomas J. Schleppenbach
    Software Forensics
    Robert M. Slade, CISSP
    Reporting Security Breaches
    James S. Tiller, CISSP
    Incident Response Management
    Alan B. Sterneckert, CISA, CISSP, CFE, CCCI
    Section 9.5 Ethics
    Ethics and the Internet
    Micki Krause, CISSP
    Computer Ethics
    Peter S. Tippett
    10 PHYSICAL SECURITY
    Section 10.1 Facility Requirements
    Physical Security: A Foundation for Information Security
    Christopher Steinke, CISSP
    Physical Security: Controlled Access and Layered Defense
    Bruce R. Mathews, CISSP
    Computing Facility Physical Security
    Alan Brusewitz, CISSP, CBCP
    Closed Circuit Television and Video Surveillance
    David Litzau, CISSP
    Section 10.2 Technical Controls
    Types of Information Security Controls
    Harold F. Tipton, CISSP
    Physical Security
    Tom Peltier
    Section 10.3 Environment and Life Safety
    Physical Security: The Threat after September 11th, 2001
    Jaymes Williams, CISSP
    Glossary
    GET THIS BOOK

    Also Available

    Fenner’s Veterinary Virology 5th edition
    GET THIS BOOK

    Plant Anatomy An Applied Approach by David F Cutler, Ted Botha & D.W. Stevenson
    GET THIS BOOK

    Plant Pathology by R S Mehrotra and Ashok Aggarwal 3rd Edition
    GET THIS BOOK

    Plant Pathology The Diseased Plant by James G. Horsfall
    GET THIS BOOK

    Plant Pathology by George N Agrios 5th Edition
    GET THIS BOOK
    Similar Books

    0 comments: