Information Security Management Handbook

Information Security Management Handbook
 
Author:
Harold F. Tipton & Micki Krause
Publisher: CRC Press
ISBN No: 0-8493-1997-8
Release at: 2004
Pages: 3206
Edition:
Fifth Edition
File Size: 43 MB
File Type: pdf
Language: English



Content of Information Security Management Handbook


Introduction
1 ACCESS CONTROL SYSTEMS AND METHODOLOGY
Section 1.1 Access Control Techniques
Enhancing Security through Biometric Technology
Stephen D. Fried, CISSP
Biometrics: What is New?
Judith M. Myerson
It is All About Control
Chris Hare, CISSP, CISA
Controlling FTP: Providing Secured Data Transfers
Chris Hare, CISSP, CISA
Section 1.2 Access Control Administration
Types of Information Security Controls
Harold F. Tipton
When Technology and Privacy Collide
Edward H. Freeman
Privacy in the Healthcare Industry
Kate Borten, CISSP
The Case for Privacy
Michael J. Corby, CISSP
Section 1.3 Identification and Authentication Techniques
Biometric Identification
Donald R. Richards, CPP
Single Sign-On for the Enterprise
Ross A. Leo, CISSP
Single Sign-On
Ross A. Leo, CISSP
Section 1.4 Access Control Methodologies and Implementation
Relational DataBase Access Controls Using SQL
Ravi S. Sandhu
Centralized Authentication Services (RADIUS, TACACS, DIAMETER)
William Stackpole, CISSP
Implementation of Access Controls
Stanley Kurzban
An Introduction to Secure Remote Access
Christina M. Bird, Ph.D., CISSP
Section 1.5 Methods of Attack
Hacker Tools and Techniques
Ed Skoudis, CISSP
A New Breed of Hacker Tools and Defenses
Ed Skoudis, CISSP
Social Engineering: The Forgotten Risk
John Berti, CISSP and Marcus Rogers, Ph.D., CISSP
Breaking News: The Latest Hacker Attacks and Defenses
Ed Skoudis, CISSP
Counter-Economic Espionage
Craig A. Schiller, CISSP
Section 1.6 Monitoring and Penetration Testing
Penetration Testing
Stephen D. Fried, CISSP
The Self-Hack Audit
Stephen James
Penetration Testing
Chuck Bianco, FTTR, CISA, CISSP
2 TELECOMMUNICATIONS, NETWORK, AND INTERNET SECURITY
Section 2.1 Communications and Network Security
Understanding SSL
Chris Hare, CISSP, CISA
Packet Sniffers and Network Monitors
James S. Tiller, CISA, CISSP and Bryan D. Fish, CISSP
Secured Connections to External Networks
Steven F. Blanding
Security and Network Technologies
Chris Hare, CISSP, CISA
Wired and Wireless Physical Layer Security Issues
James Trulove
Network Router Security
Steven F. Blanding
Dial-Up Security Controls
Alan Berman and Jeffrey L. Ott
What’s Not So Simple about SNMP?
Chris Hare, CISSP, CISA
Network and Telecommunications Media: Security from the Ground Up
Samuel Chun, CISSP
Security and the Physical Network Layer
Matthew J. Decker, CISSP, CISA, CBCP
Security of Wireless Local Area Networks
Franjo Majstor, CISSP
Securing Wireless Networks
Sandeep Dhameja, CISSP
Wireless Security Mayhem: Restraining the Insanity of Convenience
Mark T. Chapman, MSCS, CISSP, IAM
Wireless LAN Security Challenge
Frandinata Halim, CISSP, CCSP, CCDA, CCNA, MSCE and Gildas Deograt, CISSP
An Introduction to LAN/WAN Security
Steven F. Blanding
ISO/OSI and TCP/IP Network Model Characteristics
George G. McBride, CISSP
Integrity and Security of ATM
Steve Blanding
Section 2.2 Internet/Intranet/Extranet
Enclaves: The Enterprise as an Extranet
Bryan T. Koch, CISSP
IPSec Virtual Private Networks
James S. Tiller, CISA, CISSP
Firewalls: An Effective Solution for Internet Security
E. Eugene Schultz, Ph.D., CISSP
Internet Security: Securing the Perimeter
Douglas G. Conorich
Extranet Access Control Issues
Christopher King, CISSP
Network Layer Security
Steven F. Blanding
Transport Layer Security
Steven F. Blanding
Application-Layer Security Protocols for Networks
William Stackpole, CISSP
Application Layer: Next Level of Security
Keith Pasley, CISSP
Security of Communication Protocols and Services
William Hugh Murray, CISSP
Security Management of the World Wide Web
Lynda L. McGhie and Phillip Q. Maier
An Introduction to IPSec
William Stackpole, CISSP
Wireless Internet Security
Dennis Seymour Lee
VPN Deployment and Evaluation Strategy
Keith Pasley, CISSP
How to Perform a Security Review of a Checkpoint Firewall
Ben Rothke, CISSP
Comparing Firewall Technologies
Per Thorsheim
The (In) Security of Virtual Private Networks
James S. Tiller, CISA, CISSP
Cookies and Web Bugs
William T. Harding, Ph.D., Anita J. Reed, CPA, and Robert L. Gray, Ph.D.
Leveraging Virtual Private Networks
James S. Tiller, CISA, CISSP
Wireless LAN Security
Mandy Andress, CISSP, SSCP, CPA, CISA
Expanding Internet Support with IPv6
Gilbert Held
Virtual Private Networks: Secure Remote Access Over the Internet
John R. Vacca
Applets and Network Security: A Management Overview
Al Berg
Security for Broadband Internet Access Users
James Trulove
New Perspectives on VPNs
Keith Pasley, CISSP
An Examination of Firewall Architectures
Paul A. Henry, CISSP, CNE
Deploying Host-Based Firewalls across the Enterprise: A Case Study
Jeffery Lowder, CISSP
Section 2.3 E-mail Security
Instant Messaging Security Issues
William Hugh Murray, CISSP
Email Security
Bruce A. Lobree
Email Security
Clay Randall
Protecting Against Dial-In Hazards: Email and Data Communications
Leo A. Wrobel
Section 2.4 Secure Voice Communications
Protecting Against Dial-In Hazards: Voice Systems
Leo A. Wrobel
Voice Security
Chris Hare, CISSP, CISA
Secure Voice Communications (VoI)
Valene Skerpac, CISSP
Section 2.5 Network Attacks and Countermeasures
Preventing DNS Attacks
Mark Bell
Preventing a Network from Spoofing and Denial of Service Attacks
Gilbert Held
Packet Sniffers: Use and Misuse
Steve A. Rodgers, CISSP
ISPs and Denial-of-Service Attacks
K. Narayanaswamy, Ph.D.
3 INFORMATION SECURITY MANAGEMENT
Section 3.1 Security Management Concepts and Principles
Measuring ROI on Security
Carl F. Endorf, CISSP, SSCP, GSEC
Security Patch Management
Jeffrey Davis, CISSP
Purposes of Information Security Management
Harold F. Tipton
The Building Blocks of Information Security
Ken M. Shaurette
The Human Side of Information Security
Kevin Henry, CISA, CISSP
Security Management
Ken Buszta, CISSP
Securing New Information Technology
Louis Fried
E-mail Security Using Pretty Good Privacy
William Stallings
Section 3.2 Change Control Management
Configuration Management: Charting the Course for the Organization
Mollie E. Krehnke, CISSP, IAM and David C. Krehnke, CISSP, CISM, IAM
Section 3.3 Data Classification
Information Classification: A Corporate Implementation Guide
Jim Appleyard
Section 3.4 Risk Management
A Matter of Trust
Ray Kaplan, CISSP, CISA, CISM
Trust Governance in a Web Services World
Daniel D. Houser, CISSP, MBA, e-Biz+
Risk Management and Analysis
Kevin Henry, CISA, CISSP
New Trends in Information Risk Management
Brett Regan Young, CISSP, CBCP
Information Security in the Enterprise
Duane E. Sharp
Managing Enterprise Security Information
Matunda Nyanchama, Ph.D., CISSP and Anna Wilson, CISSP, CISA
Risk Analysis and Assessment
Will Ozier
Managing Risk in an Intranet Environment
Ralph L. Kliem
Security Assessment
Sudhanshu Kairab, CISSP, CISA
Evaluating the Security Posture of an Information Technology Environment:
The Challenges of Balancing Risk, Cost, and Frequency of Evaluating Safeguards
Brian R. Schultz, CISSP, CISA
Cyber-Risk Management: Technical and Insurance Controls for Enterprise-Level
Security
Carol A. Siegel, Ty R. Sagalow, and Paul Serritella
Section 3.5 Employment Policies and Practices
A Progress Report on the CVE Initiative
Robert Martin, Steven Christey, and David Baker
Roles and Responsibilities of the Information Systems Security Officer
Carl Burney, CISSP
Information Protection: Organization, Roles, and Separation of Duties
Rebecca Herold, CISSP, CISA, FLMI
Organizing for Success: Some Human Resources Issues in Information Security
Jeffrey H. Fenton, CBCP, CISSP and James M. Wolfe, MSM
Ownership and Custody of Data
William Hugh Murray, CISSP
Hiring Ex-Criminal Hackers
Ed Skoudis, CISSP
Information Security and Personnel Practices
Edward H. Freeman
Section 3.6 Risk Management
Information Security Policies from the Ground Up
Brian Shorten, CISSP, CISA
Policy Development
Chris Hare, CISSP, CISA
Risk Analysis and Assessment
Will Ozier
Server Security Policies
Jon David
Toward Enforcing Security Policy: Encouraging Personal Accountability for
Corporate Information Security Policy
John O. Wylder, CISSP
The Common Criteria for IT Security Evaluation
Debra S. Herrmann
A Look at the Common Criteria
Ben Rothke, CISSP
The Security Policy Life Cycle: Functions and Responsibilities
Patrick D. Howard, CISSP
Section 3.7 Security Awareness Training
Security Awareness Program
Tom Peltier
Maintaining Management’s Commitment
William Tompkins, CISSP, CBCP
Making Security Awareness Happen
Susan D. Hansche, CISSP
Making Security Awareness Happen: Appendices
Susan D. Hansche, CISSP
Section 3.8 Security Management Planning
Maintaining Information Security during Downsizing
Thomas J. Bray, CISSP
The Business Case for Information Security: Selling Management on the
Protection of Vital Secrets and Products
Sanford Sherizen, Ph.D., CISSP
Information Security Management in the Healthcare Industry
Micki Krause
Protecting High-Tech Trade Secrets
William C. Boni
How to Work with a Managed Security Service Provider
Laurie Hill McQuillan, CISSP
Considerations for Outsourcing Security
Michael J. Corby, CISSP
Outsourcing Security
James S. Tiller, CISA, CISSP
4 APPLICATION PROGRAM SECURITY
Section 4.1 APPLICATION ISSUES
Security Models for Object-Oriented Databases
James Cannady
Web Application Security
Mandy Andress, CISSP, SSCP, CPA, CISA
The Perfect Security: A New World Order
Ken Shaurette
Security for XML and Other Metadata Languages
William Hugh Murray, CISSP
XML and Information Security
Samuel C. McClintock
Testing Object-Based Applications
Polly Perryman Kuver
Secure and Managed Object-Oriented Programming
Louis B. Fried
Application Service Providers
Andres Llana Jr.
Application Security
Walter S. Kobus, Jr., CISSP
Covert Channels
Anton Chuvakin, Ph.D., GCIA, GCIH
Security as a Value Enhancer in Application Systems Development
Lowell Bruce McCulley, CISSP
Open Source versus Closed Source
Ed Skoudis, CISSP
PeopleSoft Security
Satnam Purewal
World Wide Web Application Security
Sean Scanlon
Section 4.2 Databases and Data Warehousing
Reflections on Database Integrity
William Hugh Murray, CISSP
Datamarts and Data Warehouses: Keys to the Future or Keys to the Kingdom?
M. E. Krehnke and D. K. Bradley
Digital Signatures in Relational Database Applications
Mike R. Prevost
Security and Privacy for Data Warehouses: Opportunity or Threat?
David Bonewell, CISSP, CISA, Karen Gibbs, and Adriaan Veldhuisen
Relational Database Security: Availability, Integrity, and Confidentiality
Ravi S. Sandhu and Sushil Jojodia
Section 4.3 Systems Development Controls
Enterprise Security Architecture
William Hugh Murray, CISSP
Certification and Accreditation Methodology
Mollie E. Krehnke, CISSP, IAM and David C. Krehnke, CISSP, CISM, IAM
A Framework for Certification Testing
Kevin J. Davidson, CISSP
System Development Security Methodology
Ian Lim, CISSP and Ioana V. Carastan, CISSP
A Security-Oriented Extension of the Object Model for the Development of an Information System
Sureerut Inmor, Vatcharaporn Esichaikul, and Dencho N. Batanov
Methods of Auditing Applications
David C. Rice, CISSP and Graham Bucholz
Section 4.4 Malicious Code
Malware and Computer Viruses
Robert M. Slade, CISSP
An Introduction to Hostile Code and It’s Control
Jay Heiser
A Look at Java Security
Ben Rothke, CISSP
Section 4.5 Methods of Attack
The RAID Advantage
Tyson Heyn
Malicious Code: The Threat, Detection, and Protection
Ralph Hoefelmeyer, CISSP and Theresa E. Phillips, CISSP
5 CRYPTOGRAPHY
Section 5.1 Use of Cryptography
Three New Models for the Application of Cryptography
Jay Heiser, CISSP
Auditing Cryptography: Assessing System Security
Steve Stanek
Section 5.2 Cryptographic Concepts, Methodologies, and Practices
Message Authentication
James S. Tiller, CISA, CISSP
Fundamentals of Cryptography and Encryption
Ronald A. Gove
Steganography: The Art of Hiding Messages
Mark Edmead, CISSP, SSCP, TICSA
An Introduction to Cryptography
Javek Ikbel, CISSP
Hash Algorithms: From Message Digests to Signatures
Keith Pasley, CISSP
A Look at the Advanced Encryption Standard (AES)
Ben Rothke, CISSP
Introduction to Encryption
Jay Heiser
Section 5.3 Private Key Algorithms
Principles and Applications of Cryptographic Key
Management
William Hugh Murray, CISSP
Section 5.4 Public Key Infrastructure (PKI)
Getting Started with PKI
Harry DeMaio
Mitigating E-Business Security Risks: Public Key Infrastructures in the Real
World
Douglas C. Merrill and Eran Feigenbaum
Preserving Public Key Hierarchy
Geoffrey C. Grabow, CISSP
PKI Registration
Alex Golod, CISSP
Section 5.5 System Architecture for Implementing Cryptographic Functions
Implementing Kerberos in Distributed Systems
Joe Kovara, CTP and Ray Kaplan, CISSP, CISA, CISM
Section 5.6 Methods of Attack
Methods of Attacking and Defending Cryptosystems
Joost Houwen, CISSP
6 ENTERPRISE SECURITY ARCHITECTURE
Section 6.1 Principles of Computer and Network Organizations,
Architectures, and Designs
Security Infrastructure: Basics of Intrusion Detection Systems
Ken M. Shaurette, CISSP, CISA, NSA, IAM
Systems Integrity Engineering
Don Evans
Introduction to UNIX Security for Security Practitioners
Jeffery J. Lowder
Enterprise Security Architecture
William Hugh Murray
Microcomputer and LAN Security
Stephen Cobb
Reflections on Database Integrity
William Hugh Murray
Firewalls, 10 Percent of the Solution: A Security Architecture Primer
Chris Hare, CISSP, CISA
The Reality of Virtual Computing
Chris Hare, CISSP, CISA
Overcoming Wireless LAN Security Vulnerabilities
Gilbert Held
Section 6.2 Principles of Security Models, Architectures and Evaluation Criteria
Formulating an Enterprise Information Security Architecture
Mollie Krehnke, CISSP, IAM and David Krehnke,CISSP, CISM, IAM
Security Architecture and Models
Foster J. Henderson, CISSP, MCSE and Kellina M. Craig-Henderson, Ph.D.
Security Models for Object-Oriented Data Bases
James Cannady
Section 6.3 Common Flaws and Security Issues — System Architecture and Design
Common System Design Flaws and Security Issues
William Hugh Murray, CISSP
7 OPERATIONS SECURITY
Section 7.1 Concepts
Operations: The Center of Support and Control
Kevin Henry, CISA, CISSP
Why Today’s Security Technologies Are So Inadequate: History, Implications,
and New Approaches
Steven Hofmeyr, Ph.D.
Information Warfare and the Information Systems Security Professional
Jerry Kovacich
Steps for Providing Microcomputer Security
Douglas B. Hoyt
Protecting the Portable Computing Environment
Phillip Q. Maier
Operations Security and Controls
Patricia A.P. Fisher
Data Center Security: Useful Intranet Security Methods and Tools
John R. Vacca
Section 7.2 Resource Protection Requirements
Physical Access Control
Dan M. Bowers, CISSP
Software Piracy: Issues and Prevention
Roxanne E. Burkey
Section 7.3 Auditing
Auditing the Electronic Commerce Environment
Chris Hare, CISSP, CISA
Section 7.4 Intrusion Detection
Improving Network-Level Security through Real-Time Monitoring and
Intrusion Detection
Chris Hare, CISSP, CISA
Intelligent Intrusion Analysis: How Thinking Machines Can
Recognize Computer Intrusions
Bryan D. Fish, CISSP
How to Trap the Network Intruder
Jeff Flynn
Intrusion Detection: How to Utilize a Still Immature Technology
E. Eugene Schultz and Eugene Spafford
Section 7.5 Operations Controls
Directory Security
Ken Buszta, CISSP
8 BUSINESS CONTINUITY PLANNING
Section 8.1 Business Continuity Planning
Reengineering the Business Continuity Planning Process
Carl B. Jackson, CISSP, CBCP
The Role of Continuity Planning in the Enterprise Risk
Management Structure
Carl B. Jackson, CISSP, CBCP
Business Continuity in the Distributed Environment
Steven P. Craig
The Changing Face of Continuity Planning
Carl Jackson, CISSP, CDCP
Section 8.2 Disaster Recovery Planning
Restoration Component of Business Continuity Planning
John Dorf, ARM and Martin Johnson, CISSP
Business Resumption Planning and Disaster Recovery: A Case History
Kevin Henry, CISA, CISSP
Business Continuity Planning: A Collaborative Approach
Kevin Henry, CISA, CISSP
Section 8.3 Elements of Business Continuity Planning
The Business Impact Assessment Process
Carl B. Jackson, CISSP, CBCP
9 LAW, INVESTIGATION, AND ETHICS
Section 9.1 Information Law
Jurisdictional Issues in Global Transmissions
Ralph Spencer Poore, CISSP, CISA, CFE
Liability for Lax Computer Security in DDoS Attacks
Dorsey Morrow, JD, CISSP
The Final HIPAA Security Rule Is Here! Now What?
Todd Fitzgerald, CISSP, CISA
HIPAA 201: A Framework Approach to HIPAA Security Readiness
David MacLeod, Ph.D., CISSP, Brian Geffert, CISSP, CISA, and David Deckter, CISSP
Internet Gripe Sites: Bally v. Faber
Edward H. Freeman
State Control of Unsolicited E-mail: State of Washington v. Heckel
Edward H. Freeman
The Legal Issues of Disaster Recovery Planning
Tari Schreider
Section 9.2 Investigations
Computer Crime Investigations: Managing a Process without Any Golden Rules
George Wade, CISSP
Operational Forensics
Michael J. Corby, CISSP
Computer Crime Investigation and Computer Forensics
Thomas Welch, CISSP, CPP
What Happened?
Kelly J. Kuchta, CPP, CFE
Section 9.3 Major Categories of Computer Crime
The International Dimensions of Cybercrime
Ed Gabrys, CISSP
Computer Abuse Methods and Detection
Donn B. Parker
Section 9.4 Incident Handling
Honeypot Essentials
Anton Chuvakin, Ph.D., GCIA, GCIH
CIRT: Responding to Attack
Chris Hare, CISSP, CISA
Managing the Response to a Computer Security Incident
Michael Vangelos, CISSP
Cyber-Crime: Response, Investigation, and Prosecution
Thomas Akin, CISSP
Incident Response Exercises
Ken M. Shaurette, CISSP, CISA, CISM, IAM and Thomas J. Schleppenbach
Software Forensics
Robert M. Slade, CISSP
Reporting Security Breaches
James S. Tiller, CISSP
Incident Response Management
Alan B. Sterneckert, CISA, CISSP, CFE, CCCI
Section 9.5 Ethics
Ethics and the Internet
Micki Krause, CISSP
Computer Ethics
Peter S. Tippett
10 PHYSICAL SECURITY
Section 10.1 Facility Requirements
Physical Security: A Foundation for Information Security
Christopher Steinke, CISSP
Physical Security: Controlled Access and Layered Defense
Bruce R. Mathews, CISSP
Computing Facility Physical Security
Alan Brusewitz, CISSP, CBCP
Closed Circuit Television and Video Surveillance
David Litzau, CISSP
Section 10.2 Technical Controls
Types of Information Security Controls
Harold F. Tipton, CISSP
Physical Security
Tom Peltier
Section 10.3 Environment and Life Safety
Physical Security: The Threat after September 11th, 2001
Jaymes Williams, CISSP
Glossary

GET THIS BOOK
Similar Books

0 comments: