Information Security Management Handbook, Volume 6
Editat de Harold F. Tipton, Micki Krause Nozakien Limba Engleză Paperback – 16 noi 2016
Reporting on the latest developments in information security and recent changes to the (ISC)2® CISSP Common Body of Knowledge (CBK®), this volume features new information on advanced persistent threats, HIPAA requirements, social networks, virtualization, and SOA. Its comprehensive coverage touches on all the key areas IT security professionals need to know, including:
- Access Control: Technologies and administration including the requirements of current laws
- Telecommunications and Network Security: Addressing the Internet, intranet, and extranet
- Information Security and Risk Management: Organizational culture, preparing for a security audit, and the risks of social media
- Application Security: Ever-present malware threats and building security into the development process
- Security Architecture and Design: Principles of design including zones of trust
- Cryptography: Elliptic curve cryptosystems, format-preserving encryption
- Operations Security: Event analysis
- Business Continuity and Disaster Recovery Planning: Business continuity in the cloud
- Legal, Regulations, Compliance, and Investigation: Persistent threats and incident response in the virtual realm
- Physical Security: Essential aspects of physical security
| Toate formatele și edițiile | Preț | Express |
|---|---|---|
| Paperback (1) | 354.64 lei 43-57 zile | |
| CRC Press – 16 noi 2016 | 354.64 lei 43-57 zile | |
| Hardback (1) | 1046.79 lei 43-57 zile | |
| CRC Press – 28 mar 2012 | 1046.79 lei 43-57 zile |
Preț: 354.64 lei
Preț vechi: 443.30 lei
-20% Nou
Puncte Express: 532
Preț estimativ în valută:
67.87€ • 70.50$ • 56.38£
67.87€ • 70.50$ • 56.38£
Carte tipărită la comandă
Livrare economică 03-17 februarie 25
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9781138199750
ISBN-10: 1138199753
Pagini: 504
Ilustrații: 93
Dimensiuni: 178 x 254 x 31 mm
Greutate: 0.45 kg
Ediția:Revised
Editura: CRC Press
Colecția Auerbach Publications
Locul publicării:Boca Raton, United States
ISBN-10: 1138199753
Pagini: 504
Ilustrații: 93
Dimensiuni: 178 x 254 x 31 mm
Greutate: 0.45 kg
Ediția:Revised
Editura: CRC Press
Colecția Auerbach Publications
Locul publicării:Boca Raton, United States
V-ar putea interesa
-
Information Security Management Handbook, Volume 2Harold F. Tipton-31%Preț: 680.78 lei985.20 lei -
Information Security Management Handbook, Volume 3Harold F. Tipton-20%Preț: 1034.60 lei1293.24 lei -
Information Security Management Handbook, Volume 5Micki Krause Nozaki-20%Preț: 1049.96 lei1312.45 lei -
Preț: 295.72 lei -
Kostenfalle Messe?Anja Steinrücken-8%Preț: 406.83 lei442.21 lei -
Nur wer sich selbst verbrennt, wird den Menschen ewig wandernde FlammeMagdalena GawlinskiPreț: 383.54 lei -
Der Sarbanes-Oxley Act und Co.Stefanie DormeyerPreț: 317.14 lei -
Eignung mobiler Augmented Reality TechnologienLars FritzschePreț: 381.68 lei -
eHealthAnna KlassenPreț: 317.72 lei -
Treatment in the openRaymond Gard-8%Preț: 475.58 lei516.93 lei -
E-RecruitingKrzywinska ElzbietaPreț: 384.09 lei -
Preț: 133.95 lei -
-23%Preț: 672.42 lei873.27 lei -
Preț: 275.95 lei -
Preț: 129.85 lei -
-19%Preț: 530.55 lei655.00 lei
Cuprins
Access Control. Telecommunications & Network Security. Information Security & Risk Management. Application Security. Cryptography. Security Architecture & Design. Operations Security. Business Continuity Planning & Disaster Recovery Planning. Legal, Regulations, Compliance & Investigation. Physical Security.
Recenzii
DOMAIN 1: ACCESS CONTROL
Access Control Administration
What Business Associates Need to Know About Protected Health Information Under HIPAA and HITECH; Rebecca Herold
DOMAIN 2: TELECOMMUNICATIONS AND NETWORK SECURITY
Internet, Intranet, Extranet Security
E-mail Security; Terence Fernandes
DOMAIN 3: INFORMATION SECURITY AND RISK MANAGEMENT
Security Management Concepts and Principles
Appreciating Organizational Behavior and Institutions to Solidify Your Information Security Program; Robert Pittman
Risk Management
The Information Security Auditors Have Arrived, Now What?; Todd Fitzgerald
Continuous Monitoring: Extremely Valuable to Deploy Within Reason; Foster J. Henderson and Mark A. Podracky
Social Networking; Sandy Bacik
Insider Threat Defense; Sandy Bacik
Risk Management in Public Key Certificate Applications; Alex Golod
Server Virtualization: Information Security Considerations; Thomas A. Johnson
Security Management Planning
Security Requirements Analysis; Sean M. Price
CERT Resilience Management Model: An Overview; Bonnie A. Goins Pilewski and Christopher Pilewski
Managing Bluetooth Security; E. Eugene Schultz, Matthew W. A. Pemble, and Wendy Goucher
Employment Policies and Practices
Slash and Burn: In Times of Recession, Do Not Let Emotions Drive Business Decisions; Seth Kinnett
A "Zero Trust" Model for Security; Ken Shaurette and Thomas J. Schleppenbach
DOMAIN 4: APPLICATION DEVELOPMENT SECURITY
System Development Controls
Application Whitelisting; Georges Jahchan
Design of Information Security for Large System Development Projects; James C. Murphy
Building Application Security Testing into the Software Development Life Cycle; Sandy Bacik
Malicious Code
Twenty-Five (or Forty) Years of Malware History; Robert M. Slade
DOMAIN 5: CRYPTOGRAPHY
Cryptographic Concepts, Methodologies, and Practices
Format Preserving Encryption; Ralph Spencer Poore
Elliptic Curve Cryptosystems; Jeff Stapleton
Pirating the Ultimate Killer APP: Hacking Military Unmanned Aerial Vehicles; Sean P. Mcbride
DOMAIN 6: SECURITY ARCHITECTURE AND DESIGN
Principles of Computer and Network Organizations, Architectures, and Designs
Service-Oriented Architecture; Walter B. Williams
Cloud Security; Terry Komperda
Enterprise Zones of Trust; Sandy Bacik
DOMAIN 7: OPERATIONS SECURITY: OPERATIONS CONTROLS
Complex Event Processing for Automated Security Event Analysis; Rob Shein
Records Management; Sandy Bacik
DOMAIN 8: BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING
Business Continuity Planning
Data Backup Strategies: Traditional Versus Cloud: Carl B. Jackson
DOMAIN 9: LEGAL, REGULATIONS, COMPLIANCE, AND INVESTIGATIONS
Major Categories of Computer Crime
Managing Advanced Persistent Threats; Eugene Schultz and Cuc Du
Incident Handling
Virtualization Forensics; Paul A. Henry
DOMAIN 10: PHYSICAL (ENVIRONMENTAL) SECURITY
Elements of Physical Security
Terrorism: An Overview; Frank Bolz, Kenneth J. Dudonis, and David P. Schulz
Technical Controls
Countermeasure Goals and Strategies; Thomas L. Norman
Index
Access Control Administration
What Business Associates Need to Know About Protected Health Information Under HIPAA and HITECH; Rebecca Herold
DOMAIN 2: TELECOMMUNICATIONS AND NETWORK SECURITY
Internet, Intranet, Extranet Security
E-mail Security; Terence Fernandes
DOMAIN 3: INFORMATION SECURITY AND RISK MANAGEMENT
Security Management Concepts and Principles
Appreciating Organizational Behavior and Institutions to Solidify Your Information Security Program; Robert Pittman
Risk Management
The Information Security Auditors Have Arrived, Now What?; Todd Fitzgerald
Continuous Monitoring: Extremely Valuable to Deploy Within Reason; Foster J. Henderson and Mark A. Podracky
Social Networking; Sandy Bacik
Insider Threat Defense; Sandy Bacik
Risk Management in Public Key Certificate Applications; Alex Golod
Server Virtualization: Information Security Considerations; Thomas A. Johnson
Security Management Planning
Security Requirements Analysis; Sean M. Price
CERT Resilience Management Model: An Overview; Bonnie A. Goins Pilewski and Christopher Pilewski
Managing Bluetooth Security; E. Eugene Schultz, Matthew W. A. Pemble, and Wendy Goucher
Employment Policies and Practices
Slash and Burn: In Times of Recession, Do Not Let Emotions Drive Business Decisions; Seth Kinnett
A "Zero Trust" Model for Security; Ken Shaurette and Thomas J. Schleppenbach
DOMAIN 4: APPLICATION DEVELOPMENT SECURITY
System Development Controls
Application Whitelisting; Georges Jahchan
Design of Information Security for Large System Development Projects; James C. Murphy
Building Application Security Testing into the Software Development Life Cycle; Sandy Bacik
Malicious Code
Twenty-Five (or Forty) Years of Malware History; Robert M. Slade
DOMAIN 5: CRYPTOGRAPHY
Cryptographic Concepts, Methodologies, and Practices
Format Preserving Encryption; Ralph Spencer Poore
Elliptic Curve Cryptosystems; Jeff Stapleton
Pirating the Ultimate Killer APP: Hacking Military Unmanned Aerial Vehicles; Sean P. Mcbride
DOMAIN 6: SECURITY ARCHITECTURE AND DESIGN
Principles of Computer and Network Organizations, Architectures, and Designs
Service-Oriented Architecture; Walter B. Williams
Cloud Security; Terry Komperda
Enterprise Zones of Trust; Sandy Bacik
DOMAIN 7: OPERATIONS SECURITY: OPERATIONS CONTROLS
Complex Event Processing for Automated Security Event Analysis; Rob Shein
Records Management; Sandy Bacik
DOMAIN 8: BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING
Business Continuity Planning
Data Backup Strategies: Traditional Versus Cloud: Carl B. Jackson
DOMAIN 9: LEGAL, REGULATIONS, COMPLIANCE, AND INVESTIGATIONS
Major Categories of Computer Crime
Managing Advanced Persistent Threats; Eugene Schultz and Cuc Du
Incident Handling
Virtualization Forensics; Paul A. Henry
DOMAIN 10: PHYSICAL (ENVIRONMENTAL) SECURITY
Elements of Physical Security
Terrorism: An Overview; Frank Bolz, Kenneth J. Dudonis, and David P. Schulz
Technical Controls
Countermeasure Goals and Strategies; Thomas L. Norman
Index
Notă biografică
About the Editors:
Sadly, Harold F. Tipton passed away on Friday, March 16, 2012. We’re grateful for his many years of friendship and guidance. Hal was instrumental in the creation and development of the information security publishing program at CRC Press.
Hal was an independent consultant and past president of the International Information System Security Certification Consortium (ISC)2. He was the director of Computer Security for Rockwell International Corporation for 15 years. He initiated the Rockwell computer and data security program in 1977 and then continued to administer, develop, enhance, and expand the program to accommodate the control needs produced by technological advances until his retirement from Rockwell in 1994. He was a member of the Information Systems Security Association (ISSA) since 1982, president of the Los Angeles Chapter in 1984, and president of the national organization of ISSA from 1987 to 1989. He was added to the ISSA Hall of Fame and the ISSA Honor Roll in 2000. He received the Computer Security Institute "Lifetime Achievement Award" in 1994 and the (ISC)2 "Hal Tipton Award" in 2001. He was a member of the National Institute for Standards and Technology (NIST) Computer and Telecommunications Security Council and the National Research Council Secure Systems Study Committee (for the National Academy of Science). He received a bachelor of science degree in engineering from the U.S. Naval Academy, a master’s degree in personnel administration from George Washington University, and a certificate in computer science from the University of California, Irvine. He published several papers on information security issues in the Information Security Management Handbook, Data Security Management, Information Systems Security, and the National Academy of Sciences report Computers at Risk.
He was a frequent speaker at all major information security conferences, including the Computer Security Institute, ISSA Annual Working Conference, Computer Security Workshop, MIS Conferences, AIS Security for Space Operations, DOE Computer Security Conference, National Computer Security Conference, IIA Security Conference, EDPAA, UCCEL Security and Audit Users Conference, and Industrial Security Awareness Conference. He conducted and participated in information security seminars for (ISC)2, Frost & Sullivan, UCI, CSULB, System Exchange Seminars, and the Institute for International Research.
Micki Krause Nozaki, CISSP, has held positions in the information security profession for the past 20 years. She was previously the chief information security officer at Pacific Life Insurance Company in Newport Beach, California, where she was accountable for directing their information protection and security program enterprisewide. Micki has held several leadership roles in industry-influential groups including the Information Systems Security Association (ISSA) and the International Information System Security Certification Consortium (ISC)2 and is a longterm advocate for professional security education and certification. In 2003, Krause received industry recognition as a recipient of the "Women of Vision" award given by the Information Security magazine. In 2002, Krause was honored as the second recipient of the Harold F. Tipton Award in recognition of her sustained career excellence and outstanding contributions to the profession. She is a reputed speaker, published author, and coeditor of the Information Security Management Handbook series.
Sadly, Harold F. Tipton passed away on Friday, March 16, 2012. We’re grateful for his many years of friendship and guidance. Hal was instrumental in the creation and development of the information security publishing program at CRC Press.
Hal was an independent consultant and past president of the International Information System Security Certification Consortium (ISC)2. He was the director of Computer Security for Rockwell International Corporation for 15 years. He initiated the Rockwell computer and data security program in 1977 and then continued to administer, develop, enhance, and expand the program to accommodate the control needs produced by technological advances until his retirement from Rockwell in 1994. He was a member of the Information Systems Security Association (ISSA) since 1982, president of the Los Angeles Chapter in 1984, and president of the national organization of ISSA from 1987 to 1989. He was added to the ISSA Hall of Fame and the ISSA Honor Roll in 2000. He received the Computer Security Institute "Lifetime Achievement Award" in 1994 and the (ISC)2 "Hal Tipton Award" in 2001. He was a member of the National Institute for Standards and Technology (NIST) Computer and Telecommunications Security Council and the National Research Council Secure Systems Study Committee (for the National Academy of Science). He received a bachelor of science degree in engineering from the U.S. Naval Academy, a master’s degree in personnel administration from George Washington University, and a certificate in computer science from the University of California, Irvine. He published several papers on information security issues in the Information Security Management Handbook, Data Security Management, Information Systems Security, and the National Academy of Sciences report Computers at Risk.
He was a frequent speaker at all major information security conferences, including the Computer Security Institute, ISSA Annual Working Conference, Computer Security Workshop, MIS Conferences, AIS Security for Space Operations, DOE Computer Security Conference, National Computer Security Conference, IIA Security Conference, EDPAA, UCCEL Security and Audit Users Conference, and Industrial Security Awareness Conference. He conducted and participated in information security seminars for (ISC)2, Frost & Sullivan, UCI, CSULB, System Exchange Seminars, and the Institute for International Research.
Micki Krause Nozaki, CISSP, has held positions in the information security profession for the past 20 years. She was previously the chief information security officer at Pacific Life Insurance Company in Newport Beach, California, where she was accountable for directing their information protection and security program enterprisewide. Micki has held several leadership roles in industry-influential groups including the Information Systems Security Association (ISSA) and the International Information System Security Certification Consortium (ISC)2 and is a longterm advocate for professional security education and certification. In 2003, Krause received industry recognition as a recipient of the "Women of Vision" award given by the Information Security magazine. In 2002, Krause was honored as the second recipient of the Harold F. Tipton Award in recognition of her sustained career excellence and outstanding contributions to the profession. She is a reputed speaker, published author, and coeditor of the Information Security Management Handbook series.
Descriere
This annually updated handbook provides a compilation of the fundamental knowledge, skills, techniques, and tools required by IT security professionals. It covers the CISSP® Common Body of Knowledge (CBK®) that forms the standard on which all IT security programs and certifications are based. Topics covered include access control, physical (environmental) security, cryptography, application security, and operations security. This new edition features the latest developments in information security and the (ISC)2® CISSP CBK, including advanced persistent threats, new HIPAA requirements, social networks, virtualization, and SOA.