default search action
Information Security Management Handbook, Sixth Edition 2007
- Harold F. Tipton, Micki Krause:
Information security management handbook, Sixth Edition. Auerbach Publ./CRC Press 2007, ISBN 978-0-8493-7495-1, pp. I-XLVI, 1-3231
Domain I - Information Security and Risk Management
- Micki Krause:
Bits to Bytes to Boardroom. 9-14 - Todd Fitzgerald:
Information Security Governance. 15-34 - David C. Krehnke:
Corporate Governance. 35-44 - David C. Krehnke:
IT Governance Institute (ITGI) Overview. 45-50 - Kenneth J. Knapp, Thomas E. Marshall:
Top Management Support Essential for Effective Information Security. 51-58 - Bonnie A. Goins:
Managing Security by the Standards. 59-66 - Craig A. Schiller:
Information Security for Mergers and Acquisitions. 67-88 - Ralph Spencer Poore:
Information Security Governance. 89-94 - Jeffrey Davis:
Belts and Suspenders. 95-104 - Todd Fitzgerald:
Building Management Commitment through Security Councils, or Security Council Critical Success Factors. 105-122 - Jeff Misrahi:
Validating Your Business Partners. 123-132 - Carl F. Endorf:
Measuring ROI on Security. 133-138 - Kevin Henry:
The Human Side of Information Security. 139-154 - Ken Buszta:
Security Management. 155-164 - Chris Hare:
It Is All about Control. 165-177 - Lynda L. McGhie:
Patch Management 101. 179-184 - Felicia M. Nicastro:
Security Patch Management. 185-200 - Mollie E. Krehnke:
Configuration Management. 201-220 - Jim Appleyard:
Information Classification. 221-241 - William Hugh Murray:
Ownership and Custody of Data. 243-250 - Samantha Thomas Cruz:
Information Security Risk Assessment. 251-258 - Sean M. Price:
Developing and Conducting a Security Test and Evaluation. 259-260 - George G. McBride:
Enterprise Security Management Program. 261-270 - Ken M. Shaurette:
Technology Convergence and Security. 271-280 - Carl B. Jackson, Mark Carey:
The Role of Information Security in the Enterprise Risk Management Structure. 281-294 - Ray Kaplan:
A Matter of Trust. 295-310 - Daniel D. Houser:
Trust Governance in a Web Services World. 311-320 - Kevin Henry:
Risk Management and Analysis. 321-330 - Brett Regan Young:
New Trends in Information Risk Management. 331-338 - Carol A. Siegel, Ty R. Sagalow, Paul Serritella:
Cyber-Risk Management. 339-354 - Mignona Cote:
Committee of Sponsoring Organizations (COSO). 355-366 - John O. Wylder:
Toward Enforcing Security Policy. 367-376 - Patrick D. Howard:
The Security Policy Life Cycle. 377-388 - Felicia M. Nicastro:
People, Processes, and Technology. 389-400 - Rebecca Herold:
Building an Effective Privacy Program. 401-414 - Stephen D. Fried:
Establishing an E-Mail Retention Policy. 415-426 - Todd Fitzgerald:
Ten Steps to Effective Web-Based Security Policy Development and Distribution. 427-442 - Carl Burney:
Roles and Responsibilities of the Information Systems Security Officer. 443-450 - Jeffrey H. Fenton, James M. Wolfe:
Organizing for Success. 451-464 - Brian Shorten:
Information Security Policies from the Ground Up. 465-474 - Chris Hare:
Policy Development. 475-498 - Rebecca Herold:
Training Your Employees to Identify Potential Fraud and How to Encourage Them to Come Forward. 499-519 - Samuel W. Chun:
Change That Attitude. 521-530 - William Tompkins:
Maintaining Management's Commitment. 531-540 - Susan D. Hansche:
Making Security Awareness Happen. 541-554 - Stan Stahl:
Beyond Information Security Awareness Training. 555-565 - Jeffrey Davis:
Overview of an IT Corporate Security Organization. 567-578 - Ken M. Shaurette:
Make Security Part of Your Company's DNA. 579-590 - Lynda L. McGhie:
Building an Effective and Winning. 591-606 - Stephen D. Fried:
When Trust Goes Beyond the Border. 607-618 - Thomas J. Bray:
Maintaining Information Security during Downsizing. 619-624 - Sanford Sherizen:
The Business Case for Information Security. 625-630 - Laurie Hill McQuillan:
How to Work with a Managed Security Service Provider. 631-642 - Michael J. Corby:
Considerations for Outsourcing Security. 643-658 - Janice C. Sipior, Burke T. Ward, Georgina R. Roselli:
The Ethical and Legal Concerns of Spyware. 659-671 - Micki Krause:
Ethics and the Internet. 673-684 - Peter S. Tippett:
Computer Ethics. 685-696
Domain II - Access Control
- Ben Rothke:
A Look at RFID Security. 701-706 - Tara Chand:
New Emerging Information Security Technologies and Solutions. 707-738 - Mollie E. Krehnke:
Sensitive or Critical Data Access Controls. 739-750 - Ian Clark:
An Introduction to Role-Based Access Control. 751-764 - James S. Tiller:
Smart Cards. 765-774 - Joseph T. Hootman:
A Guide to Evaluating Tokens. 775-784 - Chris Hare:
Controlling FTP. 785-801 - Franjo Majstor:
End Node Security and Network Access Management. 803-822 - Lynda L. McGhie:
Identity Management. 823-842 - Daniel D. Houser:
Blended Threat Analysis. 843-867 - Stephen D. Fried:
Enhancing Security through Biometric Technology. 869-886 - Ross A. Leo:
Single Sign-On for the Enterprise. 887-906 - Bill Stackpole:
Centralized Authentication Services (Radius, Tacacs, Diameter). 909-922 - Christina M. Bird:
An Introduction to Secure Remote Access. 923-934 - Ed Skoudis:
Hacker Tools and Techniques. 935-950 - Ed Skoudis:
A New Breed of Hacker Tools and Defenses. 951-964 - Ed Skoudis:
Hacker Attacks and Defenses. 965-976 - Craig A. Schiller:
Counter-Economic Espionage. 977-992 - Gildas A. Deograt-Lumy, Roy Naldo:
Insight into Intrusion Prevention Systems. 993-1004 - Stephen D. Fried:
Penetration Testing. 1005-1017
Domain III - Auditing Cryptography
- Steve Stanek:
Auditing Cryptography. 1023-1027 - Ralph Spencer Poore:
Cryptographic Transitions. 1029-1038 - Sasan Hamidi:
Blind Detection of Steganographic Content in Digital Images Using Cellular Automata. 1039-1044 - Ben Rothke:
An Overview of Quantum Cryptography. 1045-1058 - Paul Lambert:
Elliptic Curve Cryptography. 1059-1066 - Ralph Spencer Poore:
Cryptographic Key Management Concepts. 1067-1078 - James S. Tiller:
Message Authentication. 1079-1094 - Ronald A. Gove:
Fundamentals of Cryptography and Encryption. 1095-1114 - Mark Edmead:
Steganography. 1115-1120 - Javek Ikbal:
An Introduction to Cryptography. 1121-1140 - Keith Pasley:
Hash Algorithms. 1141-1150 - Ben Rothke:
A Look at the Advanced Encryption Standard (AES). 1151-1158 - William Hugh Murray:
Principles and Applications of Cryptographic Key Management. 1159-1173 - Geoffrey C. Grabow:
Preserving Public Key Hierarchy. 1175-1182 - Alex Golod:
PKI Registration. 1183-1195 - Joe Kovara, Ray Kaplan:
Implementing Kerberos in Distributed Systems. 1197-1253 - Joost Houwen:
Methods of Attacking and Defending Cryptosystems. 1255-1269
Domain IV - Physical (Environmental) Security
- R. Scott McCoy:
Perimeter Security. 1275-1288 - Kevin Henry:
Melding Physical Security and Traditional Information Systems Security. 1289-1292 - Gerald Bowman:
Physical Security for Mission-Critical Facilities and Data. 1293-1316 - Christopher Steinke:
Physical Security. 1317-1326 - Bruce R. Matthews:
Physical Security. 1327-1338 - Alan Brusewitz:
Computing FacilityPhysical Security. 1339-1348 - David A. Litzau:
Closed-Circuit Television and Video Surveillance. 1349-1356 - Harold F. Tipton:
Types of Information Security Controls. 1357 - George Richards:
Workplace Violence. 1367-1372 - Jaymes Williams:
Physical Security. 1373-1392
Domain V - Security Architecture and Design
- Bonnie A. Goins:
Enterprise Assurance. 1397-1402 - Christopher A. Pilewski, Bonnie A. Goins:
Creating a Secure Architecture. 1403-1412 - Matthew J. Decker:
Common Models for. 1413-1430 - Chris Hare:
The Reality of Virtual Computing. 1431-1449 - Mollie E. Krehnke, David C. Krehnke:
Formulating an Enterprise Information Security Architecture. 1451-1468 - Foster J. Henderson, Kellina M. Craig-Henderson:
Security Architecture and Models. 1469-1486 - Debra S. Herrmann:
The Common Criteria for IT Security Evaluation. 1487-1500 - William Hugh Murray:
Common System Design Flaws and Security Issues. 1501-1509
Domain VI - Business Continuity Planning and Disaster Recovery Planning
- Carl B. Jackson:
Developing Realistic Continuity Planning Process Metrics. 1515-1528 - Ken Doughty:
Building Maintenance Processes for Business Continuity Plans. 1529-1540 - Bonnie A. Goins:
Identifying Critical Business Functions. 1541-1548 - Ken Doughty:
Selecting the Right Business Continuity Strategy. 1549-1556 - Timothy R. Stacey:
Contingency Planning Best Practices and Program Maturity. 1557-1572 - Carl B. Jackson:
Reengineering the Business Continuity Planning Process. 1573-1586 - Carl B. Jackson:
The Role of Continuity Planning in the Enterprise Risk Management Structure. 1587-1599 - Ken M. Shaurette, Thomas J. Schleppenbach:
Contingency at a Glance. 1601-1610 - Carl B. Jackson:
The Business Impact Assessment Process and the Importance of Using Business Process Mapping. 1611-1628 - James S. Mitts:
Testing Business Continuity and Disaster Recovery Plans. 1629-1644 - John Dorf, Martin Johnson:
Restoration Component of Business Continuity Planning. 1645-1654 - Kevin Henry:
Business Resumption Planning and Disaster Recovery. 1655-1664 - Kevin Henry:
Business Continuity Planning. 1665-1674 - Carl B. Jackson:
The Business Impact Assessment Process. 1675-1691
Domain VII - Telecommunications and Network Security
- Robby Fussell:
Network Security Utilizing an Adaptable Protocol Framework. 1699-1708 - Samuel W. Chun:
The Five W's and Designing a Secure, Identity-Based, Self-Defending Network (5W Network). 1709-1720 - Robby Fussell:
Maintaining Network Security. 1721-1730 - William A. Yarberry Jr.:
PBX Firewalls. 1731-1738 - Bonnie A. Goins, Christopher A. Pilewski:
Network Security Overview. 1739-1750 - Chris Hare:
Putting Security in the Transport. 1751-1760 - Franjo Majstor:
WLAN Security Update. 1761-1776 - Chris Hare:
Understanding SSL. 1777-1790 - James S. Tiller, Bryan D. Fish:
Packet Sniffers and Network Monitors. 1791-1810 - Steven F. Blanding:
Secured Connections to External Networks. 1811-1826 - Chris Hare:
Security and Network Technologies. 1827-1846 - James Trulove:
Wired and Wireless Physical Layer Security Issues. 1847-1854 - Steven F. Blanding:
Network Router Security. 1855-1866 - Chris Hare:
What's Not So Simple about SNMP? 1867-1878 - Samuel W. Chun:
Network and Telecommunications Media. 1879-1894 - Matthew J. Decker:
Security and the Physical Network Layer. 1895-1902 - Frandinata Halim, Gildas A. Deograt-Lumy:
Wireless LAN Security Challenge. 1903-1916 - George G. McBride:
ISO/OSI and TCP/IP Network Model Characteristics. 1917-1928 - Anthony Bruno:
VoIP Security Issues. 1929-1940 - Paul A. Henry:
An Examination of Firewall Architectures. 1941-1996 - Bill Lipiczky:
Voice over WLAN. 1997-2006 - Al Bredenberg:
Spam Wars. 2007-2012 - Lynda L. McGhie:
Secure Web Services. 2013-2024 - James S. Tiller:
IPSec Virtual Private Networks. 2025-2050 - Douglas G. Conorich:
Internet Security. 2051-2060 - Bill Stackpole:
Application-Layer Security Protocols for Networks. 2061-2072 - Keith Pasley:
Application Layer. 2073-2082 - William Hugh Murray:
Security of Communication Protocols and Services. 2083-2092 - Bill Stackpole:
An Introduction to IPSec. 2093-2102 - Keith Pasley:
VPN Deployment and Evaluation Strategy. 2103-2122 - Per Thorsheim:
Comparing Firewall Technologies. 2123-2132 - William T. Harding, Anita J. Reed, Robert L. Gray:
Cookies and Web Bugs. 2133-2142 - James Trulove:
Security for Broadband Internet Access Users. 2143-2149 - William Hugh Murray:
Instant Messaging Security Issues. 2151-2168 - Chris Hare:
Voice Security. 2169-2180 - Valene Skerpac:
Secure Voice Communications (VoI). 2181-2194 - Anderson Ramos:
Deep Packet Inspection Technologies. 2195-2202 - Christopher A. Pilewski:
Wireless Penetration Testing. 2203-2212 - William A. Yarberry:
Auditing the Telephony System. 2213-2228 - Micah Silverman:
Insecurity by Proxy. 2229-2232 - Charles R. Hudson, Chris R. Cunningham:
Wireless Security. 2233-2242 - Steve A. Rodgers:
Packet Sniffers. 2243-2252 - K. Narayanaswamy:
ISPs and Denial-of-Service Attacks. 2253-2261
Domain VIII - Application Security
- Stephen D. Fried:
Application Service Provider Security. 2267-2288 - Jonathan S. Held:
Stack-Based Buffer Overflows. 2289-2300 - Mandy Andress:
Web Application Security. 2301-2310 - William Hugh Murray:
Security for XML and Other Metadata Languages. 2311-2318 - Samuel C. McClintock:
XML and Information Security. 2319-2326 - Walter S. Kobus:
Application Security. 2327-2334 - Anton Chuvakin:
Covert Channels. 2335-2342 - Lowell Bruce McCulley:
Security as a Value Enhancer in Application Systems Development. 2343-2360 - Ed Skoudis:
Open Source versus Closed Source. 2361-2380 - Ben Rothke:
A Look at Java Security. 2381-2386 - William Hugh Murray:
Reflections on Database Integrity. 2387-2394 - Mike R. Prevost:
Digital Signatures in Relational Database Applications. 2395-2404 - David Bonewell, Karen Gibbs, Adriaan Veldhuisen:
Security and Privacy for Data Warehouses. 2405-2423 - George G. McBride:
Building and Assessing Security in the Software Development Lifecycle. 2425-2436 - Sean M. Price:
Avoiding Buffer Overflow Attacks. 2437-2448 - Kevin Henry:
Secure Development Life Cycle. 2449-2456 - Ian Lim, Ioana V. Bazavan:
System Development Security Methodology. 2457-2474 - Matt Nelson:
Software Engineering Institute Capability Maturity Model. 2475-2490 - William Hugh Murray:
Enterprise Security Architecture. 2491-2502 - Mollie E. Krehnke, David C. Krehnke:
Certification and Accreditation Methodology. 2503-2520 - Ian Lim, Ioana V. Bazavan:
System Development Security Methodology. 2521-2536 - David C. Rice, Graham Bucholz:
Methods of Auditing Applications. 2537-2545 - Georges J. Jahchan:
Hacking Methods. 2547-2556 - Ron Moritz:
Enabling Safer Deployment of Internet Mobile Code Technologies. 2557-2567
Domain IX - Operations Security
- Sasan Hamidi:
Security Considerations in Distributed Computing. 2573-2578 - Man Nguyen, Bill Stackpole:
Managing Unmanaged Systems. 2579-2596 - Franjo Majstor:
Storage Area Networks Security Protocols and Mechanisms. 2597-2614 - Kevin Henry:
Operations. 2615-2622 - Steven A. Hofmeyr:
Why Today. 2623-2628 - Patricia A. P. Fisher:
Operations Security and Controls. 2629-2639 - Robert M. Slade:
The Nebulous Zero Day. 2641-2644 - Gilbert Held:
Understanding Service Level Agreements. 2645-2650 - Dan M. Bowers:
Physical Access Control. 2651-2668 - Chris Hare:
Auditing the Electronic Commerce Environment. 2669-2687
Domain X - Law, Compliance and Investigations
- Bonnie A. Goins:
Sarbanes-Oxley Compliance. 2693-2702 - Lynda L. McGhie:
Health Insurance Portability and Accountability Act Security Rule. 2703-2706 - Ralph Spencer Poore:
Jurisdictional Issues in Global Transmissions. 2707-2724 - Stan Stahl, Robert Braun:
An Emerging Information Security Minimum Standard of Due Care. 2725-2744 - Lee Imrey:
ISPs and Accountability. 2745-2760 - Michael J. Corby:
The Case for Privacy. 2761-2766 - Dorsey W. Morrow:
Liability for Lax Computer Security in DDoS Attacks. 2767-2771 - Michael J. Corby:
Operational Forensics. 2773-2780 - Thomas Welch:
Computer Crime Investigation and Computer Forensics. 2781-2812 - Kelly J. Kuchta:
What Happened? 2813-2816 - Chris Hare:
Potential Cyber Terrorist Attacks. 2818-2830 - Ed Skoudis:
The Evolution of the Sploit. 2831-2844 - Christopher A. Pilewski:
Computer Crime. 2845-2852 - Stephen D. Fried:
Phishing. 2853-2872 - Gerald L. Kovacich, Andy Jones, Perry G. Luzwick:
It's All About Power. 2873-2895 - Marcus K. Rogers:
Social Engineering. 2898-2910 - Rebecca Herold:
Privacy Breach Incident Response. 2911-2928 - Glenn Cater:
Security Event Management. 2929-2944 - Marcus K. Rogers:
DCSA. 2945-2960 - Larry R. Leibrock:
What a Computer Security Professional Needs to Know about E-Discovery and Digital Forensics. 2961-2966 - Carol Stucki:
How To Begin A Non-Liturgical Forensic Examination. 2967-2982 - Anton Chuvakin:
Honeypot Essentials. 2983-2988 - Michael Vangelos:
Managing the Response to a Computer Security Incident. 2989-3000 - Thomas Akin:
Cyber-Crime. 3001-3008 - Glossary. 3009-3150
manage site settings
To protect your privacy, all features that rely on external API calls from your browser are turned off by default. You need to opt-in for them to become active. All settings here will be stored as cookies with your web browser. For more information see our F.A.Q.