About the Book
As the recognized leader in the field of information security education and certification, the (ISC)2® promotes the development of information security professionals around the world. The Certified Information Systems Security Professional-Information Systems Security Management Professional (CISSP-ISSMP®) examination assesses individuals’ understanding of security management practices. Obtaining certification validates your ability to create and implement effective information security management programs that meet the security needs of today’s organizations.
Preparing professionals for certification and job readiness, the Official (ISC)2® Guide to the ISSMP® CBK® supplies a complete overview of the management topics related to information security. It provides for an expanded enterprise model of security and management that delves into project management, risk management, and continuity planning. Facilitating the mastery of the five ISSEP domains required for certification, the book includes authoritative coverage of enterprise security management, enterprise-wide system development, compliance of operations security, business continuity planning, disaster recovery planning, as well as legal and ethical considerations.
Presents a complete overview of the managerial elements related to information security
Examines a larger enterprise model of security and management
Provides an all-inclusive analysis of the five domains of the CISSP-ISSMP CBK—including sample questions for each domain
Representing over a century of combined experience working at the forefront of information security, the editor and distinguished team of contributors provide unprecedented coverage of the things you need to know to achieve certification. This book will not only help you prepare for the CISSP-ISSMP certification exam, but also provide you with a solid foundation to enhance your career path—whether you’re a seasoned security veteran or just starting out.
Table of Contents:
Enterprise Security Management Practices; James Litchko
Enterprise-Wide Systems Development Security; Maura Van Der Linden
Overseeing Compliance of Security Operations; Keith D. Willett
Understanding Business Continuity Planning (BCP), Disaster Recovery Planning (DRP), and Continuity of Operations Planning (COOP); Cheryl Hennell
Law Investigation, Forensics, and Ethics; Craig Steven Wright
Appendix: Answers to Review Questions
About the Author :
About the Editor:
Hal Tipton, currently an independent consultant, is a past president of the International Information System Security Certification Consortium and was a director of computer security for Rockwell International Corporation for about 15 years. He initiated the Rockwell computer and data security program in 1977 and then continued to administer, develop, enhance, and expand the program to accommodate the control needs produced by technological advances until his retirement from Rockwell in 1994.
Tipton has been a member of the Information Systems Security Association (ISSA) since 1982. He was the president of the Los Angeles chapter in 1984 and the president of the national organization of ISSA (1987–1989). He was added to the ISSA Hall of Fame and the ISSA Honor Role in 2000.
Tipton was a member of the National Institute for Standards and Technology (NIST), the Computer and Telecommunications Security Council, and the National Research Council Secure Systems Study Committee (for the National Academy of Sciences). He received his BS in engineering from the U.S. Naval Academy and his MA in personnel administration from George Washington University; he also received his certificate in computer science from the University of California at Irvine. He is a certified information system security professional (CISSP), ISSAP, and ISSMP.
He has been a speaker at all the major information security conferences including the following: Computer Security Institute, the ISSA Annual Working Conference, the Computer Security Workshop, MIS Conferences, AIS Security for Space Operations, DOE Computer Security Conference, National Computer Security Conference, IIA Security Conference, EDPAA, UCCEL Security & Audit Users Conference, and Industrial Security Awareness Conference.
He has conducted/participated in information security seminars for (ISC)2, Frost & Sullivan, UCI, CSULB, System Exchange Seminars, and the Institute for International Research. He participated in the Ernst & Young video "Protecting Information Assets." He is currently the editor of the Handbook of Information Security Management (Auerbach Publications). He chairs the (ISC)2 CBK Committees and the QA Committee. He received the Computer Security Institute’s Lifetime Achievement Award in 1994, the (ISC)2’s Hal Tipton Award in 2001, and the (ISC)2 Founders Award in 2009.
About the Contributors:
James Litchko, CISSP-ISSEP, CAP, MBCI, CMAS, Senior Security Expert, Litchko & Associates. Mr. Litchko has worked as a security and management expert for over 30 years. He has been an executive with five organizations and supervised and supported the securing of over 200 military, government, and commercial IT systems. Since 2008, he supported the securing of IT systems at DHS, DOE, VHA, NASA, EPA, USAF, DOJ, and FEMA. Jim created and taught the first graduate IT security course at Johns Hopkins University (JHU) and was a manager at NSA. Jim holds a masters degree from JHU and has authored five books on security and management topics.
Craig S. Wright, CISSP-ISSAP, ISSMP, is a director with Information Defense in Australia. He holds both the GSE-Malware and GSE-Compliance certifications from GIAC. He is a perpetual student with numerous postgraduate degrees including an LLM specializing in international commercial law and ecommerce law, a masters degree in mathematical statistics from Newcastle, and is working on his fourth IT-focused masters degree (in system development) at Charles Stuart University, Australia, where he lectures on subjects in digital forensics. He is writing his second doctorate on the quantification of information system risk at CSU.
Cheryl Hennell, EdD, MSc, CISSP, SBCI, has worked in the IT industry for 40 years. Her employment includes systems development for the Ministry of Defence, systems analysis for the Civil Service, European Consultancy for a blue chip organization, and 20 years as a senior university lecturer. She is currently head of IT and information assurance for Openreach, BT. She earned her master’s in information systems design from Kingston University, London, and her doctorate from the University of Southampton, UK, and is a specialist in the Business Continuity Institute, UK. She is also an ambassador for Childnet. Cheryl was the course director for the first digital forensics degree in the UK, which she created and delivered for the University of Portsmouth. She has been an invited speaker at international conferences in Europe, the Middle East, and Africa. Her subjects include information assurance, audit, risk and governance, physical security, and business continuity and disaster recovery.
Maura van der Linden spent over a decade in software testing at Microsoft Corporation with a specialization in security testing, including working in the Security Technology Unit on the Malware Response Team. After serving as a technical reviewer for MSDN Magazine, she wrote her first article on SQL injection testing for MSDN Magazine. She then wrote her first book, Testing Code Security, Auerbach, Boca Raton, FL, in order to teach other testers the need for and intricacy of security testing. Though now working as a programming writer, she maintains her close ties to the test and security communities.
Keith Willet, CISSP-ISSAP, has over 25 years experience in information technology spanning academia and commercial, local, and national governments. Mr. Willett has a BS in computer science from Towson University, Maryland, an MS in business from the University of Baltimore, Maryland, and an MSIA from Norwich University, Vermont, and he holds the CISSP and ISSAP designations from (ISC)2. Willett is the author of Information Assurance Architecture and coauthor of How to Achieve 27001 Certification, both published by Auerbach. When not working, Mr. Willet enjoys world travel, cuisine, and wine, and has enjoyed all in over 125 cities across 30 countries.
