Information Security Management Handbook, Volume 6

Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 6 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2® CISSP Common Body of Knowledge (CBK®), this volume features new information on advanced persistent threats, HIPAA requirements, social networks, virtualization, and SOA. Its comprehensive coverage touches on all the key areas IT security professionals need to know, including: Access Control: Technologies and administration including the requirements of current laws Telecommunications and Network Security: Addressing the Internet, intranet, and extranet Information Security and Risk Management: Organizational culture, preparing for a security audit, and the risks of social media Application Security: Ever-present malware threats and building security into the development process Security Architecture and Design: Principles of design including zones of trust Cryptography: Elliptic curve cryptosystems, format-preserving encryption Operations Security: Event analysis Business Continuity and Disaster Recovery Planning: Business continuity in the cloud Legal, Regulations, Compliance, and Investigation: Persistent threats and incident response in the virtual realm Physical Security: Essential aspects of physical security The ubiquitous nature of computers and networks will always provide the opportunity and means to do harm. This edition updates its popular predecessors with the information you need to address the vulnerabilities created by recent innovations such as cloud computing, mobile banking, digital wallets, and near-field communications. This handbook is also available on CD.

Table of Contents:
Access Control. Telecommunications & Network Security. Information Security & Risk Management. Application Security. Cryptography. Security Architecture & Design. Operations Security. Business Continuity Planning & Disaster Recovery Planning. Legal, Regulations, Compliance & Investigation. Physical Security.

About the Author :
Harold F. Tipton is with HFT Associates in Villa Park, California. Micki Krause Nozaki is with Pacific Life Insurance Company in Newport Beach, California.

Review :
DOMAIN 1: ACCESS CONTROL Access Control AdministrationWhat Business Associates Need to Know About Protected Health Information Under HIPAA and HITECH; Rebecca Herold DOMAIN 2: TELECOMMUNICATIONS AND NETWORK SECURITY Internet, Intranet, Extranet SecurityE-mail Security; Terence Fernandes DOMAIN 3: INFORMATION SECURITY AND RISK MANAGEMENT Security Management Concepts and PrinciplesAppreciating Organizational Behavior and Institutions to Solidify Your Information Security Program; Robert Pittman Risk ManagementThe Information Security Auditors Have Arrived, Now What?; Todd FitzgeraldContinuous Monitoring: Extremely Valuable to Deploy Within Reason; Foster J. Henderson and Mark A. PodrackySocial Networking; Sandy BacikInsider Threat Defense; Sandy BacikRisk Management in Public Key Certificate Applications; Alex GolodServer Virtualization: Information Security Considerations; Thomas A. Johnson Security Management PlanningSecurity Requirements Analysis; Sean M. PriceCERT Resilience Management Model: An Overview; Bonnie A. Goins Pilewski and Christopher PilewskiManaging Bluetooth Security; E. Eugene Schultz, Matthew W. A. Pemble, and Wendy Goucher Employment Policies and PracticesSlash and Burn: In Times of Recession, Do Not Let Emotions Drive Business Decisions; Seth KinnettA "Zero Trust" Model for Security; Ken Shaurette and Thomas J. Schleppenbach DOMAIN 4: APPLICATION DEVELOPMENT SECURITY System Development ControlsApplication Whitelisting; Georges JahchanDesign of Information Security for Large System Development Projects; James C. MurphyBuilding Application Security Testing into the Software Development Life Cycle; Sandy Bacik Malicious CodeTwenty-Five (or Forty) Years of Malware History; Robert M. Slade DOMAIN 5: CRYPTOGRAPHY Cryptographic Concepts, Methodologies, and PracticesFormat Preserving Encryption; Ralph Spencer PooreElliptic Curve Cryptosystems; Jeff StapletonPirating the Ultimate Killer APP: Hacking Military Unmanned Aerial Vehicles; Sean P. Mcbride DOMAIN 6: SECURITY ARCHITECTURE AND DESIGN Principles of Computer and Network Organizations, Architectures, and DesignsService-Oriented Architecture; Walter B. WilliamsCloud Security; Terry KomperdaEnterprise Zones of Trust; Sandy Bacik DOMAIN 7: OPERATIONS SECURITY: OPERATIONS CONTROLS Complex Event Processing for Automated Security Event Analysis; Rob SheinRecords Management; Sandy Bacik DOMAIN 8: BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Business Continuity PlanningData Backup Strategies: Traditional Versus Cloud: Carl B. Jackson DOMAIN 9: LEGAL, REGULATIONS, COMPLIANCE, AND INVESTIGATIONS Major Categories of Computer CrimeManaging Advanced Persistent Threats; Eugene Schultz and Cuc Du Incident HandlingVirtualization Forensics; Paul A. Henry DOMAIN 10: PHYSICAL (ENVIRONMENTAL) SECURITY Elements of Physical SecurityTerrorism: An Overview; Frank Bolz, Kenneth J. Dudonis, and David P. Schulz Technical ControlsCountermeasure Goals and Strategies; Thomas L. NormanIndex