Information security management handbook

Considered the gold-standard reference on information security, the Information Security Management Handbook provides an authoritative compilation of the fundamental knowledge, skills, techniques, and tools required of today's IT security professional. Now in its sixth edition, this 3200 page, 4 volume stand-alone reference is organized under the CISSP Common Body of Knowledge domains and has been updated yearly. Each annual update, the latest is Volume 6, reflects the changes to the CBK in response to new laws and evolving technology.

INFORMATION SECURITY AND RISK MANAGEMENTSecurity Management Concepts and PrinciplesChange Control ManagementData ClassificationRisk ManagementPolicies, Standards, Procedures and GuidelinesSecurity Awareness TrainingSecurity Management PlanningEthicsACCESS CONTROLAccess Control TechniquesAccess Control AdministrationIdentification and Authentication TechniquesAccess Control Methodologies and ImplementationMethods of AttackMonitoring and Penetration TestingCRYPTOGRAPHYUse of CryptographyCryptographic Concepts, Methodologies, and PracticesPrivate Key AlgorithmsPublic Key Infrastructure (PKI)System Architecture for Implementing Cryptographic FunctionsMethods of AttackPHYSICAL (ENVIRONMENTAL) SECURITYElements of Physical SecurityTechnical ControlsEnvironment and Life SafetySECURITY ARCHITECTURE AND DESIGNPrinciples of Computer and Network Organizations, Architectures, and DesignsPrinciples of Security Models, Architectures and Evaluation CriteriaCommon Flaws and Security Issues: System Architecture and DesignBUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY PLANNINGBusiness Continuity PlanningDisaster Recovery PlanningElements of Business Continuity PlanningTELECOMMUNICATIONS AND NETWORK SECURITYCommunications and Network SecurityInternet, Intranet, Extranet SecurityE-mail SecuritySecure Voice CommunicationsNetwork Attacks and CountermeasuresAPPLICATION SECURITYApplication IssuesDatabases and Data WarehousingSystems Development ControlsMethods of AttackOPERATIONS SECURITYConceptsResource Protection RequirementsAuditingLAW, COMPLIANCE AND INVESTIGATIONSInformation LawInvestigationsMajor Categories of Computer CrimeIncident HandlingGlossary

A compilation of the fundamental knowledge, skills, techniques, and tools require by all security professionals, Information Security Handbook, Sixth Edition sets the standard on which all IT security programs and certifications are based. Considered the gold-standard reference of Information Security, Volume 2 includes coverage of each domain of the Common Body of Knowledge, the standard of knowledge required by IT security professionals worldwide. In step with the lightening-quick, increasingly fast pace of change in the technology field, this book is updated annually, keeping IT professionals updated and current in their field and on the job.

Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Applications and Systems Development Security. Cryptography. Security Architecture and Models. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigations, and Ethics.

Every year, in response to advancements in technology and new laws in different countries and regions, there are many changes and updates to the body of knowledge required of IT security professionals. Updated annually to keep up with the increasingly fast pace of change in the field, the Information Security Management Handbook is the single most comprehensive and up-to-date resource on information security and assurance. Providing an up-to-date compilation of the fundamental skills, techniques, tools, and understanding required of IT security professionals, the Information Security Management Handbook, Sixth Edition, Volume 4 reflects the latest changes to information security and the CISSP (R) Common Body of Knowledge (CBK (R)). This edition updates the benchmark Volume 1 with a wealth of new information on mobile device security, adaptive threat defense, Web 2.0, virtualization, data leakage, and governance. New material also addresses risk management, business continuity planning, disaster recovery planning, and cryptography. As the risks that threaten the security of our systems continue to evolve, it is imperative that those charged with protecting that information stay ahead of the curve. Also available in a fully searchable CD-ROM format, this comprehensive resource provides the up-to-date understanding required to keep you abreast of the latest developments, new vulnerabilities, and possible threats.

Access Control. Access Control Techniques. Access Control Administration. Methods of Attack. Telecommunications & Network Security. Communications & Network Security. Internet, Intranet, Extranet Security. Network Attacks & Countermeasures. Information Security & Risk Management. Security Management Concepts & Principles. Policies, Standards, Procedures & Guidelines. Risk Management. Security Management Planning. Employment Policies & Practices. Application Security. Application Issues. System Development Controls. Malicious Code. Methods of Attack. Cryptography. Crypto Concepts, Methodologies & Practices. Security Architecture & Design. Principles of Computer & Network Organizations, Architectures & Designs. Operations Security. Operations Controls. Resource Protection Requirements. Business Continuity Planning & Disaster Recovery Planning. Business Continuity Planning. Disaster Recovery Planning. Legal, Regulations, Compliance & Investigation. Information Law. Major Categories of Computer Crime. Incident Handling. Physical Security. Elements of Physical Security.