Information Security Management Handbook on CD-ROM, 2006 Edition

Information Security Management Handbook on CD-ROM, 2006 Edition

The multi-volume set of the Information Security Management Handbook is now available on CD-ROM. Containing the complete contents of the set, readers get a resource that is portable, linked and searchable by keyword, and organized under the Common Body of Knowledge (CBK) domains. In addition to an e...

Mô tả đầy đủ

Đã lưu trong:
Chi tiết về thư mục
Những tác giả chính: F Tipton, Harold, Krause, Micki
Định dạng: Sách
Ngôn ngữ:English
Được phát hành: CRC Press 2009
Truy cập trực tuyến:https://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1441
Các nhãn: Thêm thẻ
Không có thẻ, Là người đầu tiên thẻ bản ghi này!
Thư viện lưu trữ: Thư viện Trường Đại học Đà Lạt
id oai:scholar.dlu.edu.vn:DLU123456789-1441
record_format dspace
institution Thư viện Trường Đại học Đà Lạt
collection Thư viện số
language English
description The multi-volume set of the Information Security Management Handbook is now available on CD-ROM. Containing the complete contents of the set, readers get a resource that is portable, linked and searchable by keyword, and organized under the Common Body of Knowledge (CBK) domains. In addition to an electronic version of the most comprehensive resource for information security management, this CD-ROM contains an extra volume's worth of information that readers will not find anywhere else, including chapters from other security and networking books that have never appeared in the print editions. Exportable text and hard copies are available at the click of a mouse.
format Book
author F Tipton, Harold
Krause, Micki
spellingShingle F Tipton, Harold
Krause, Micki
Information Security Management Handbook on CD-ROM, 2006 Edition
author_facet F Tipton, Harold
Krause, Micki
author_sort F Tipton, Harold
title Information Security Management Handbook on CD-ROM, 2006 Edition
title_short Information Security Management Handbook on CD-ROM, 2006 Edition
title_full Information Security Management Handbook on CD-ROM, 2006 Edition
title_fullStr Information Security Management Handbook on CD-ROM, 2006 Edition
title_full_unstemmed Information Security Management Handbook on CD-ROM, 2006 Edition
title_sort information security management handbook on cd-rom, 2006 edition
publisher CRC Press
publishDate 2009
url https://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1441
_version_ 1819778505778397184
spelling oai:scholar.dlu.edu.vn:DLU123456789-14412009-12-02T08:01:06Z Information Security Management Handbook on CD-ROM, 2006 Edition F Tipton, Harold Krause, Micki The multi-volume set of the Information Security Management Handbook is now available on CD-ROM. Containing the complete contents of the set, readers get a resource that is portable, linked and searchable by keyword, and organized under the Common Body of Knowledge (CBK) domains. In addition to an electronic version of the most comprehensive resource for information security management, this CD-ROM contains an extra volume's worth of information that readers will not find anywhere else, including chapters from other security and networking books that have never appeared in the print editions. Exportable text and hard copies are available at the click of a mouse. Domain 1 Access Control Systems and Methodology Section 1.1 Access Control Techniques * Sensitive or Critical Data Access Controls * An Introduction to Role-Based Access Control * Smartcards * A Guide to Evaluating Tokens * Enhancing Security through Biometric Technology * Biometrics: What’s New? * It’s All About Control * Controlling FTP: Providing Secured Data Transfers Section 1.2 Access Control Administration * Identity Management: Benefits and Challenges * Blended Threat Analysis: Passwords and Policy * Types of Information Security Controls Section 1.3 Identification and Authentication Techniques * Biometric Identification * Single Sign-On for the Enterprise Section 1.4 Access Control Methodologies and Implementation * Relational Data Base Access Controls Using SQL * Centralized Authentication Services (RADIUS, TACACS, DIAMETER) * Implementation of Access Controls An Introduction to Secure Remote Access Section 1.5 Methods of Attack Identity Theft * Hacker Tools and Techniques * A New Breed of Hacker Tools and Defenses * Social Engineering: The Forgotten Risk * Breaking News: The Latest Hacker Attacks and Defenses * Counter-Economic Espionage Section 1.6 Monitoring and Penetration Testing * Insight into Intrusion Prevention System * Penetration Testing * The Self-Hack Audit * Penetration Testing Domain 2 Telecommunications, Network, and Internet Security Section 2.1 Communications and Network Security * An Examination of Firewall Architectures * The Five W’s and Designing a Secure Identity Based Self-Defending Network (5W Network) * Maintaining Network Security: Availability via Intelligent Agents * PBX Firewalls: Closing the Back Door * Network Security Overview * Putting Security in the Transport: TLS * Access Control Using RADIUS * WLAN Security Update * Understanding SSL * Packet Sniffers and Network Monitors * Secured Connections to External Networks * Security and Network Technologies * Wired and Wireless Physical Layer Security Issues * Network Router Security * Dial-Up Security Controls * What’s Not So Simple about SNMP? * Network and Telecommunications Media: Security from the Ground Up * Security and the Physical Network Layer * Security of Wireless Local Area Networks * Securing Wireless Networks * Wireless Security Mayhem: Restraining the Insanity of Convenience * Wireless LAN Security Challenge * An Introduction to LAN/WAN Security * ISO/OSI and TCP/IP Network Model Characteristics * Integrity and Security of ATM Section 2.2 Internet, Intranet, Extranet Security * Voice over WLAN * Spam Wars: How to Deal with Junk E-Mail * An Examination of Firewall Architectures * Voice-over-IP Security Issues * Secure Web Services: Holes and Fillers * Enclaves: The Enterprise as an Extranet * IPSec Virtual Private Networks * Firewalls: An Effective Solution for Internet Security * Internet Security: Securing the Perimeter * Extranet Access Control Issues * Network Layer Security * Transport Layer Security * Application-Layer Security Protocols for Networks * Application Layer: Next Level of Security * Security of Communication Protocols and Services * Security Management of the World Wide Web * An Introduction to IPSec * Wireless Internet Security * VPN Deployment and Evaluation Strategy * How to Perform a Security Review of a Checkpoint Firewall * Comparing Firewall Technologies * The (In) Security of Virtual Private Networks * Cookies and Web Bugs * Leveraging Virtual Private Networks * Wireless LAN Security * Expanding Internet Support with IPv6 * Virtual Private Networks: Secure Remote Access Over the Internet * Applets and Network Security: A Management Overview * Security for Broadband Internet Access Users * New Perspectives on VPNs * An Examination of Firewall Architectures * Deploying Host-Based Firewalls across the Enterprise: A Case Study Section 2.3 E-mail Security * Instant Messaging Security Issues * Email Security * Protecting Against Dial-In Hazards: Email and Data Communications Section 2.4 Secure Voice Communications * Protecting Against Dial-In Hazards: Voice Systems * Voice Security * Secure Voice Communications (VoI) Section 2.5 Network Attacks and Countermeasures * Auditing the Telephony System: Defenses against Communications Security Breaches and Toll Fraud * Insecurity by Proxy * Wireless Security * Preventing DNS Attacks * Preventing a Network from Spoofing and Denial of Service Attacks * Packet Sniffers: Use and Misuse * ISPs and Denial-of-Service Attacks Domain 3 Security Management Practices Section 3.1 Security Management Concepts and Principles * The Common Criteria for IT Security Evaluation * A Look at the Common Criteria * The Controls Matrix * Information Security Governance * Belts and Suspenders: Diversity in Information Technology Security * Building Management Commitment through Security Councils, or Security Council Critical Success Factors * When Trust Goes Beyond the Border: Moving Your Development Work Offshore * Validating Your Business Partners * Incorporating HIPAA Security Requirements into an Enterprise Security Program * Measuring ROI on Security * Security Patch Management * Purposes of Information Security Management * The Building Blocks of Information Security * The Human Side of Information Security * Security Management * Securing New Information Technology * E-mail Security Using Pretty Good Privacy Section 3.2 Change Control Management * vConfiguration Management: Charting the Course for the Organization Section 3.3 Data Classification * Information Classification: A Corporate Implementation Guide Section 3.4 Risk Management * Risk Analysis and Assessment * Developing and Conducting a Security Test and Evaluation * Enterprise Security Management Program * Technology Convergence and Security: A Simplified Risk Management Model * The Role of Information Security in the Enterprise Risk Management Structure * A Matter of Trust * Trust Governance in a Web Services World * Risk Management and Analysis * New Trends in Information Risk Management * Information Security in the Enterprise * Managing Enterprise Security Information * Risk Analysis and Assessment * Managing Risk in an Intranet Environment * Security Assessment * Evaluating the Security Posture of an Information Technology Environment: * The Challenges of Balancing Risk, Cost, and Frequency of Evaluating Safeguards * Cyber-Risk Management: Technical and Insurance Controls for Enterprise-Level Security Section 3.5 Policies, Standards, Procedures and Guidelines * Toward Enforcing Security Policy: Encouraging Personal Accountability for * Corporate Information Security Policy * The Security Policy Life Cycle: Functions and Responsibilities * People, Process and Technology: A Winning Combination * Building an Effective Privacy Program * Training Your Employees to Identify Potential Fraud and How To Encourage Them To Come Forward * Establishing an E-Mail Retention Policy: Preventing Potential Legal Nightmares * Ten Steps to Effective Web-Based Security Policy Development and Distribution * A Progress Report on the CVE Initiative * Roles and Responsibilities of the Information Systems Security Officer * Information Protection: Organization, Roles, and Separation of Duties * Organizing for Success: Some Human Resources Issues in Information Security * Ownership and Custody of Data * Information Security and Personnel Practices * Information Security Policies from the Ground Up * Policy Development * Server Security Policies Section 3.6 Security Awareness Training * Change That Attitude: The ABCs of a Persuasive Security Awareness Program * Annual Security Awareness Briefing for the End User * Security Awareness Program * Maintaining Management’s Commitment * Making Security Awareness Happen * Making Security Awareness Happen: Appendices * Beyond Information Security Awareness Training: It Is Time to Change the Culture * Establishing a Successful Security Awareness Program Section 3.7 Security Management Planning * Understanding CRM * Maintaining Information Security during Downsizing * The Business Case for Information Security: Selling Management on the Protection of Vital Secrets and Products * Information Security Management in the Healthcare Industry * Protecting High-Tech Trade Secrets * How to Work with a Managed Security Service Provider * Considerations for Outsourcing Security * Outsourcing Security Domain 4 Application Program Security Section 4.1 Application Issues * Cross-Site Scripting (XSS) * Stack-Based Buffer Overflows * Security Models for Object-Oriented Databases * Web Application Security * The Perfect Security: A New World Order * Security for XML and Other Metadata Languages * XML and Information Security * Testing Object-Based Applications * Secure and Managed Object-Oriented Programming * Application Service Providers * Application Security * Covert Channels * Security as a Value Enhancer in Application Systems Development * Open Source versus Closed Source * PeopleSoft Security * World Wide Web Application Security Section 4.2 Databases and Data Warehousing * Reflections on Database Integrity * Datamarts and Data Warehouses: Keys to the Future or Keys to the Kingdom? * Digital Signatures in Relational Database Applications * Security and Privacy for Data Warehouses: Opportunity or Threat? * Relational Database Security: Availability, Integrity, and Confidentiality Section 4.3 Systems Development Controls * System Development Security Methodology * Software Engineering Institute Capability Maturity Model * Preventing SQL Injection Security Vulnerabilities through Data Sanitization * Enterprise Security Architecture * Certification and Accreditation Methodology * A Framework for Certification Testing * System Development Security Methodology * A Security-Oriented Extension of the Object Model for the * Development of an Information System * Methods of Auditing Applications Section 4.4 Malicious Code * Organized Crime and Malware * Net-Based Malware Detection: A Comparison with Intrusion Detection Models * Malware and Computer Viruses * An Introduction to Hostile Code and It’s Control * A Look at Java Security Section 4.5 Methods of Attack * Enabling Safer Deployment of Internet Mobile Code Technologies * Malicious Code: The Threat, Detection, and Protection Domain 5 Cryptography Section 5.1 Use of Cryptography * Three New Models for the Application of Cryptography * Auditing Cryptography: Assessing System Security Section 5.2 Cryptographic Concepts, Methodologies, and Practices * Blind Detection of Steganographic Content in Digital Images Using Cellular Automata * An Overview of Quantum Cryptography * Elliptic Curve Cryptography: Delivering High-Performance Security for E-Commerce and Communications * Cryptographic Key Management Concepts * Message Authentication * Fundamentals of Cryptography * Steganography: The Art of Hiding Messages * An Introduction to Cryptography * Hash Algorithms: From Message Digests to Signatures * A Look at the Advanced Encryption Standard (AES) * Introduction to Encryption Section 5.3 Private Key Algorithms * Principles and Applications of Cryptographic Key Management Section 5.4 Public Key Infrastructure (PKI) * Getting Started with PKI * Mitigating E-Business Security Risks: Public Key Infrastructures in the Real World * Preserving Public Key Hierarchy * PKI Registration Section 5.5 System Architecture for Implementing Cryptographic Functions * Implementing Kerberos in Distributed Systems Section 5.6 Methods of Attack * Methods of Attacking and Defending Cryptosystems Domain 6 Security Architecture and Models # Section 6.1 Principles of Computer and Network Organizations, Architectures, and Designs Enterprise Assurance: A Framework Explored # Creating a Secure Architecture # Common Models for Architecting an Enterprise Security Capability # Security Infrastructure: Basics of Intrusion Detection Systems # Systems Integrity Engineering # Introduction to UNIX Security for Security Practitioners # Enterprise Security Architecture # Microcomputer and LAN Security # Reflections on Database Integrity # Firewalls, 10 Percent of the Solution: A Security Architecture Primer # The Reality of Virtual Computing # Overcoming Wireless LAN Security Vulnerabilities Section 6.2 Principles of Security Models, Architectures and Evaluation Criteria * Formulating an Enterprise Information Security Architecture * Security Architecture and Models Section 6.3 Common Flaws and Security Issues — System Architecture and Design * Common System Design Flaws and Security Issues Domain 7 Operations Security Section 7.1 Concepts * Managing Unmanaged Systems * The RAID Advantage * Storage Area Networks Security Protocols and Mechanisms * Operations Security Abuses * Operations: The Center of Support and Control * Why Today’s Security Technologies Are So Inadequate: History, Implications, and New Approaches * Information Warfare and the Information Systems Security Professional * Steps for Providing Microcomputer Security * Protecting the Portable Computing Environment * Operations Security and Controls * Data Center Security: Useful Intranet Security Methods and Tools Section 7.2 Resource Protection Requirements * Understanding Service Level Agreements * Physical Access Control * Software Piracy: Issues and Prevention Section 7.3 Auditing * Auditing the Electronic Commerce Environment * Improving Network-Level Security through Real-Time Monitoring and Intrusion Detection * Intelligent Intrusion Analysis: How Thinking Machines Can Recognize Computer Intrusions * How to Trap the Network Intruder * Intrusion Detection: How to Utilize a Still Immature Technology Section 7.5 Operations Controls * Directory Security * Patch Management 101: It Just Makes Good Sense! * Security Patch Management: The Process Domain 8 Business Continuity Planning and Disaster Recovery Planning Section 8.1 Business Continuity Planning * Building Maintenance Processes for Business Continuity Plans * Identifying Critical Business Functions * Selecting the Right Business Continuity Strategy * Best Practice in Contingency Planning or Contingency Planning Program Maturity * Reengineering the Business Continuity Planning Process * The Role of Continuity Planning in the Enterprise Risk Management Structure * Business Continuity in the Distributed Environment * The Changing Face of Continuity Planning Section 8.2 Disaster Recovery Planning * Contingency at a Glance * The Business Impact Analysis Process and the Importance of Using Business Process Mapping * How To Test Plans and How Often * Restoration Component of Business Continuity Planning * Business Resumption Planning and Disaster Recovery: A Case History * Business Continuity Planning: A Collaborative Approach Section 8.3 Elements of Business Continuity Planning * The Business Impact Assessment Process Domain 9 Law, Investigation, and Ethics Section 9.1 Information Law * Sarbanes–Oxley Compliance: A Technology Practitioner’s Guide * Health Insurance Portability and Accountability Act (HIPAA) Security Rule * The Ethical and Legal Concerns of Spyware * Jurisdictional Issues in Global Transmissions * An Emerging Information Security Minimum Standard of Due Care * ISPs and Accountability * When Technology and Privacy Collide * Privacy in the Healthcare Industry * The Case for Privacy * Liability for Lax Computer Security in DDoS Attacks * The Final HIPAA Security Rule Is Here! Now What? * HIPAA 201: A Framework Approach to HIPAA Security Readiness * Internet Gripe Sites: Bally v. Faber * State Control of Unsolicited E-mail: State of Washington v. Heckel * The Legal Issues of Disaster Recovery Planning Section 9.2 Investigations * Computer Crime Investigations: Managing a Process without Any Golden Rules * Operational Forensics * Computer Crime Investigation and Computer Forensics * What Happened? Section 9.3 Major Categories of Computer Crime * The Evolution of the Sploit * Computer Crime * Phishing: A New Twist to an Old Game * It’s All about Power: Information Warfare Tactics by Terrorists, Activists, and Miscreants * The International Dimensions of Cybercrime * Computer Abuse Methods and Detection Section 9.4 Incident Handling * DCSA: A Practical Approach to Digital Crime Scene Analysis * What a Computer Security Professional Needs to Know about E-Discovery and Digital ForensicsHow to Begin a Non-Liturgical Forensic Examination * Spyware, Spooks, and Cyber-goblins * Honeypot Essentials Section 9.2 Investigations * Computer Crime Investigations: Managing a Process without Any Golden Rules * Operational Forensics * Computer Crime Investigation and Computer Forensics * What Happened? Section 9.3 Major Categories of Computer Crime * The Evolution of the Sploit * Computer Crime * Phishing: A New Twist to an Old Game * It’s All about Power: Information Warfare Tactics by Terrorists, Activists, and Miscreants * The International Dimensions of Cybercrime * Computer Abuse Methods and Detection Section 9.4 Incident Handling * DCSA: A Practical Approach to Digital Crime Scene Analysis * What a Computer Security Professional Needs to Know about E-Discovery and Digital Forensics * How to Begin a Non-Liturgical Forensic Examination * Spyware, Spooks, and Cyber-goblins * Honeypot Essentials Domain 10 Physical Security Section 10.1 Elements of Physical Security * Physical Security for Mission Critical Facilities and Data Centers * Personnel Security Screening * Physical Security: A Foundation for Information Security * Physical Security: Controlled Access and Layered Defense * Computing Facility Physical Security * Closed Circuit Television and Video Surveillance * Physical Security Section 10.2 Environment and Life Safety Workplace Violence: Event Characteristics and Prevention * Physical Security: The Threat after September 11th, 2001 Glossary 2009-12-02T08:01:06Z 2009-12-02T08:01:06Z 2006 Book https://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1441 en application/rar CRC Press

Những quyển sách tương tự