Information Security Managment HB (CD)

INFORMATION SECURITY MANAGEMENT HANDBOOK ON CD-ROM
2005 Edition
Harold F. Tipton and Micki Drause, (Editors

- Presents the most comprehensive resource on information security
management
on
CD-ROM
- Is organized according to the CISSP Common Body of Knowledge (CBK)
- Includes the latest developments in technology and changes in the CISSP
exam
- Serves as a full study guide and working reference, and is completely
searchable
- Covers intrusion detection, penetration testing, and secure voice
communications
- Discusses proven ways to design and develop secure systems
- Includes every chapter from the 3rd, 4th, and 5th editions of the book, plus
chapters from
other security and networking books that never appeared in the print versions of the
handbook

- - - - - - - -

The multi-volume set of the INFORMATION SECURITY MANAGEMENT
HANDBOOK is now
available on CD-ROM. Containing the complete contents of the set, readers get a
resource
that is lightweight and portable, linked and searchable by keyword, and organized
under the
Common Body of Knowledge (CBK) domains. In addition to an electronic version of
the
most comprehensive resource for information security management, this CD-ROM
contains
an extra volume's worth of information that readers will not find anywhere else,
including
chapters from other security and networking books that have never appeared in the
print
editions. Exportable text and hard copies are available at the click of a mouse.

- - - - - - - -
- - - -

TABLE OF CONTENTS

ACCESS CONTROL SYSTEMS AND METHODOLOGY
Access Control Techniques
Access Control Administration
Identification and Authentication Techniques
Access Control Methodologies and Implementation
Methods of Attack
Monitoring and Penetration Testing

TELECOMMUNICATIONS, NETWORK, AND INTERNET SECURITY
Communications and Network Security
Internet, Intranet, Extranet Security
E-mail Security
Secure Voice Communications
Network Attacks and Countermeasures

SECURITY MANAGEMENT PRACTICES
Security Management Concepts and Principles
Change Control Management
Data Classification
Risk Management
Policies, Standards, Procedures and Guidelines
Risk Management
Security Awareness Training
Security Management Planning

APPLICATION PROGRAM SECURITY
Application Issues
Databases and Data Warehousing
Systems Development Controls
Malicious Code
Methods of Attack

CRYPTOGRAPHY
Use of Cryptography
Cryptographic Concepts, Methodologies, and Practices
Private Key Algorithms
Public Key Infrastructure (PKI)
System Architecture for Implementing Cryptographic Functions
Methods of Attack

SECURITY ARCHITECTURE AND MODELS
Principles of Computer and Network Organizations,
Architectures, and Designs
Principles of Security Models, Architectures and Evaluation
Criteria Formulating an Enterprise Information Security Architecture
Common Flaws and Security Issues - System Architecture and Design

OPERATIONS SECURITY
Concepts
Resource Protection Requirements
Auditing
Intrusion Detection
Operations Controls

BUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY PLANNING
Business Continuity Planning
Disaster Recovery Planning
Elements of Business Continuity Planning

LAW, INVESTIGATION, AND ETHICS
Information Law
Investigations
Major Categories of Computer Crime
Incident Handling
Ethics

PHYSICAL SECURITY
Elements of Physical Security
Environment and Life Safety

- - - - - - - -
- - - -

MANDY ANDRESS, CISSP, CPA, CISA, President and CEO, ArcSec
Technologies
JOHN BERTI, CISSP, Senior Manager, Secure e-Business, Deloitte & Touche LLP
CHRISTINA BIRD, PH.D, CISSP, Senior Security Analyst, Counterpane Internet
Security
STEVEN F. BLANDING, Regional Director of Technology, Arthur Andersen LLP
DAVID BONEWALL, CISSP, CISA, Chief Security Architect, Teradata
BILL BONI, Price Waterhouse Coopers
KATE BORTEN, President, The Marblehead Group
JAMES CANNADY, Georgia Tech Research Insititute
STEPHEN COBB, Cobb Associates
DOUGLAS CONORICH, Global Solutions Manager, Managed Security Services,
IBM
Corporation
MICHAEL J. CORBY, Consulting Director, M Corby & Associates, Inc.
HARRY DEMAIO, Deloitte & Touche Enterprise Risk Services
JOHN DORF, Risk Management Consulting, Ernst & Young
ERAN FEIGENBAUM, Manager, PricewaterhouseCoopers LLP
BRYAN FISH, Network Systems Consultant, Lucent Technologies
JEFF FLYNN, Jeff Flynn & Associates
EDWARD H. FREEMAN, JD, Attorney
STEPHEN FRIED, Senior Manager, Global Risk Assessment and Secure
Business
Solutions, Lucent Technologies
KAREN GIBBS, Senior Data Warehouse Architect, Teradata
RONALD A. GOVE, PH.D., Vice President, Science Applications International
Corp.
GEOFFREY C. GRABOW, CISSP, Chief Technology Officer, beTRUSTED
ROBERT L. GRAY, PH.D., Associate Professor and Chair, Western New England
College
SUSAN HANSCHE, CISSP, Senior Manager, Troy Systems, Inc.
WILLIAM T. HARDING, PH.D., Associate Professor of Management Information
Systems,
Texas A&M University
CHRIS HARE, CISSP, ACE, Systems Auditor, Internal Audit Department, Nortel
Networks
JAY HEISER, CISSP, Information Security, UBS
GILBERT HELD, Director, 4-Degree Consulting
KEVIN HENRY, CISA, CISSP, Information Systems Auditor, Oregon Judicial
Department
CARL B. JACKSON, CISSP, Information Security Consultant
MARTY JOHNSON, Information Systems Assurance and Advisory Systems, Ernst
& Young
RAY KAPLAN, CISSP, Security Curmedgeon @ Large
CHRISTOPHER KING, Grennwich Technology Partners
BRYAN T. KOCH, CISSP, Principal Security Architect, Guardent, Inc.
JOE KOVARA, Chief Technology Officer, CyberSafe Inc.
MICKI KRAUSE, CISSP, Manager, Information Securities Systems, PacifiCare
Health
Systems
DAVID KREHNKE, CISSP, Principal Information Security Analyst, Logicon PRC,
Inc.
MOLLY KREHNKE, CISSP, Principal Information Security Analyst, Logicon PRC,
Inc.
KELLY J. KUCHTA, CFE, CPP, National Director, METASeS Security Response
Services
DENNIS SEYMOUR LEE, CISSP, President, Digital Solutions and Video, Inc.
ROSS LEO, CISSP, CBCP, Director, Information Assurance & Security
BRUCE LOBREE, CISSP, Security Manager, Oracle Business Online
LT. JEFFERY J. LOWDER, Chief, Network Security Element, United States Air
Force
Academy
BRUCE R. MATTHEWS, CISSP, Security Engineering Officer, U.S. Department of
State
SAMUEL C. MCCLINTOCK, Principal Security Consultant, Litton PRC
DOUGLAS C. MERRILL, PH.D., Senior Manager, PricewaterhouseCoopers LLP
WILLIAM HUGH MURRAY, Executive Consultant, IS Security, Deloitte & Touche
JUDITH M. MYERSON, Software Engineer
MATUNDA NYANCHAMA, PH.D., CISSP, Senior Manager, Information Protection
Center,
Bank of Montreal Companies
WILL OZIER, President and Founder, OPA—The Integrated Risk Management
Group
KEITH PASLEY, CISSP, CNE, Senior Sales Engineer, PGP Security
TOM PELTIER, CISSP, Information Security Consultant
RALPH SPENCER POORE, CISSP, CISA, CFE, Chief Technology Officer, Privacy
Infrastructure, Inc.
MIKE R. PREVOST, DBsign Product Manager, Gradkell Systems, Inc.
SATNAM PUREWAL, B.SC., CISSP, Manager, PricewaterhouseCoopers LLP
CLAY RANDALL, Senior Messaging Architect, United Messaging
ANITA REED, CPA
DONALD R. RICHARDS, Biometric Security Consultant, IriScan
MARCUS ROGERS, CISSP, Director, Deloitte & Touche LLP
BEN ROTHKE, CISSP, Senior Security Consultant, Camelot Information
Technologies
SEAN SCANLON, e-Architect, fcgDoghouse
E. EUGENE SCHULTZ, PH.D., Predictive Systems
DUANE E. SHARP, President, SharpTech Associates
KEN SHAURETTE, CISSP, CISA, Information Systems Security Staff Advisor,
American
Family Institute
SANFORD SHERIZEN, PH.D., CISSP, President, Data Security Systems, Inc.
ED SKOUDIS, Account Manager and Technical Director, Predictive Systems
EUGENE SPAFFORD, PH.D., Professor, Department of Computer Science,
Purdue
University
BILL STACKPOLE, CISSP, Senior Security Consultant, Predictive Systems
CHRISTOPHER STEINKE, CISSP, Information Security Consulting Staff Member,
Lucent
World Wide Services
PER THORSHEIM, Senior Consultant, PricewaterhouseCoopers
JAMES S. TILLER, CISSP, MSCE+I, Managing Principal and Security Product
Manager,
Enhanced Sales and Services, Lucent Worldwide Services
HAROLD F. TIPTON, CISSP, HTF Associates
WILLIAM TOMPKINS, CISSP, CBCP, System Analyst, Texas Parks and Wildlife
Department
JAMES TRULOVE, Network Engineer
JOHN R. VACCA, Independent Consultant
ADRIAAN VELDHUISEN, Senior Data Warehouse/Privacy Architect, Teradata
GEORGE WADE, Senior Manager, Lucent Technologies
THOMAS WELCH, Welch and Welch Investigations
ANNA WILSON, CISSP, CISA, Principal Consultant, Arqana Technologies, Inc.
BRETT REGAN YOUNG, CISSP, CBCP, Information Security Consultant

- - - - - - - -
- - - -

EXCERPT FROM THE INTRODUCTION TO THE 2004 (Previous) EDITION

“The CD-ROM containing articles from the Information Security Management
Handbook
(ISMH)...is, without a doubt, the most comprehensive reference on information
security topics
ever compiled. Over the past years, the ISMH alone provided current material that
addressed 238 topics from the Common Body of Knowledge (CBK) of the field of
information security. These books were intended to provide a day-to-day reference
for
practitioners and also to serve as references for those preparing for the
examination to
achieve the coveted Certified Information System Security Professional (CISSP)
designation. The handbooks have been highly regarded with respect to both goals.

“The CBK was created to include those topics that information security
professionals should
have knowledge of to be able to participate effectively in a discussion with their
peers about
information security issues. The CBK contains over 300 separate topics and is
updated
regularly to ensure that it remains current with the latest developments in the field.
It has been
divided into ten Domains: Access Control Systems and Methodology,
Telecommunications
and Network Security; Security Management Practices; Applications and System
Development Security; Cryptography; Security Architecture and Models;
Operations
Security; Business Continuity Planning and Disaster Recovery Planning; Law,
Investigation,
and Ethics; and Physical Security. The ISMH is organized around the CBK
Domains and
articles written by authors who are experts in the subject matter and address
specific topics
within each domain.

“Articles for the CD-ROM have been carefully selected to provide readers with the
most
current information on the topics included in the CBK. In addition, current articles
from other
Auerbach publications have been chosen to supplement those from the ISMH .
These other
Auerbach publications include: Data Security Management, System Development
Management , Database Management, Information Management, Enterprise
Operations
Management, Data Communications Management, and EDP Auditing.

CURRENT INFORMATION SECURITY CHALLENGES

“The terrorist activities of September 11, 2001, which resulted in the destruction of
the World
Trade Center in New York City and severe damage to the Pentagon in Washington,
D.C.,
have focused world attention on all aspects of security — including information
security.
There is well-founded concern that future attacks may be electronic via the
Internet.
Accordingly, people responsible, in any way, for information security would be
remiss if they
did not prepare themselves for the upcoming surge of interest in all facets of
security and
threats to security of the data processing infrastructure of their organizations.
Major topic
areas that immediately come to mind include: access control (both physical and
technical),
business continuity and disaster recovery planning, physical security,
telecommunications
security, and, surprisingly, cryptography. All of these are discussed in depth in
articles
included in the CD-ROM.

“Access control technology must be implemented to keep terrorists out of our
critical
systems where they could destroy integrity by corrupting files and making
unauthorized
changes to programs. The issues of confidentiality with respect to leading edge
technology
and the protection of personal information must also be addressed. A prime motive
for
unauthorized access to personal information is the desire to confuse efforts to
track terrorists
by changing identities. Identity theft is one of the fastest growing computer crimes
facing us
today. Access controls under consideration by airline security forces are currently
involving
biometrics. Biometric identification and authentication is a powerful
countermeasure against
identity theft. Read all about access control in the CD-ROM.

“Organizations that have not developed business continuity or disaster recovery
plans must
be considered negligent in view of the incredible damage inflicted by the terrorists
to the
data processing facilities of thousands of companies. Those with viable plans
should survive
to continue business operations — it is probably too late for those who failed to be
prepared.
All facets of business continuity and disaster recovery planning are thoroughly
described in
the CD-ROM.

“Physical security is an obvious candidate for increased attention. It goes
hand-in-hand with
the access control issues we now face. It is critical to be able to effectively
discriminate
between those who should have access to our facilities and would-be intruders
(terrorists
bent on facility destruction). Not only that, but evacuation plans for buildings must
be
established and thoroughly practiced during all times, day or night, that people are
occupying
the facility. Certainly, contingency plans must be in place to handle fires, bomb
threats,
chemical/biological contamination, and any other threats that could be mounted by
terrorists.
It is critical these days to take appropriate action to prevent an incident from
becoming a
disaster. Although most information security practitioners fancy themselves
knowledgeable
in physical security matters, they could be surprised by what they really do not
know. It is best
to review the physical security articles included in the CD-ROM to be prepared for
the worst
case scenario.

“The matter of telecommunications and network security has been featured in most
information technology- oriented trade journals for the past few years — particularly
with
respect to electronic commerce and the need to keep business information
accurate and, in
many cases, confidential. We have been tormented by reports of hackers from all
over the
world being able to crack into our critical systems and of perpetrators unleashing
destructive
viruses and denial of service attacks. Terrorists, obviously, could do the same
things and
effectively disrupt our ability to conduct business activities. What easier way to
retaliate for
any world effort to punish those responsible for the September 11th attacks?
Because there
are many countermeasures available, information security practitioners must not
continue to
be "asleep-at-the-switch." The telecommunications security area can often be
difficult to
understand because of the high level of technology involved. Therefore, it is even
more
important to refer to the CD-ROM for the latest articles on telecommunications and
network
security issues presented in easy-to-understand terminology.

“Finally, we refer to the cryptography concerns. In recent years, encryption has
become the
technology of choice to protect sensitive information transmitted through networks,
stored on
computers, or carried around on laptops. It is becoming easier to use and more
effective.
The problem is that the use of strong encryption techniques inhibits the ability of
law
enforcement, industry intelligence forces, and, of course, anti-terrorist experts to
track and
interdict criminals, spies, and terrorists. Recent news articles about the aftermath
of the
September 11th attacks are already suggesting that more power be given to
investigators
and more restrictions on the use of encryption be required. This strikes to the heart
of
personal privacy issues that we are so concerned about. Where this will all shake
out is
anybody’s guess. The bottom line is that we need to become more familiar with
the options
regarding the use of encryption so we can be ready to take appropriate action
when its use
is further restricted, as expected. You can find all you need to know about the use
of
encryption in the CD-ROM.

CONCLUSIONS

“Things have changed drastically since September 11th with respect to information
security
and related issues. We must now apply much higher priority to all aspects of
potential
terrorist activities. This new focus is expected to last for everal years into the
future. The most
comprehensive compilation of information related to information security in the
world is
available in the Information Security Management CD-ROM . This will enable you
to have the
knowledge at your fingertips to meet the challenges. There is no better reference
source
available.” - Hal Tipton

- - - - - - - -
- - - -
2005, CD-ROM. Order #DR626.
SPECIAL ORDER ITEM.
- - - - - - - -
- - - -

The Disaster Center Bookstore

Info, Network Security, Info Protection

Disaster Center Bookstore-a service of Rothstein Associates