Information security management handbook Volume 7 6th Edition by Richard OHanley, James Tiller 146656749X 9781466567498
Original price was: $50.00.$35.00Current price is: $35.00.
Information security management handbook Volume 7 6th Edition by Richard OHanley, James Tiller – Ebook PDF Instant Download/Delivery: 146656749X, 9781466567498
Full download Information security management handbook Volume 7 6th Edition after payment
Product details:
ISBN 10: 146656749X
ISBN 13: 9781466567498
Author: Richard O’Hanley, James S. Tiller
Updated annually, this is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledgerequired of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2 CISSP Common Body of Knowledge (CBK), this volume features 27 new chapters on topics such as BYOD, IT consumerization, smart grids, security, and privacy.
Information security management handbook Volume 7 6th Table of contents:
Introduction
Contributors
Domain 2 Telecommunications and Network Security
Communications and Network Security
Chapter 1 Securing the Grid
Introduction
The Power (Electrical) Grid
Core Functions of a Power Grid
Power Grid Components
Power Distribution Topologies
Communication Networks, Control, and Communications Protocol in the Grid
Problems in Current Power Grids
Stuxnet
The Case for a Smart Grid
The Smart Grid
Smart Grid Technologies, Systems, and Components
Grid Vulnerabilities
Threats in the Grid
Threats by Confidentiality, Integrity, and Availability
Privacy Threats
Potential Attacks on the Grid
Attacking Consumers
Attacking Utility Companies
Federal Efforts to Protect the Grid in North America
Standards Bodies and Standards for Protecting the Grid
Security for the Grid
General Security Practices
Technical Security Practices
Privacy Practices
Conclusion
References
Further Reading
Network Attacks and Countermeasures
Chapter 2 Attacks in Mobile Environments
Basic Attacks
Class of Illicit Use Attacks
Wireless Spoofing
Man-in-the-Middle Attacks
Denial of Service Attacks
Distributed DoS Attacks in Mobile Communications
Targeted Environments
Defending against DDoS Attacks
Improving the Security of the Relevant Devices
Mobile User-Level Traffic Control
Coordinated Filters and Tracing Back
Mobile Malware
Basics on Malware
Examples of Mobile Malware
Domain 3 Information Security and Risk Management
Security Management Concepts and Principles
Chapter 3 Security in the Cloud
Appendix A: Cloud Computing Service Provider Risk Analysis Questionnaire
Chapter 4 Getting the Best Out of Information Security Projects
No Need to Reinvent the Wheel
What Is a Project?
Project Planning
Develop Scope Statement
Develop Work Breakdown Structures
Define Activities
Sequence Activities
Determine Resourcing
Estimate Duration
Determine Project Schedule
Develop RACI Chart
Project Execution
Where the Rubber Meets the Road
Project Monitoring and Controlling
Regular Updates
Communications
Project Closing
Final Thoughts
References
Chapter 5 Mobility and Its Impact on Enterprise Security
Drivers for Adoption of Mobile Technologies in the Enterprise
Enterprise Mobility Ecosystem
Key Challenges in Managing, Controlling, and Securing Access to Enterprise Data from Mobile Devices
Device and Technology Diversity and Heterogeneity
BYOD (Bring Your Own Device)
Additional Security Vulnerabilities to Be Handled
Carrier-Level Vulnerabilities
Vulnerabilities at the Enterprise (Server-Side Vulnerabilities)
Tools Leveraged by IT Departments in Leading Enterprises for Addressing Mobile Technology Challenges
MEAP
MDM
Enterprise Appstores
Best Practices
Tackling Heterogeneity
BYOD Precautions
Precautions to Address Additional Vulnerabilities
Conclusion
References
Chapter 6 An Introduction to Digital Rights Management
Introduction
Digital Rights Management
Background
Types of Rights
DRM Principles
Protocols and Industry Standards
DRM Practices
Software
Hardware
Working of DRM Systems
DRM Architecture
DRM Components
Limitations of DRM
Implementation of DRM Systems
Identification of Scope
Analysis of Requirements
Implementation Choices
Evaluation Framework
Match the Business Needs
Conclusion
Annexure: Sample Data Gathering Templates
Further Reading
Chapter 7 Information Security on the Cheap
“Plan” Is Not a Four-Letter Word
Focus on Fundamentals
Minimize Diminishing Returns
Pick the Low-Hanging Fruit
Iterate to Dominate
Visibility for the Win
Putting It into Practice
System Hardening
Patch Management
Vulnerability Awareness
Vulnerability Scanning
Threat and Vulnerability Intelligence
Analysis
Security Awareness
Review and Strengthen Password Security
Final Thoughts and Conclusion
Chapter 8 Organizational Behavior (Including Institutions) Can Cultivate Your Information Security Program
Introduction
Organizational Governance
Organizational Culture and Behavior
Organizational Culture and Behavior: Millennials Generation
Organizations Are Institutions
The Information Security Executive in the Organization
Information Security Policies, Standards, Procedures, and Guidelines
The Information Security Organization
Conclusion
References
Chapter 9 Metrics for Monitoring
Monitoring for Enforcement
Baselines
Routine Metrics
Reporting
Policies, Standards, Procedures, and Guidelines
Chapter 10 Security Implications of Bring Your Own Device, IT Consumerization, and Managing User Choices
Managing User Choices
Appendix: Questions to Assist in Determining a BYOD Strategic Direction
Chapter 11 Information Assurance
References
Security Awareness Training
Chapter 12 Protecting Us from Us Human Firewall Vulnerability Assessments
The Story
Implement the Human Firewall
Public Information Gathering
Types of Social Engineering to Test Employee Security Awareness
Some Human Firewall Testing Results
Security Awareness Training High-Level Outline
Conclusion
Domain 4 Application Development Security
Application Issues
Chapter 13 Service-Oriented Architecture
What Is a Service-Oriented Architecture?
Distributed Computing and Services
An Architecture Based upon Services
Process Integrity
Enterprise Service Bus
Web Services and SOA: An Alternative Service Bus
Web Services Description Language
Simple Object Access Protocol
Representative State Transfer
Distributed Component Object Model
Common Object Request Broker Architecture
Data Distribution Service
Windows Communication Framework
WS-Coordination
WS-Transaction
BPEL for Web Services
WS-Security
Security Assertion Markup Language
.NET Passport
XML Encryption
XML Digital Signature
WS-Policy
Attacking SOAs
Defending SOAs
Auditing SOAs
Further Reading
Systems Development Controls
Chapter 14 Managing the Security Testing Process
Overview
Precursors to Security Testing
Security Testing Management
Types of Testing
Selection of a Testing Team
Testing Methodology
Components of an Effective Testing Methodology
Testing Methodology Phases
Phase I: Project Planning
Phase II: Information Gathering
Phase III: Vulnerability Detection
Phase IV: Exploitation and Control
Phase V: Analysis and Reporting
Know Your Tools
Category 1 Tools
Description
Advantages
Disadvantages
Examples
Category 2 Tools
Description
Advantages
Disadvantages
Examples
Category 3 Tools
Description
Advantages
Disadvantages
Examples
Reporting Requirements
Process Deliverables
Conclusion
Chapter 15 Security and Resilience in the Software Development Life Cycle
Resilience and Security Begin from Within
Requirements Gathering and Analysis
Systems Design and Detailed Design
Functional Decomposition
Categorizing Threats
Ranking Threats
Mitigation Planning
Design Reviews
Development (Coding) Phase
Static Analysis
Peer Review
Unit Testing
Testing
Deployment
Security Training
Summary
Domain 5 Cryptography
Cryptographic Concepts, Methodologies, and Practices
Chapter 16 Cloud Cryptography
Introduction
Cryptography
Data Confidentiality and Privacy
Data Integrity and Authenticity
Nonrepudiation
Cloud Security
Multitenant Provider
Cloud Subprovider
Cloud Customer
Conclusion
References
Domain 6 Security Architecture and Design
Principles of Security Models, Architectures, and Evaluation Criteria
Chapter 17 Identity and Access Management Architecture
Introduction
Authentication
Authorization
Administration
Audit
IAM: Typical Practice
Alternative Architecture: Integrated Decentralized
Alternative Architecture: Centralized
The IAM Ecosystem
Storing Identities
Integrating Identities
Administering Identities
Identity Request Initiation
Role Management
Approval Processing and Workflow Tracking
Interface to Managed Systems
Reconciliation Processing
User Self-Service
Enforcing Access Controls
Authenticating Identities
Something You Know
Single Sign-On
Something You Have
Something You Are
Authorizing Identities
Extending Identities
Conclusion
Chapter 18 FedRAMP
Background
Methodology
Roles and Responsibilities
Conclusion
Glossary
Further Reading
Domain 7 Operations Security
Concepts
Chapter 19 Data Storage and Network Security
Eliminating Blind Spots, Gaps in Coverage, or “Dark Territories”
Security Threat Risks and Challenges
Taking Action to Secure Your Resources
Domain 9 Legal, Regulations, Compliance, and Investigations
Information Law
Chapter 20 National Patient Identifier and Patient Privacy in the Digital Era
Overview of EHRs
National Patient Identifier and UPI
Privacy and Security Concern over Using a National ID or UPI
Arguments Supporting the Use of UPIs
Arguments against Issuing UPIs
UPI Implementation
Conclusion
References
Chapter 21 Addressing Social Media Security and Privacy Challenges
What Is Social Media?
Benefits
Risks
Using Social Media Apps
BYOD Issues
Posting Photos and Videos
Common Risks and Scams
Eleven Topics to Cover within Social Media Policies
Appropriate Use
Blogging
Wikis
Information Not to Post
Marketing
Security Controls
Time Spent on Social Media Sites
Linking with Others
Posting Photos and Videos
Reacting to Posts
Donor Searches
Summary
Investigations
Chapter 22 What Is Digital Forensics and What Should You Know about It?
Forensic Science
What Does It Take to Be a Digital Forensic Investigator?
What Are the Trends and Challenges in Digital Forensics?
Resources Available to Digital Forensic Investigators
Conclusion
Chapter 23 eDiscovery
Information Management: Getting eDiscovery Off on the Right Foot
eDiscovery Information Management Process
Records Management: Back to the Future
Data Mapping: Carrying Out the Data Knowledge Imperative
Again a Return to the Need for Data Governance
Chapter 24 Overview of the Steps of the Electronic Discovery Reference Model
Identification
Preservation
Litigation Hold
Winnowing Process
Collection
Auditability, Completeness, and Accuracy Are Essential
Collection Process
Processing
Processing Methods
Other Processing Considerations
Review
Choosing between In-House and Online Litigation Tool Support Technologies
Analysis
Sample Types of Analytical Tools
Production
Presentation
Chapter 25 Cell Phone Protocols and Operating Systems
Cell Phone Operating Systems: Finding the ESN and IMEI
Cell Phone Operating Systems and Protocols: Synchronization
Cell Phone Differences Worldwide
Cell Phone Differences Worldwide: Various Bands
Cell Phone Internal and External Storage
Internal Cards: Sim Cards/Locked and Unlocking
The Need for a Faraday Bag
Investigative Computer and Precautions to Take
Precautions: Examining Phone—High-Profile Case
Precautions: Protecting Equipment from Static Electricity
Putting It All Together: Cell Phone Hardware
Major Categories of Computer Crime
Chapter 26 Hacktivism
What Is Hacktivism?
What Is Digital Activism?
Electronic Civil Disobedience
Why Do Hacktivists Do What They Do?
Major Hacktivists
Anonymous
LulzSec
WikiLeaks
Stratfor Global Intelligence
How Has Social Media Helped the Hacktivist?
The Impact of the Hacktivist
Is My Organization a Target?
Implementing a Hacktivism Protection Plan
Corporate Policies
Application Development
Application Code Development Standards
Code Reuse
Application Code Review, Testing, and Analysis
Application Authentication Standards
Computer and Network Security
Conclusion
References
Compliance
Chapter 27 PCI Compliance
PCI Compliance
Goal of PCI DSS
Who Must Adhere to PCI Compliance?
Who Is Authorized to Perform PCI Security Scans?
The Five Levels of PCI Compliance
Level 1 Compliance
Level 2 Compliance
Level 3 Compliance
Level 4 Compliance
Level 5 Compliance
PCI DSS Overview
Category 1: Protect and Maintain a Secure Network
Category 2: Protect Cardholder Data
Category 3: Maintain a Vulnerability Management Program
Category 4: Implement Strong Access Control Measures
Category 5: Regularly Monitor and Test Networks
Category 6: Maintain an Information Security Policy
A Good Place to Start
Chapter 28 HIPAA/HITECH Compliance Overview
Interrelationship among Regulations, Policies, Standards, Procedures, and Guidelines
Reasonable Safeguards
Centers for Medicare and Medicaid Services Compliance Review
Risk Analysis
Currency and Adequacy of Policies and Procedures
Security Training
Business Associate Agreements
HIPAA/HITECH Privacy and Security Audit Program
SAS 70/SSAE 16 Debate
Corporate Governance
Summary
People also search for Information security management handbook Volume 7 6th:
information security management handbook pdf
management of information security sixth edition
va information security knowledge service
information security management handbook 6th edition
Tags:
Richard OHanley,James Tiller,Information,security