Information Security Management Handbook, Fourth Edition

VOLUME I: DOMAIN 1: ACCESS CONTROL SYSTEMS & METHODOLOGY. Access Control Issues. DOMAIN 2: TELECOMMUNICATIONS & NETWORK SECURITY. Network Security. Internet, Intranet. Extranet Security. DOMAIN 3: SECURITY MANAGEMENT PRACTICES. Security Awareness. Organization Architecture. Risk Management. DOMAIN 4: APPLICATIONS & SYSTEMS DEVELOPMENT SECURITY. Application Security. DOMAIN 5: CRYPTOGRAPHY. Crypto Technology & Implementations. DOMAIN 6: SECURITY ARCHITECTURE & MODELS. Microcomputer & Lan Security. DOMAIN 7: OPERATIONS SECURITY. Threats. DOMAIN 8: BUSINESS CONTINUITY PLANNING & DISASTER RECOVERY PLANNING. Business Continuity Planning. Disaster Recovery Planning. DOMAIN 9: LAW, INVESTIGATIONS & ETHICS. Investigation. Information Ethics. Information Law. DOMAIN 10: PHYSICAL SECURITY. Threats & Facility Requirements.

VOLUME II: DOMAIN 1: ACCESS CONTROL SYSTEMS AND METHODOLOGY. Single Sign On. Centralized Authentication Services (RADIUS, TACACS, DIAMETER). DOMAIN 2: TELECOMMUNICATIONS AND NETWORK SECURITY. E-Mail Security. Integrity and Security of ATM. An Introduction to Secure Remote Access. Packet Sniffers and Network Monitors. Enclaves: The Enterprise as an Extranet. IPSec Virtual Private Networks. DOMAIN 3: SECURITY MANAGEMENT PRACTICES. Penetration Testing. The Building Blocks of Information Security. The Business Case for Information Security: Selling Management on the Protection of Vital Secrets and Products. DOMAIN 4: APPLICATIONS AND SYSTEMS DEVELOPMENT SECURITY. Peoplesoft Security. World Wide Web Application Security. Common System Design Flaws and Security. Issues. Data Marts and Data Warehouses: Keys to the Future or Keys to the Kingdom? Mitigating E-business Security Risks: Public Key Infrastructures in the Real World. DOMAIN 5: CRYPTOGRAPHY. Introduction to Encryption. Three New Models for the Application of Cryptography. Methods of Attacking and Defending Cryptosystems. Message Authentication. DOMAIN 6: SECURITY ARCHITECTURE AND MODELS. Introduction to UNIX Security for Security Practitioners. DOMAIN 7: OPERATIONS SECURITY. Hacker Tools and Techniques. An Introduction to Hostile Code and Its Control. DOMAIN 8: BUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY PLANNING. The Business Impact Assessment Process. DOMAIN 10: LAW, INVESTIGATIONS, AND ETHICS. Computer Crime Investigations: Managing a Process without Any Golden Rules CIRT: Responding to Attack. Improving Network Level Security through Real Time Monitoring and Intrusion Detection. Operational Forensics.

VOLUME III: DOMAIN 1: ACCESS CONTROL SYSTEMS AND METHODOLOGY. Access Control Techniques. Access Control Administration. Privacy in the Healthcare Industry. Methods of Attack. DOMAIN 2: TELECOMMUNICATIONS AND NETWORK SECURITY. Communications and Network Security. Internet, Intranet, Extranet Security. DOMAIN 3: SECURITY MANAGEMENT PRACTICES. Security Management Practices. Policies, Standards, Procedures, and Guidelines. Risk Management. Change Control Management. DOMAIN 4: APPLICATIONS AND SYSTEMS DEVELOPMENT SECURITY. Application Issues. Databases and Data Warehousing. DOMAIN 5: CRYPTOGRAPHY. Private Key Algorithms. Public Key Infrastructure (PKI). Principles of Computer and Network Organizations, Architectures, and Designs. DOMAIN 7: OPERATIONS SECURITY. Intrusion Detection. Auditing. DOMAIN 8: BUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY PLANNING. Business Continuity Planning. Disaster Recovery Planning. DOMAIN 9: LAW, INVESTIGATIONS, AND ETHICS. Investigation. Information Law.
DOMAIN 10: THREATS AND FACILITY REQUIREMENTS. Threats and Facility Requirements.

VOLUME IV: DOMAIN 1: ACCESS CONTROL SYSTEMS AND METHODOLOGY. Access Control Techniques. Access Control Administration.
Methods of Attack. DOMAIN 2: TELECOMMUNICATIONS AND NETWORK SECURITY. Communications and Network Security. Internet, Intranet, and Extranet Security
Secure Voice Communication. Network Attacks and Countermeasures. DOMAIN 3: SECURITY MANAGEMENT PRACTICES. Security Management Concepts and Principles
Section. Policies, Standards, Procedures, and Guidelines. Risk Management. Security Management Planning. Employment Policies and Practices.
Domain 4: Applications and Systems Development Security. Application Issues. Systems Development Controls. Malicious Code. DOMAIN 5: CRYPTOGRAPHY. Crypto Concepts, Methodologies and Practices. Public Key Infrastructure (PKI). DOMAIN 6: SECURITY ARCHITECTURE AND MODELS.Principles of Computer and Network Organizations, Architectures, and Designs. DOMAIN 7: OPERATIONS SECURITY. Operations Controls. DOMAIN 8: BUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY PLANNING. Business Continuity Planning.
Disaster Recovery Planning. DOMAIN 9: LAW, INVESTIGATIONS, AND ETHICS. INFORMATION LAW. Major Categories of Computer Crime. Incident Handling. DOMAIN 10: PHYSICAL SECURITY. Elements of Physical Security. Environment and Life Safety.