Another fine study tool brought to you by The CISSP Open Study Guides Web Site in collaboration with Auerbach. ENJOY!! Clement Dupuis ( cdupuis@cccure.org )

To access the contents, click the chapter and section titles.

Handbook of Information Security Management
(Imprint: Auerbach Publications)
(Publisher: CRC Press LLC)
Authors: Micki Krause, Harold F. Tipton
ISBN: 0849399475

Introduction

Contributors

Domain 1—Access Control

Section 1-1—Access Control Principles and Objectives

Chapter 1-1-1—Types of Information Security Controls

Chapter 1-1-2—Purposes of Information Security Management

Section 1-2—Access Control Issues

Chapter 1-2-1—Biometric Identification

Chapter 1-2-2—When Technology and Privacy Collide

Chapter 1-2-3—Relational Data Base Access Controls Using SQL

Section 1-3—Access Control Administration

Chapter 1-3-1—Implementation of Access Controls

Chapter 1-3-2—Implementing Kerberos in Distributed Systems

Domain 2—Communications Security

Section 2-1—Telecommunications Security Objectives, Threats, and Countermeasures

Chapter 2-1-1—The Self-Hack Audit

Section 2-2—Network Security

Chapter 2-2-1—A New Security Model for Networks and the Internet

Chapter 2-2-2—An Introduction to LAN/WAN Security

Section 2-3—Internet Security

Chapter 2-3-1—Security Management for the World Wide Web

Chapter 2-3-2—Internet Firewalls

Domain 3—Risk Management and Business Continuity Planning

Section 3-1—Risk Analysis

Chapter 3-1-1—Risk Analysis and Assessment

Section 3-2—Business Continuity Planning

Chapter 3-2-1—Business Continuity in Distributed Environments

Section 3-3—Distributed Systems BCP

Chapter 3-3-1—The Business Impact Assessment Process

Domain 4—Policy, Standards, and Organization

Section 4-1—Information Classification

Chapter 4-1-1—Information Classification: A Corporate Implementation Guide

Section 4-2—Security Awareness

Chapter 4-2-1—Information Warfare and the Information Systems Security Professional

Section 4-3—Organization Architecture

Chapter 4-3-1—New Organizational Model for IP Practitioners

Chapter 4-3-2—Enterprise Security Architecture

Section 4-4—Policy Development

Chapter 4-4-1—Policy Development

Domain 5—Computer Architecture and System Security

Section 5-1—Computer Organization and Configuration

Chapter 5-1-1—Secure Systems Architecture

Section 5-2—Microcomputer and LAN Security

Chapter 5-2-1—Microcomputer and LAN Security

Section 5-3—System Security

Chapter 5-3-1—Systems Integrity Engineering

Domain 6—Law, Investigation, and Ethics

Section 6-1—Legal and Regulatory Issues

Chapter 6-1-1—Computer Abuse Methods and Detection

Chapter 6-1-2—Federal and State Computer Crime Laws

Section 6-2—Investigation

Chapter 6-2-1—Computer Crime Investigation and Computer Forensics

Section 6-3—Information Ethics

Chapter 6-3-1—Computer Ethics

Domain 7—Application Program Security

Section 7-1—Application Security

Chapter 7-1-1—Role-Based Access Control in Real Systems

Chapter 7-1-2—Security Models for Object-Oriented Data Bases

Domain 8—Cryptography

Section 8-1—Cryptography Applications and Uses

Chapter 8-1-1—Cryptography and Escrowed Encryption

Domain 9—Computer Operations Security

Section 9-1—Operator, Hardware, and Media Controls

Chapter 9-1-1—Operations Security and Controls

Domain 10—Physical Security

Section 10-1—Threats and Facility Requirements

Chapter 10-1-1—Physical Security

Section 10-2—Personnel Physical Access Control

Chapter 10-2-1—Information Security and Personnel Practices

Section 10-3—Microcomputer Physical Security

Chapter 10-3-1—Protecting the Portable Computing Environment

Index