Information Security Management Handbook, Sixth Edition (2012)

Introduction

DOMAIN 1: ACCESS CONTROL

Chapter 1. What Business Associates Need to Know about Protected Health Information under HIPAA and HITECH

DOMAIN 2: TELECOMMUNICATIONS AND NETWORK SECURITY

Chapter 2. E-Mail Security

DOMAIN 3: INFORMATION SECURITY AND RISK MANAGEMENT

Chapter 3. Appreciating Organizational Behavior and Institutions to Solidify Your Information Security Program

Chapter 4. The Information Security Auditors Have Arrived, Now What?

Chapter 5. Continuous Monitoring: Extremely Valuable to Deploy within Reason

Chapter 6. Social Networking

Chapter 7. Insider Threat Defense

Chapter 8. Risk Management in Public Key Certificate Applications

Chapter 9. Server Virtualization: Information Security Considerations

Chapter 10. Security Requirements Analysis

Chapter 11. CERT Resilience Management Model: An Overview

Chapter 12. Managing Bluetooth Security

Chapter 13. Slash and Burn: In Times of Recession, Do Not Let Emotions Drive Business Decisions

Chapter 14. A “Zero Trust” Model for Security

DOMAIN 4: APPLICATION DEVELOPMENT SECURITY

Chapter 15. Application Whitelisting

Chapter 16. Design of Information Security for Large System Development Projects

Chapter 17. Building Application Security Testing into the Software Development Life Cycle

Chapter 18. Twenty-Five (or Forty) Years of Malware History

DOMAIN 5: CRYPTOGRAPHY

Chapter 19. Format Preserving Encryption

Chapter 20. Elliptic Curve Cryptosystems

Chapter 21. Pirating the Ultimate Killer App: Hacking Military Unmanned Aerial Vehicles

DOMAIN 6: SECURITY ARCHITECTURE AND DESIGN

Chapter 22. Service-Oriented Architecture

Chapter 23. Cloud Security

Chapter 24. Enterprise Zones of Trust

DOMAIN 7: OPERATIONS SECURITY

Chapter 25. Complex Event Processing for Automated Security Event Analysis

Chapter 26. Records Management

DOMAIN 8: BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING

Chapter 27. Data Backup Strategies: Traditional versus Cloud

DOMAIN 9: LEGAL, REGULATIONS, COMPLIANCE, AND INVESTIGATIONS

Chapter 28. Managing Advanced Persistent Threats

Chapter 29. Virtualization Forensics

DOMAIN 10: PHYSICAL (ENVIRONMENTAL) SECURITY

Chapter 30. Terrorism: An Overview

Chapter 31. Countermeasure Goals and Strategies