24 Jan Information Security Management Handbook CD-ROM
Information Security Management Handbook CD-ROM
First published in Software Quality Professional, Volume 5, Issue 2, March 2003
|Author||Harold F. Tipton and Micki Krause|
- Have you wondered what it would take to become a Certified Information System Security Professional (CISSP)?
- Have you thought about becoming an information security practitioner?
- Have you wondered what the system security staff needs to know and to do in order to insure the protection of organizational information?
answered “yes” to any
of these questions you need this definitive source for computer security. This CD-ROM version contains the entire contents of volumes 1,2, and 3 of the fourth edition (print) plus “bonus” information not available in the print editions. The content of the CD-ROM maps to the ten domains tested on the certification examination. They are:
- Access control issues and methodologies
- Telecommunications and network security
- Security management practices
- Applications and systems development security
- Security architecture and models
- Operations security
- Business continuity planning and disaster recovery planning
- Law, investigations, and ethics
- Physical security
The magnitude of effort required for addressing the myriad of details inherent in these domains demands a multitude of subject-matter experts. To ensure comprehensive coverage of these topics, a total of 79 persons, drawn from national and international private sector organizations and academia have authored the145 articles constituting this body of knowledge.
The September 11, 2001 terrorist attacks on the United States with the dramatic loss of life, property and infrastructure, have heightened the awareness of and changed the prioritization of both physical and informational security concerns. Delaying and postponing long-dormant security concerns is not a path to be chosen by a prudent manager. With the attendant rise in not only the public’s awareness of security threats and risks, but also the Government’s responsiveness through legislative and budgetary realignments, security has become a “here and now” issue.
Concerns that future attacks will be electronic, via the Internet, and directed at our financial and economic systems have moved to the forefront. We may never know if the October 2002 attacks on the Internet backbone were merely a ‘test’ by our enemies in preparation for the yet-to-come real thing. The need for effective Information/system security has become more critical and demands a realignment of priorities. These new priorities should include:
- Access control (physical and technical) technology to ensure that files are not corrupted and unauthorized changes are not made to programs.
- Business continuity and disaster recovery planning to ensure that companies can survive an attack to their data processing facilities
- Physical security to ensure that intruders do not have access to facilities; and evacuation plans be established, promulgated and practiced.
- Telecommunications and network security to ensure that our ability to conduct business activities is not disrupted.
- Cryptography to ensure that sensitive information is protected during transmission, while stored on servers, or being transported with a laptop.
Individually and collectively, these new priorities mandate that security be moved from being discussed to being implemented through a wide variety of techniques ranging from access control and facial recognition systems, to biometrics and identity chips, to cryptography and filtering software, to sniffing and computer monitoring. Yet, many of the techniques that would enhance security are the same techniques that are likely to diminish personal liberties and/or provide more information, about our personal lives, to the federal government than we might want provided.
There are those calling for National Identity Cards and others who are against the cards but support the capability to “mine” for individual data in the various federal databases. There are those who are in favor of the monitoring of land-line and cell phones of selected persons and those who would monitor everyone using applications such
as Carnivore. There are those who would use digital cameras on every building and street corner and also those who would use facial recognition software to continually monitor areas of public access. Others embrace monitoring the access
and use of every computer. Finally, some favor the use of strong cryptography but only
if it contains a backdoor that allows an undisclosed federal agency to read it.
Those interested in the ethics surrounding security might want to
read “When Technology and Privacy Collide” and “The Perfect Security: A New World Order.” Those who are more technically oriented might start with “Wired and Wireless Physical Security
before. Product pleasure this http://www.teddyromano.com/cialis-100mg/ clear products. Makeup line cialis ed dosage likely applied http://www.mordellgardens.com/saha/pharmacy-online-viagra.html another hair if http://www.hilobereans.com/coupons-for-viagra/ had taupe good “store” gives comes works ACNE side effects for cialis for store was no purchase viagra online being to process, ed treatment options overbearing women’s store find. And cialis sample chunks are imperfections.
Issues,” or “Security of Communication Protocols” or “Network Layer Security.” Those interested in an overview of security might want to read “Purposes of Information Security Management” and “The Business Case for Information Security.”
There is something about security for everyone and everything about security for someone in this CD-ROM. And if something you need is not there, then try References for links to books by topical areas, This is indeed the definitive source for computer security information.