This annually updated handbook provides a compilation of the fundamental knowledge, skills, techniques, and tools required by IT security professionals. It covers the Common Body of Knowledge (CBK) that forms the standard on which all IT security programs and certifications are based. Topics covered include access control, physical (environmental) security, cryptography, application security, and operations security. Updates include new developments in information security and the (ISC)2 CBK. Other information provided in this handbook includes mobile device security, adaptive threat defense, Web 2.0, virtualization, data leakage, and governance. An accompanying CD is sold separately.

Introduction	p. x
Editors	p. xi
Contributors	p. xiii
Access Control
Access Control Techniques
Whitelisting for Endpoint Defense	p. 3
Whitelisting	p. 15
Access Control Administration
RFID and Information Security	p. 21
Privileged User Management	p. 37
Privacy in the Age of Social Networking	p. 55
Telecommunications and Network Security
Communications and Network Security
IF-MAP as a Standard for Security Data Interchange	p. 69
Internet, Intranet, Extranet Security
Understating the Ramifications of IPv6	p. 117
Managing Security in Virtual Environments	p. 137
Information Security and Risk Management
Security Management Concepts and Principles
Do Your Business Associate Security and Privacy Programs Live Up to HIPAA and HITECH Requirements?	p. 153
Organization Culture Awareness Will Cultivate Your Information Security Program	p. 163
Risk Management
Role-Based Information Security Governance: Avoiding the Company Oil Slick	p. 179
Social Networking Security Exposure	p. 193
Social Networking, Social Media, and Web 2.0 Security Risks	p. 199
Applying Adult Education Principles to Security Awareness Programs	p. 207
Security Management Planning
Controlling the Emerging Data Dilemma: Building Policy for Unstructured Data Access	p. 215
Governance and Risk Management within the Context of Information Security	p. 229
Improving Enterprise Security through Predictive Analysis	p. 267
Employment Policies and Practices
Security Outsourcing	p. 283
Application Development Security
System Development Controls
The Effectiveness of Access Management Reviews	p. 293
Securing SaaS Applications: A Cloud Security Perspective for Application Providers	p. 301
Attacking RFID Systems	p. 313
Cryptograph
Cryptographic Concepts, Methodologies, and Practices
Cryptography: Mathematics vs. Engineering	p. 337
Cryptographic Message Syntax	p. 343
Security Architecture and Design
Principles of Computer and Network Organizations, Architectures, and Designs
An Introduction to Virtualization Security	p. 367
Operations Security
Operations Controls
Warfare and Security: Deterrence and Dissuasion in the Cyber Era	p. 391
Configuration, Change, and Release Management	p. 403
Tape Backup Considerations	p. 423
Productivity vs. Security	p. 429
Continuity Planning for Small- and Medium-Sized Organizations	p. 435
Legal, Regulations, Compliance, and Investigations
Information Law
The Cost of Risk: An Examination of Risk Assessment and Information Security in the Financial Industry	p. 447
Data Security and Privacy Legislation	p. 455
Incident Handling
Discovery of Electronically Stored Information	p. 473
Physical (Environmental) Security
Elements of Physical Security
The Layered Defense Model and Perimeter Intrusion Detection	p. 489
Index	p. 505
Information Security Management Handbook, Sixth Edition: Comprehensive Table of Contents	p. 521
Table of Contents provided by Ingram. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.