Acknowledgments.
Foreword.
Introduction.
About the Authors.
Chapter 1. Security Management Practices.
Sample Questions.
Bonus Questions.
Advanced Sample Questions.
Chapter 2. Access Control Systems.
Rationale.
Controls.
Identification and Authentication.
Some Access Control Issues.
Sample Questions.
Bonus Questions.
Advanced Sample Questions.
Chapter 3. Telecommunications and Network Security.
Our Goals.
Domain Definition.
Management Concepts.
Sample Questions.
Bonus Questions.
Advanced Sample Questions.
Chapter 4. Cryptography.
Introduction.
Cryptographic Technologies.
Secret Key Cryptography (Symmetric Key).
Public (Asymmetric) Key Cryptosystems.
Approaches to Escrowed Encryption.
Internet Security Applications.
Sample Questions.
Bonus Questions.
Advanced Sample Questions.
Chapter 5. Security Architecture and Models.
Security Architecture.
Assurance.
Information Security Models.
Sample Questions.
Bonus Questions.
Advanced Sample Questions.
Chapter 6. Operations Security.
Our Goals.
Domain Definition.
Controls and Protections.
Monitoring and Auditing.
Threats and Vulnerabilities.
Sample Questions.
Bonus Questions.
Advanced Sample Questions.
Chapter 7. Applications and Systems Development.
The Software Life Cycle.
Development Process.
The Software Capability Maturity Model (CMM).
Object-Oriented Systems.
Artificial Intelligence Systems.
Database Systems.
Application Controls.
Sample Questions.
Bonus Questions.
Advanced Sample Questions.
Chapter 8. Business Continuity Planning and Disaster Recovery Planning.
Our Goals.
Domain Definition.
Business Continuity Planning.
Disaster Recovery Planning.
Sample Questions.
Bonus Questions.
Advanced Sample Questions.
Chapter 9. Law, Investigation, and Ethics.
Types of Computer Crime.
Law.
Investigation.
Liability.
Ethics.
Sample Questions.
Bonus Questions.
Advanced Sample Questions.
Chapter 10. Physical Security.
Our Goals.
Domain Definition.
Threats to Physical Security.
Controls for Physical Security.
Sample Questions.
Bonus Questions.
Advanced Sample Questions.
Appendix A: A Process Approach to HIPAA Compliance through a HIPAA-CMM.
Background.
HIPAA Security Requirements Mappings to PAs.
HPAs.
Defining and Using the HIPAA-CMM.
Conclusion.
References.
Appendix A: HIPAA-CMM PA Overview.
Appendix B: Glossary (SSE-CMM v2.0).
Appendix C: The Ideal Approach to Process Improvement.
Appendix D: SSE-CMM MAPPINGS and General Considerations.
Appendix B: The NSA InfoSec Assessment Methodology.
History of the NIPC.
About the ISSO.
The InfoSec Assessment Methodology.
PDD#63.
Appendix C: The Case for Ethical Hacking.
Rationale.
Roles and Responsibilities.
Implementation.
Summary.
Appendix D: The Common Criteria.
Common Criteria: Launching the International Standard.
Glossary.
For More Information.
Appendix E: BS7799.
Appendix F: HIPAA Updates.
Scope.
Title II Administrative Simplification.
Conclusion.
Appendix G: References for Further Study.
Web Sites.
Appendix H: Answers to Sample and Bonus Questions.
Chapter 1 - Security Management Practices.
Chapter 2 - Access Control Systems and Methodology.
Chapter 3 - Telecommunications and Network Security.
Chapter 4 - Cryptography.
Chapter 5 - Security Architecture and Models.
Chapter 6 - Operations Security.
Chapter 7 - Applications and Systems Development.
Chapter 8 - Business Continuity Planning - Disaster Recovery Planning.
Chapter 9 - Law, Investigation, and Ethics.
Chapter 10 - Physical Security.
Appendix I: Answers to Advanced Sample Questions.
Chapter 1 - Security Management Practices.
Chapter 2 - Access Control Systems and Methodology.
Chapter 3 - Telecommunications and Network Security.
Chapter 4 - Cryptography.
Chapter 5 - Security Architecture and Models.
Chapter 6 - Operations Security.
Chapter 7 - Applications and Systems Development.
Chapter 8 - Business Continuity Planning - Disaster Recovery Planning.
Chapter 9 - Law, Investigation, and Ethics.
Chapter 10 - Physical Security.
Notes.
Appendix J: What's on the CD-ROM.
Glossary of Terms and Acronyms.
Index. |
