Product Description

Never before have there been so many laws designed to keep corporations honest. New laws and regulations force companies to develop stronger ethics policies and the shareholders themselves are holding publicly traded companies accountable for their practices. Consumers are also concerned over the privacy of their personal information and current and emerging legislation is reflecting this trend. Under these conditions, it can be difficult to know where to turn for reliable, applicable advice.

The sixth edition of the Information Security Management Handbook addresses up-to-date issues in this increasingly important area. It balances contemporary articles with relevant articles from past editions to bring you a well grounded view of the subject. The contributions cover questions important to those tasked with securing information assets including the appropriate deployment of valuable resources as well as dealing with legal compliance, investigations, and ethics. Promoting the view that the management ethics and values of an organization leads directly to its information security program and the technical, physical, and administrative controls to be implemented, the book explores topics such as risk assessments; metrics; security governance, architecture, and design; emerging threats; standards; and business continuity and disaster recovery. The text also discusses physical security including access control and cryptography, and a plethora of technology issues such as application controls, network security, virus controls, and hacking.

US federal and state legislators continue to make certain that information security is a board-level conversation and the Information Security Management Handbook, Sixth Edition continues to ensure that there you have a clear understanding of the rules and regulations and an effective method for their implementation.

Product Details

• Amazon Sales Rank: #220462 in Books
• Published on: 2007-05-14
• Original language: English
• Number of items: 1
• Binding: Hardcover
• 3280 pages

Review
A wonderful supplement [to the study guide]. … [H]eavy on practical examples and real-world scenarios … . [The book is] excellent.
- Technical Support, Dec. 2004
This is a must-have book for those preparing for the CISSP exam and for any information security professional.
- Zentralblatt MATH 1054, May 2005

About the Author
Tipton; Harold F. HFT Associates, Villa Park, California, USA,

Customer Reviews

Not written as an exam guide & is Vol 1 of 3 volumes
This book is a collection of papers that covers the ten domains of the Common Body of Knowledge (CBK) Generally Accepted Systems Security Principles (GASSP). As a compendium of knowledge from acknowledged experts this book represents an exceptionally valuable tool for security practitioners, and because the papers are grouped by CBK domain, it is also a useful study aid for anyone who is pursuing CISSP certification.

The papers, individually and collectively, contain a wealth of information. However, anyone who wants to use this book as a resource for preparing for the CISSP exam should know that this book is Volume 1 of a three volume set. Moreover, this is not a book that was written as a study guide as much as a professional reference, and it isn't the only book a CISSP candidate should read.

For the practitioner this book is an excellent investment because it does cover all ten CBK domains in great detail. However, I recommend investing in the CD ROM version of this book (Information Security Management Handbook on CD-ROM, ISBN 0849312345), which contains this book and Volumes 2 and 3. The CD ROM is more up-to-date and is more convenient then three books that combined contain nearly 2000 pages.

Regardless of whether you opt for this book or the CD ROM, you'll gain a wealth of knowledge from this book and if used in conjunction with other sources of information you will be well prepared to pass the CISSP exam.

Information Security Management Handbook
Overall the book provides an excellent overview of the information security arena. The length of the text is 728 pages, which is not light reading, but it is still in line within other books in the same category. The book is a compilation of several white papers on important topics relevent to information security. I used the handbook as a reference when studying for the Certified Information Systems Security Professional (CISSP) exam. I would recommended reading it, especially if you have limited knowledge in some of the exam's core areas.

CD ROM version significantly different from paper version
Don't confuse this CD ROM with the book that is being sold under the same title (ISBN 0849398290) because there are some major differences besides the media on which the material is provided.

The book is actually Volume 1 of the Information Security Handbook, Fourth Edition. This CD ROM contains Volume 1, plus Volumes 2 and 3 of the handbook, making it a more complete compilation of the material that encompasses the ten domains of the Common Body of Knowledge (CBK) of Generally Accepted Systems Security Principles (GASSP). See the product page for Volume 1 for reviews and a complete description of that subset of this CD ROM.

Volumes 2 and 3, like Volume 1 are aligned to the ten domains, but have more up-to-date material and new papers addressing a wider array of topics. Moreover, CISSP candidates will find a great deal more study material, and working practitioners will find information that covers emerging trends and technologies that have surfaced since Volume 1 was published.

The new or expanded material of the two additional volumes on this CD ROM are:

Volume 2 - (published in 2000), goes deeper in network security, but also covers interesting topics such as single-signon (will be of particular interest to organizations implementing LDAP), centralized authentication, and related topics in addition to newer coverage in each of the ten CBKs.

Volume 2 (published in 2001), is an overall update for each of the CBKs and contains a lot of fresh material that is fair game for CISSP exam questions, as well as a compendium of fresh material for practitioners.

In addition to the convenience of having all of this material on a CD ROM vs. over ten pounds of paper, the contents are searchable using the built in search facility, and can be printed when hard copy is required. This is a nice feature for consultants who can bring a wealth of reference material on site for quick cross-referencing during assessments or developing action plans that are consistent with the GASSP. Of course, the fact that this collection is more complete, comprehensive and up-to-date than the book by the same title makes this an attractive choice for anyone who requires working references or wants to prepare for the CISSP examination.