| |
| |
| Acknowledgments | |
| |
| |
| Foreword | |
| |
| |
| Introduction | |
| |
| |
| About the Authors | |
| |
| |
| |
| Security Management Practices | |
| |
| |
| Sample Questions | |
| |
| |
| Bonus Questions | |
| |
| |
| Advanced Sample Questions | |
| |
| |
| |
| Access Control Systems | |
| |
| |
| Rationale | |
| |
| |
| Controls | |
| |
| |
| Identification and Authentication | |
| |
| |
| Some Access Control Issues | |
| |
| |
| Sample Questions | |
| |
| |
| Bonus Questions | |
| |
| |
| Advanced Sample Questions | |
| |
| |
| |
| Telecommunications and Network Security | |
| |
| |
| Our Goals | |
| |
| |
| Domain Definition | |
| |
| |
| Management Concepts | |
| |
| |
| Sample Questions | |
| |
| |
| Bonus Questions | |
| |
| |
| Advanced Sample Questions | |
| |
| |
| |
| Cryptography | |
| |
| |
| Introduction | |
| |
| |
| Cryptographic Technologies | |
| |
| |
| Secret Key Cryptography | |
| |
| |
| |
| Public (Asymmetric) Key Cryptosystems | |
| |
| |
| Approaches to Escrowed Encryption | |
| |
| |
| Internet Security Applications | |
| |
| |
| Sample Questions | |
| |
| |
| Bonus Questions | |
| |
| |
| Advanced Sample Questions | |
| |
| |
| |
| Security Architecture and Models | |
| |
| |
| Security Architecture | |
| |
| |
| Assurance | |
| |
| |
| Information Security Models | |
| |
| |
| Sample Questions | |
| |
| |
| Bonus Questions | |
| |
| |
| Advanced Sample Questions | |
| |
| |
| |
| Operations Security | |
| |
| |
| Our Goals | |
| |
| |
| Domain Definition | |
| |
| |
| Controls and Protections | |
| |
| |
| Monitoring and Auditing | |
| |
| |
| Threats and Vulnerabilities | |
| |
| |
| Sample Questions | |
| |
| |
| Bonus Questions | |
| |
| |
| Advanced Sample Questions | |
| |
| |
| |
| Applications and Systems Development | |
| |
| |
| The Software Life Cycle | |
| |
| |
| Development Process | |
| |
| |
| The Software Capability Maturity Model (CMM | |
| |
| |
| Object-Oriented Systems | |
| |
| |
| Artificial Intelligence Systems | |
| |
| |
| Database Systems | |
| |
| |
| Application Controls | |
| |
| |
| Sample Questions | |
| |
| |
| Bonus Questions | |
| |
| |
| Advanced Sample Questions | |
| |
| |
| |
| Business Continuity Planning and Disaster Recovery Planning | |
| |
| |
| Our Goals | |
| |
| |
| Domain Definition | |
| |
| |
| Business Continuity Planning | |
| |
| |
| Disaster Recovery Planning | |
| |
| |
| Sample Questions | |
| |
| |
| Bonus Questions | |
| |
| |
| Advanced Sample Questions | |
| |
| |
| |
| Law, Investigation, and Ethics | |
| |
| |
| Types of Computer Crime | |
| |
| |
| Law | |
| |
| |
| Investigation | |
| |
| |
| Liability | |
| |
| |
| Ethics | |
| |
| |
| Sample Questions | |
| |
| |
| Bonus Questions | |
| |
| |
| Advanced Sample Questions | |
| |
| |
| |
| Physical Security | |
| |
| |
| Our Goals | |
| |
| |
| Domain Definition | |
| |
| |
| Threats to Physical Security | |
| |
| |
| Controls for Physical Security | |
| |
| |
| Sample Questions | |
| |
| |
| Bonus Questions | |
| |
| |
| Advanced Sample Questions | |
| |
| |
| |
| A Process Approach to HIPAA Compliance through a HIPAA-CMM | |
| |
| |
| Background | |
| |
| |
| HIPAA Security Requirements Mappings to PAs | |
| |
| |
| HPAs | |
| |
| |
| Defining and Using the HIPAA-CMM | |
| |
| |
| Conclusion | |
| |
| |
| References | |
| |
| |
| |
| HIPAA-CMM PA Overview | |
| |
| |
| |
| Glossary (SSE-CMM v2.0 | |
| |
| |
| |
| The Ideal Approach to Process Improvement | |
| |
| |
| |
| SSE-CMM MAPPINGS and General Considerations | |
| |
| |
| |
| The NSA InfoSec Assessment Methodology | |
| |
| |
| History of the NIPC | |
| |
| |
| About the ISSO | |
| |
| |
| The InfoSec Assessment Methodology | |
| |
| |
| PDD#63 | |
| |
| |
| |
| The Case for Ethical Hacking | |
| |
| |
| Rationale | |
| |
| |
| Roles and Responsibilities | |
| |
| |
| Implementation | |
| |
| |
| Summary | |
| |
| |
| |
| The Common Criteria | |
| |
| |
| Common Criteria: Launching the International Standard | |
| |
| |
| Glossary | |
| |
| |
| For More Information | |
| |
| |
| |
| BS7799 | |
| |
| |
| |
| HIPAA Updates | |
| |
| |
| Scope | |
| |
| |
| Title II Administrative Simplification | |
| |
| |
| Conclusion | |
| |
| |
| |
| References for Further Study | |
| |
| |
| Web Sites | |
| |
| |
| |
| Answers to Sample and Bonus Questions | |
| |
| |
| Chapter 1-Security Management Practices | |
| |
| |
| Chapter 2-Access Control Systems and Methodology | |
| |
| |
| Chapter 3-Telecommunications and Network Security | |
| |
| |
| Chapter 4-Cryptography | |
| |
| |
| Chapter 5-Security Architecture and Models | |
| |
| |
| Chapter 6-Operations Security | |
| |
| |
| Chapter 7-Applications and Systems Development | |
| |
| |
| Chapter 8-Business Continuity Planning-Disaster Recovery Planning | |
| |
| |
| Chapter 9-Law, Investigation, and Ethics | |
| |
| |
| Chapter 10-Physical Security | |
| |
| |
| |
| Answers to Advanced Sample Questions | |
| |
| |
| Chapter 1-Security Management Practices | |
| |
| |
| Chapter 2-Access Control Systems and Methodology | |
| |
| |
| Chapter 3-Telecommunications and Network Security | |
| |
| |
| Chapter 4-Cryptography | |
| |
| |
| Chapter 5-Security Architecture and Models | |
| |
| |
| Chapter 6-Operations Security | |
| |
| |
| Chapter 7-Applications and Systems Development | |
| |
| |
| Chapter 8-Business Continuity Planning-Disaster Recovery Planning | |
| |
| |
| Chapter 9-Law, Investigation, and Ethics | |
| |
| |
| Chapter 10-Physical Security | |
| |
| |
| Notes | |
| |
| |
| |
| What's on the CD-ROM | |
| |
| |
| Glossary of Terms and Acronyms | |
| |
| |
| Index | |