| |
| |
Acknowledgments | |
| |
| |
Foreword | |
| |
| |
Introduction | |
| |
| |
About the Authors | |
| |
| |
| |
Security Management Practices | |
| |
| |
Sample Questions | |
| |
| |
Bonus Questions | |
| |
| |
Advanced Sample Questions | |
| |
| |
| |
Access Control Systems | |
| |
| |
Rationale | |
| |
| |
Controls | |
| |
| |
Identification and Authentication | |
| |
| |
Some Access Control Issues | |
| |
| |
Sample Questions | |
| |
| |
Bonus Questions | |
| |
| |
Advanced Sample Questions | |
| |
| |
| |
Telecommunications and Network Security | |
| |
| |
Our Goals | |
| |
| |
Domain Definition | |
| |
| |
Management Concepts | |
| |
| |
Sample Questions | |
| |
| |
Bonus Questions | |
| |
| |
Advanced Sample Questions | |
| |
| |
| |
Cryptography | |
| |
| |
Introduction | |
| |
| |
Cryptographic Technologies | |
| |
| |
Secret Key Cryptography | |
| |
| |
| |
Public (Asymmetric) Key Cryptosystems | |
| |
| |
Approaches to Escrowed Encryption | |
| |
| |
Internet Security Applications | |
| |
| |
Sample Questions | |
| |
| |
Bonus Questions | |
| |
| |
Advanced Sample Questions | |
| |
| |
| |
Security Architecture and Models | |
| |
| |
Security Architecture | |
| |
| |
Assurance | |
| |
| |
Information Security Models | |
| |
| |
Sample Questions | |
| |
| |
Bonus Questions | |
| |
| |
Advanced Sample Questions | |
| |
| |
| |
Operations Security | |
| |
| |
Our Goals | |
| |
| |
Domain Definition | |
| |
| |
Controls and Protections | |
| |
| |
Monitoring and Auditing | |
| |
| |
Threats and Vulnerabilities | |
| |
| |
Sample Questions | |
| |
| |
Bonus Questions | |
| |
| |
Advanced Sample Questions | |
| |
| |
| |
Applications and Systems Development | |
| |
| |
The Software Life Cycle | |
| |
| |
Development Process | |
| |
| |
The Software Capability Maturity Model (CMM | |
| |
| |
Object-Oriented Systems | |
| |
| |
Artificial Intelligence Systems | |
| |
| |
Database Systems | |
| |
| |
Application Controls | |
| |
| |
Sample Questions | |
| |
| |
Bonus Questions | |
| |
| |
Advanced Sample Questions | |
| |
| |
| |
Business Continuity Planning and Disaster Recovery Planning | |
| |
| |
Our Goals | |
| |
| |
Domain Definition | |
| |
| |
Business Continuity Planning | |
| |
| |
Disaster Recovery Planning | |
| |
| |
Sample Questions | |
| |
| |
Bonus Questions | |
| |
| |
Advanced Sample Questions | |
| |
| |
| |
Law, Investigation, and Ethics | |
| |
| |
Types of Computer Crime | |
| |
| |
Law | |
| |
| |
Investigation | |
| |
| |
Liability | |
| |
| |
Ethics | |
| |
| |
Sample Questions | |
| |
| |
Bonus Questions | |
| |
| |
Advanced Sample Questions | |
| |
| |
| |
Physical Security | |
| |
| |
Our Goals | |
| |
| |
Domain Definition | |
| |
| |
Threats to Physical Security | |
| |
| |
Controls for Physical Security | |
| |
| |
Sample Questions | |
| |
| |
Bonus Questions | |
| |
| |
Advanced Sample Questions | |
| |
| |
| |
A Process Approach to HIPAA Compliance through a HIPAA-CMM | |
| |
| |
Background | |
| |
| |
HIPAA Security Requirements Mappings to PAs | |
| |
| |
HPAs | |
| |
| |
Defining and Using the HIPAA-CMM | |
| |
| |
Conclusion | |
| |
| |
References | |
| |
| |
| |
HIPAA-CMM PA Overview | |
| |
| |
| |
Glossary (SSE-CMM v2.0 | |
| |
| |
| |
The Ideal Approach to Process Improvement | |
| |
| |
| |
SSE-CMM MAPPINGS and General Considerations | |
| |
| |
| |
The NSA InfoSec Assessment Methodology | |
| |
| |
History of the NIPC | |
| |
| |
About the ISSO | |
| |
| |
The InfoSec Assessment Methodology | |
| |
| |
PDD#63 | |
| |
| |
| |
The Case for Ethical Hacking | |
| |
| |
Rationale | |
| |
| |
Roles and Responsibilities | |
| |
| |
Implementation | |
| |
| |
Summary | |
| |
| |
| |
The Common Criteria | |
| |
| |
Common Criteria: Launching the International Standard | |
| |
| |
Glossary | |
| |
| |
For More Information | |
| |
| |
| |
BS7799 | |
| |
| |
| |
HIPAA Updates | |
| |
| |
Scope | |
| |
| |
Title II Administrative Simplification | |
| |
| |
Conclusion | |
| |
| |
| |
References for Further Study | |
| |
| |
Web Sites | |
| |
| |
| |
Answers to Sample and Bonus Questions | |
| |
| |
Chapter 1-Security Management Practices | |
| |
| |
Chapter 2-Access Control Systems and Methodology | |
| |
| |
Chapter 3-Telecommunications and Network Security | |
| |
| |
Chapter 4-Cryptography | |
| |
| |
Chapter 5-Security Architecture and Models | |
| |
| |
Chapter 6-Operations Security | |
| |
| |
Chapter 7-Applications and Systems Development | |
| |
| |
Chapter 8-Business Continuity Planning-Disaster Recovery Planning | |
| |
| |
Chapter 9-Law, Investigation, and Ethics | |
| |
| |
Chapter 10-Physical Security | |
| |
| |
| |
Answers to Advanced Sample Questions | |
| |
| |
Chapter 1-Security Management Practices | |
| |
| |
Chapter 2-Access Control Systems and Methodology | |
| |
| |
Chapter 3-Telecommunications and Network Security | |
| |
| |
Chapter 4-Cryptography | |
| |
| |
Chapter 5-Security Architecture and Models | |
| |
| |
Chapter 6-Operations Security | |
| |
| |
Chapter 7-Applications and Systems Development | |
| |
| |
Chapter 8-Business Continuity Planning-Disaster Recovery Planning | |
| |
| |
Chapter 9-Law, Investigation, and Ethics | |
| |
| |
Chapter 10-Physical Security | |
| |
| |
Notes | |
| |
| |
| |
What's on the CD-ROM | |
| |
| |
Glossary of Terms and Acronyms | |
| |
| |
Index | |