| |
| |
Foreword | |
| |
| |
Introduction | |
| |
| |
Acknowledgments | |
| |
| |
About the Authors | |
| |
| |
Security Management Practices | |
| |
| |
Our Goals | |
| |
| |
Domain Definition | |
| |
| |
Management Concepts | |
| |
| |
Information Classification Process | |
| |
| |
Security Policy Implementation | |
| |
| |
Roles and Responsibilities | |
| |
| |
Risk Management | |
| |
| |
Security Awareness | |
| |
| |
Sample Questions | |
| |
| |
Access Control Systems | |
| |
| |
Rationale | |
| |
| |
Controls | |
| |
| |
Identification and Authentication | |
| |
| |
Some Access Control Issues | |
| |
| |
Sample Questions | |
| |
| |
Telecommunications and Network Security | |
| |
| |
Our Goals | |
| |
| |
Domain Definition | |
| |
| |
Management Concepts | |
| |
| |
Technology Concepts | |
| |
| |
Sample Questions | |
| |
| |
Cryptography | |
| |
| |
Introduction | |
| |
| |
Cryptographic Technologies | |
| |
| |
Secret Key Cryptography (Symmetric Key) | |
| |
| |
Public (Asymmetric) Key Cryptosystems | |
| |
| |
Approaches to Escrowed Encryption | |
| |
| |
Internet Security Applications | |
| |
| |
Sample Questions | |
| |
| |
Security Architecture and Models | |
| |
| |
Security Architecture | |
| |
| |
Assurance | |
| |
| |
Information Security Models | |
| |
| |
Sample Questions | |
| |
| |
Operations Security | |
| |
| |
Our Goals | |
| |
| |
Domain Definition | |
| |
| |
Controls and Protections | |
| |
| |
Monitoring and Auditing | |
| |
| |
Threats and Vulnerabilities | |
| |
| |
Sample Questions | |
| |
| |
Applications and Systems Development | |
| |
| |
The Software Life Cycle Development Process | |
| |
| |
The Software Capability Maturity Model (CMM) | |
| |
| |
Object-Oriented Systems | |
| |
| |
Artificial Intelligence Systems | |
| |
| |
Database Systems | |
| |
| |
Application Controls | |
| |
| |
Sample Questions | |
| |
| |
Business Continuity Planning and Disaster Recovery Planning | |
| |
| |
Our Goals | |
| |
| |
Domain Definition | |
| |
| |
Business Continuity Planning | |
| |
| |
Disaster Recovery Planning | |
| |
| |
Sample Questions | |
| |
| |
Law, Investigation, and Ethics | |
| |
| |
Introduction | |
| |
| |
Law | |
| |
| |
Investigation | |
| |
| |
Liability | |
| |
| |
Ethics | |
| |
| |
Sample Questions | |
| |
| |
Physical Security | |
| |
| |
Our Goals | |
| |
| |
Domain Definition | |
| |
| |
Threats to Physical Security | |
| |
| |
Controls for Physical Security | |
| |
| |
Sample Questions | |
| |
| |
Glossary of Terms and Acronyms | |
| |
| |
The Rainbow Series | |
| |
| |
Answers to Sample Questions | |
| |
| |
Security Management Practices | |
| |
| |
Access Control Systems and Methodology | |
| |
| |
Telecommunications and Network Security | |
| |
| |
Cryptography | |
| |
| |
Security Architecture and Models | |
| |
| |
Operations Security | |
| |
| |
Applications and Systems Development | |
| |
| |
Business Continuity Planning and Disaster Recovery Planning | |
| |
| |
Law, Investigation, and Ethics | |
| |
| |
Physical Security | |
| |
| |
A Process Approach to HIPAA Compliance through a HIPAA-CMM | |
| |
| |
The NSA InfoSec Assessment Methodology | |
| |
| |
The Case for Ethical Hacking | |
| |
| |
The Common Criteria | |
| |
| |
References for Further Study | |
| |
| |
British Standard 7799 | |
| |
| |
Index | |