- Table View
- List View
Information Security Management Handbook, Volume 4
by Harold F. Tipton Micki KrauseEvery year, in response to advancements in technology and new laws in different countries and regions, there are many changes and updates to the body of knowledge required of IT security professionals. Updated annually to keep up with the increasingly fast pace of change in the field, the Information Security Management Handbook is the single most
Information Security Management Handbook, Volume 5
by Harold F. Tipton Micki Krause NozakiUpdated annually to keep up with the increasingly fast pace of change in the field, the Information Security Management Handbook is the single most comprehensive and up-to-date resource on information security (IS) and assurance. Facilitating the up-to-date understanding required of all IS professionals, the Information Security Management Handbook
Information Security Management Handbook, Volume 6
by Harold F. Tipton Cissp Micki Krause NozakiUpdated annually, the Information Security Management Handbook, Sixth Edition, Volume 6 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay
Information Security Management Handbook, Volume 7
by James S. Tiller Richard O’HanleyUpdated annually, this is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledgerequired of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations. Reporting on the latest developments in information security and recent changes to the (ISC)2 CISSP Common Body of Knowledge (CBK), this volume features 27 new chapters on topics such as BYOD, IT consumerization, smart grids, security, and privacy.
Information Security Management Handbook: Volume IV
by Harold TiptonThe Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference.The changes in the technology of information security and the increasing threats to security make a complete and up-to-date understanding of this material essential. Volume 4 supplements the information in the earlier volumes of this handbook, updating it and keeping it current. Organized by the ten domains of the Common Body of Knowledge (CBK) on which the CISSP exam is based, this volume gives you the information you need to understand what makes information secure and how to secure it. Because the knowledge required to master information security - the CBK - is growing so quickly, there is little duplication of material among the four volumes. As a study guide or resource that you can use on the job, the Information Security Management Handbook, Fourth Edition, Volume 4 is the book you will refer to over and over again.
Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement
by CISM, W. BrotbySpectacular security failures continue to dominate the headlines despite huge increases in security budgets and ever-more draconian regulations. The 20/20 hindsight of audits is no longer an effective solution to security weaknesses, and the necessity for real-time strategic metrics has never been more critical. Information Security Management Metr
Information Security Management: Concepts and Practice
by Bel G. RaggadInformation security cannot be effectively managed unless secure methods and standards are integrated into all phases of the information security life cycle. And, although the international community has been aggressively engaged in developing security standards for network and information security worldwide, there are few textbooks available that
Information Security Planning: A Practical Approach
by Susan LinckeThis book demonstrates how information security requires a deep understanding of an organization's assets, threats and processes, combined with the technology that can best protect organizational security. It provides step-by-step guidance on how to analyze business processes from a security perspective, while also introducing security concepts and techniques to develop the requirements and design for security technologies. This interdisciplinary book is intended for business and technology audiences, at student or experienced levels.Organizations must first understand the particular threats that an organization may be prone to, including different types of security attacks, social engineering, and fraud incidents, as well as addressing applicable regulation and security standards. This international edition covers Payment Card Industry Data Security Standard (PCI DSS), American security regulation, and European GDPR. Developing a risk profile helps to estimate the potential costs that an organization may be prone to, including how much should be spent on security controls.Security planning then includes designing information security, as well as network and physical security, incident response and metrics. Business continuity considers how a business may respond to the loss of IT service. Optional areas that may be applicable include data privacy, cloud security, zero trust, secure software requirements and lifecycle, governance, introductory forensics, and ethics.This book targets professionals in business, IT, security, software development or risk. This text enables computer science, information technology, or business students to implement a case study for an industry of their choosing..
Information Security Policies and Procedures: A Practitioner's Reference, Second Edition
by Thomas R. PeltierInformation Security Policies and Procedures: A Practitioner‘s Reference, Second Edition illustrates how policies and procedures support the efficient running of an organization. This book is divided into two parts, an overview of security policies and procedures, and an information security reference guide. This volume points out how securi
Information Security Policies, Procedures, and Standards: A Practitioner's Reference
by Douglas J. LandollInformation Security Policies, Procedures, and Standards: A Practitioner's Reference gives you a blueprint on how to develop effective information security policies and procedures. It uses standards such as NIST 800-53, ISO 27001, and COBIT, and regulations such as HIPAA and PCI DSS as the foundation for the content. Highlighting key terminology, policy development concepts and methods, and suggested document structures, it includes examples, checklists, sample policies and procedures, guidelines, and a synopsis of the applicable standards. The author explains how and why procedures are developed and implemented rather than simply provide information and examples. This is an important distinction because no two organizations are exactly alike; therefore, no two sets of policies and procedures are going to be exactly alike. This approach provides the foundation and understanding you need to write effective policies, procedures, and standards clearly and concisely. Developing policies and procedures may seem to be an overwhelming task. However, by relying on the material presented in this book, adopting the policy development techniques, and examining the examples, the task will not seem so daunting. You can use the discussion material to help sell the concepts, which may be the most difficult aspect of the process. Once you have completed a policy or two, you will have the courage to take on even more tasks. Additionally, the skills you acquire will assist you in other areas of your professional and private life, such as expressing an idea clearly and concisely or creating a project plan.
Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management
by Thomas R. PeltierBy definition, information security exists to protect your organization's valuable information resources. But too often information security efforts are viewed as thwarting business objectives. An effective information security program preserves your information assets and helps you meet business objectives. Information Security Policies, Procedure
Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0
by Barry L. WilliamsAlthough compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control. Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will help readers elicit management opinions on information security and document the formal and informal procedures currently in place. Topics covered include:Entity-level policies and procedures, Access-control policies and procedures, Change control and change management, System information integrity and monitoring, System services acquisition and protection, Informational asset management, Continuity of operations. The book supplies you with the tools to use the full range of compliance standards as guides for writing policies that meet the security needs of your organization. Detailing a methodology to facilitate the elicitation process, it asks pointed questions to help you obtain the information needed to write relevant policies. More importantly, this methodology can help you identify the weaknesses and vulnerabilities that exist in your organization. A valuable resource for policy writers who must meet multiple compliance standards, this guidebook is also available in eBook format. The eBook version includes hyperlinks beside each statement that explain what the various standards say about each topic and provide time-saving guidance in determining what your policy should include.
Information Security Practice and Experience
by Liqun Chen Robert H. Deng Guojun Wang Feng BaoThis book constitutes the refereed proceedings of the 4th International Information Security Practice and Experience Conference, ISPEC 2008, held in Sydney, Australia, in May 2008. The papers cover a wide range of topics.
Information Security Practice and Experience: 14th International Conference, ISPEC 2018, Tokyo, Japan, September 25-27, 2018, Proceedings (Lecture Notes in Computer Science #11125)
by Chunhua Su Hiroaki KikuchiThis book constitutes the refereed proceedings of the 14th International Conference on Information Security Practice and Experience, ISPEC 2018, held in Tokyo, Japan, in September 2018. The 39 papers presented in this volume were carefully reviewed and selected from 73 submissions. They were organized in topical sections named: system security; public key cryptography; searchable and functional encryption; post-quantum signature schemas; security protocols; network security; authentication; side-channel attacks; security for cyber-physical systems; security in mobile environment; secure computation and data privacy; and cryptographic protocols.
Information Security Practice and Experience: 15th International Conference, ISPEC 2019, Kuala Lumpur, Malaysia, November 26–28, 2019, Proceedings (Lecture Notes in Computer Science #11879)
by Javier Lopez Swee-Huay HengThis book constitutes the refereed proceedings of the 15th International Conference on Information Security Practice and Experience, ISPEC 2019, held in Kuala Lumpur, Malaysia, in November 2019. The 21 full and 7 short papers presented in this volume were carefully reviewed and selected from 68 submissions. They were organized into the following topical sections: Cryptography I, System and Network Security, Security Protocol and Tool, Access Control and Authentication, Cryptography II, Data and User Privacy, Short Paper I, and Short Paper II.
Information Security Practice and Experience: 16th International Conference, ISPEC 2021, Nanjing, China, December 17–19, 2021, Proceedings (Lecture Notes in Computer Science #13107)
by Mark Ryan Ding Wang Feng Bao Robert Deng Weizhi Meng Jian Shen Guilin WangThis book constitutes the refereed proceedings of the 16th International Conference on Information Security Practice and Experience, ISPEC 2021, held in Nanjing, China, in December 2021. The 23 full papers presented in this volume were carefully reviewed and selected from 94 submissions. The conference focus on new information security technologies, including their applications and their integration with IT systems in various vertical sectors.
Information Security Practice and Experience: 17th International Conference, ISPEC 2022, Taipei, Taiwan, November 23–25, 2022, Proceedings (Lecture Notes in Computer Science #13620)
by Vincenzo Piuri Chunhua Su Dimitris GritzalisThis book constitutes the refereed proceedings of the 17th International Conference on Information Security Practice and Experience, ISPEC 2022, held in Taipei, Taiwan, in November 2022. The 33 full papers together with 2 invited papers included in this volume were carefully reviewed and selected from 87 submissions. The main goal of the conference is to promote research on new information security technologies, including their applications and their integration with IT systems in various vertical sectors.
Information Security Practice and Experience: 18th International Conference, ISPEC 2023, Copenhagen, Denmark, August 24–25, 2023, Proceedings (Lecture Notes in Computer Science #14341)
by Vincenzo Piuri Zheng Yan Weizhi MengThis book constitutes the refereed proceedings of the 18th International Conference on Information Security Practice and Experience, ISPEC 2023, held in Copenhagen, Denmark, in August 2023.The 27 full papers and 8 short papers included in this volume were carefully reviewed and selected from 80 submissions. The main goal of the conference is to promote research on new information security technologies, including their applications and their integration with IT systems in various vertical sectors.
Information Security Practice and Experience: 19th International Conference, ISPEC 2024, Wuhan, China, October 25–27, 2024, Proceedings (Lecture Notes in Computer Science #15053)
by Jiageng Chen Zhe XiaThis book constitutes the refereed proceedings of the 19th International Conference on Information Security Practice and Experience, ISPEC 2024, held in Wuhan, China, during October 25–27, 2024. The 22 full papers presented in this volume were carefully reviewed and selected from 70 submissions. They cover multiple topics of cyber security and applied cryptography. The main goal of ISPEC 2024 conference was to promote research on new information security technologies, including their applications and their integration with IT systems in various vertical sectors.
Information Security Practices
by Isaac Woungang Issa Traoré Ahmed AwadThis book introduces novel research targeting technical aspects of protecting information security and establishing trust in the digital space. New paradigms, and emerging threats and solutions are presented in topics such as application security and threat management; modern authentication paradigms; digital fraud detection; social engineering and insider threats; cyber threat intelligence; intrusion detection; behavioral biometrics recognition; hardware security analysis. The book presents both the important core and the specialized issues in the areas of protection, assurance, and trust in information security practice. It is intended to be a valuable resource and reference for researchers, instructors, students, scientists, engineers, managers, and industry practitioners.
Information Security Risk Analysis
by Thomas R. PeltierSuccessful security professionals have had to modify the process of responding to new threats in the high-profile, ultra-connected business environment. But just because a threat exists does not mean that your organization is at risk. This is what risk assessment is all about. Information Security Risk Analysis, Third Edition demonstrates how to id
Information Security Risk Management for ISO27001 / ISO27002
by Alan Calder Steve G WatkinsThe changing global economy, together with recent corporate and IT governance developments, all provide the context within which organisations have to assess risks to the information assets on which their organisations, and the delivery of their business plan objectives, depend. Information security management decisions are entirely driven by specific decisions made as an outcome of a risk assessment process in relation to identified risks and specific information assets. Risk assessment is, therefore, the core competence of information security management.
Information Security Technologies for Controlling Pandemics (Advanced Sciences and Technologies for Security Applications)
by Babak Akhgar Hamid Jahankhani Stefan KendzierskyjThe year 2020 and the COVID-19 pandemic marked a huge change globally, both in working and home environments. They posed major challenges for organisations around the world, which were forced to use technological tools to help employees work remotely, while in self-isolation and/or total lockdown. Though the positive outcomes of using these technologies are clear, doing so also comes with its fair share of potential issues, including risks regarding data and its use, such as privacy, transparency, exploitation and ownership. COVID-19 also led to a certain amount of paranoia, and the widespread uncertainty and fear of change represented a golden opportunity for threat actors. This book discusses and explains innovative technologies such as blockchain and methods to defend from Advanced Persistent Threats (APTs), some of the key legal and ethical data challenges to data privacy and security presented by the COVID-19 pandemic, and their potential consequences. It then turns to improved decision making in cyber security, also known as cyber situational awareness, by analysing security events and comparing data mining techniques, specifically classification techniques, when applied to cyber security data. In addition, the book illustrates the importance of cyber security, particularly information integrity and surveillance, in dealing with an on-going, infectious crisis. Aspects addressed range from the spread of misinformation, which can lead people to actively work against measures designed to ensure public safety and minimise the spread of the virus, to concerns over the approaches taken to monitor, track, trace and isolate infectious cases through the use of technology. In closing, the book considers the legal, social and ethical cyber and information security implications of the pandemic and responses to it from the perspectives of confidentiality, integrity and availability.
Information Security Technologies in the Decentralized Distributed Networks (Lecture Notes on Data Engineering and Communications Technologies #115)
by Tamara Radivilova Roman Oliynykov Oleksandr Kuznetsov Oleksandr LemeshkoThe authors explore various aspects of information processing for the design of service systems, efficient management, secure storage, and transmission. In addition, the subline provides knowledge and practice in decentralized ICT technologies, including those based on blockchain. The aim of this book is to analyze and develop methods of building decentralized private databases without the presence of a trusted party, methods of data processing in encrypted form to ensure the confidentiality of information, and accessibility of the corresponding fragment of the original or transformed data. In this book it is also relevant to research methods and protocols routing in infocommunication networks, which provides load balancing in the network, and analysis of intrusion detection methods based on analysis of signatures and anomalies in network behavior (state changes) based on machine learning and fractal analysis methods.
Information Security Theory and Practice
by Javier Lopez Sara ForestiThis volume constitutes the refereed proceedings of the 10th IFIP WG 11. 2 International Conference on Information Security Theory and Practices, WISTP 2016, held in Heraklion, Crete, Greece, in September 2016. The 13 revised full papers and 5 short papers presented together in this book were carefully reviewed and selected from 29 submissions. WISTP 2016 sought original submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy, as well as experimental studies of fielded systems, the application of security technology, the implementation of systems, and lessons learned. The papers are organized in topical sections on authentication and key management; secure hardware systems; attacks to software and network systems; and access control and data protection.