Business & Economics

Official (ISC)2 Guide to the CSSLP

Author: Mano Paul

Publisher: CRC Press

ISBN: 1439826064

Category: Business & Economics

Page: 572

View: 2160

As the global leader in information security education and certification, (ISC)2® has a proven track record of educating and certifying information security professionals. Its newest certification, the Certified Secure Software Lifecycle Professional (CSSLP®) is a testament to the organization’s ongoing commitment to information and software security. The Official (ISC)2® Guide to the CSSLP® provides an all-inclusive analysis of the CSSLP Common Body of Knowledge (CBK®). As the first comprehensive guide to the CSSLP CBK, it facilitates the required understanding of the seven CSSLP domains—Secure Software Concepts, Secure Software Requirements, Secure Software Design, Secure Software Implementation/Coding, Secure Software Testing, Software Acceptance, and Software Deployment, Operations, Maintenance and Disposal—to assist candidates for certification and beyond. Serves as the only official guide to the CSSLP professional certification Details the software security activities that need to be incorporated throughout the software development lifecycle Provides comprehensive coverage that includes the people, processes, and technology components of software, networks, and host defenses Supplies a pragmatic approach to implementing software assurances in the real-world The text allows readers to learn about software security from a renowned security practitioner who is the appointed software assurance advisor for (ISC)2. Complete with numerous illustrations, it makes complex security concepts easy to understand and implement. In addition to being a valuable resource for those studying for the CSSLP examination, this book is also an indispensable software security reference for those already part of the certified elite. A robust and comprehensive appendix makes this book a time-saving resource for anyone involved in secure software development.
Computers

Official (ISC)2 Guide to the CISSP CBK

Author: Steven Hernandez, CISSP

Publisher: CRC Press

ISBN: 9781439863176

Category: Computers

Page: 1112

View: 3104

The urgency for a global standard of excellence for those who protect the networked world has never been greater. (ISC)2 created the information security industry’s first and only CBK®, a global compendium of information security topics. Continually updated to incorporate rapidly changing technologies and threats, the CBK continues to serve as the basis for (ISC)2’s education and certification programs. Unique and exceptionally thorough, the Official (ISC)2® Guide to the CISSP®CBK®provides a better understanding of the CISSP CBK — a collection of topics relevant to information security professionals around the world. Although the book still contains the ten domains of the CISSP, some of the domain titles have been revised to reflect evolving terminology and changing emphasis in the security professional’s day-to-day environment. The ten domains include information security and risk management, access control, cryptography, physical (environmental) security, security architecture and design, business continuity (BCP) and disaster recovery planning (DRP), telecommunications and network security, application security, operations security, legal, regulations, and compliance and investigations. Endorsed by the (ISC)2, this valuable resource follows the newly revised CISSP CBK, providing reliable, current, and thorough information. Moreover, the Official (ISC)2® Guide to the CISSP® CBK® helps information security professionals gain awareness of the requirements of their profession and acquire knowledge validated by the CISSP certification. The book is packaged with a CD that is an invaluable tool for those seeking certification. It includes sample exams that simulate the actual exam, providing the same number and types of questions with the same allotment of time allowed. It even grades the exam, provides correct answers, and identifies areas where more study is needed.
Computers

Official (ISC)2® Guide to the CAP® CBK®, Second Edition

Author: Patrick D. Howard

Publisher: CRC Press

ISBN: 1439820767

Category: Computers

Page: 462

View: 6312

Significant developments since the publication of its bestselling predecessor, Building and Implementing a Security Certification and Accreditation Program, warrant an updated text as well as an updated title. Reflecting recent updates to the Certified Authorization Professional (CAP®) Common Body of Knowledge (CBK®) and NIST SP 800-37, the Official (ISC)2® Guide to the CAP® CBK®, Second Edition provides readers with the tools to effectively secure their IT systems via standard, repeatable processes. Derived from the author’s decades of experience, including time as the CISO for the Nuclear Regulatory Commission, the Department of Housing and Urban Development, and the National Science Foundation’s Antarctic Support Contract, the book describes what it takes to build a system security authorization program at the organizational level in both public and private organizations. It analyzes the full range of system security authorization (formerly C&A) processes and explains how they interrelate. Outlining a user-friendly approach for top-down implementation of IT security, the book: Details an approach that simplifies the authorization process, yet still satisfies current federal government criteria Explains how to combine disparate processes into a unified risk management methodology Covers all the topics included in the Certified Authorization Professional (CAP®) Common Body of Knowledge (CBK®) Examines U.S. federal polices, including DITSCAP, NIACAP, CNSS, NIAP, DoD 8500.1 and 8500.2, and NIST FIPS Reviews the tasks involved in certifying and accrediting U.S. government information systems Chapters 1 through 7 describe each of the domains of the (ISC)2® CAP® CBK®. This is followed by a case study on the establishment of a successful system authorization program in a major U.S. government department. The final chapter considers the future of system authorization. The book’s appendices include a collection of helpful samples and additional information to provide you with the tools to effectively secure your IT systems.
Computers

Official (ISC)2® Guide to the ISSAP® CBK, Second Edition

Author: (ISC)2 Corporate

Publisher: CRC Press

ISBN: 1498787401

Category: Computers

Page: 600

View: 1290

Candidates for the CISSP-ISSAP professional certification need to not only demonstrate a thorough understanding of the six domains of the ISSAP CBK, but also need to have the ability to apply this in-depth knowledge to develop a detailed security architecture. Supplying an authoritative review of the key concepts and requirements of the ISSAP CBK, the Official (ISC)2® Guide to the ISSAP® CBK®, Second Edition provides the practical understanding required to implement the latest security protocols to improve productivity, profitability, security, and efficiency. Encompassing all of the knowledge elements needed to create secure architectures, the text covers the six domains: Access Control Systems and Methodology, Communications and Network Security, Cryptology, Security Architecture Analysis, BCP/DRP, and Physical Security Considerations. Newly Enhanced Design – This Guide Has It All! Only guide endorsed by (ISC)2 Most up-to-date CISSP-ISSAP CBK Evolving terminology and changing requirements for security professionals Practical examples that illustrate how to apply concepts in real-life situations Chapter outlines and objectives Review questions and answers References to free study resources Read It. Study It. Refer to It Often. Build your knowledge and improve your chance of achieving certification the first time around. Endorsed by (ISC)2 and compiled and reviewed by CISSP-ISSAPs and (ISC)2 members, this book provides unrivaled preparation for the certification exam and is a reference that will serve you well into your career. Earning your ISSAP is a deserving achievement that gives you a competitive advantage and makes you a member of an elite network of professionals worldwide.
Computers

Official (ISC)2 Guide to the SSCP CBK, Second Edition

Author: Harold F. Tipton

Publisher: CRC Press

ISBN: 9781439804841

Category: Computers

Page: 468

View: 1745

The (ISC)2® Systems Security Certified Practitioner (SSCP®) certification is one of the most important credentials an information security practitioner can have. Having helped thousands of people around the world obtain this distinguished certification, the bestselling Official (ISC)2 Guide to the SSCP CBK® has quickly become the book that many of today’s security practitioners depend on to attain and maintain the required competence in the seven domains of the (ISC)2 CBK. Picking up where the popular first edition left off, the Official (ISC)2 Guide to the SSCP CBK, Second Edition brings together leading IT security tacticians from around the world to discuss the critical role that policy, procedures, standards, and guidelines play within the overall information security management infrastructure. Offering step-by-step guidance through the seven domains of the SSCP CBK, the text: Presents widely recognized best practices and techniques used by the world's most experienced administrators Uses accessible language, bulleted lists, tables, charts, and diagrams to facilitate a clear understanding Prepares you to join the thousands of practitioners worldwide who have obtained (ISC)2 certification Through clear descriptions accompanied by easy-to-follow instructions and self-assessment questions, this book will help you establish the product-independent understanding of information security fundamentals required to attain SSCP certification. Following certification it will be a valuable guide to addressing real-world security implementation challenges.
Computers

Official (ISC)2 Guide to the CISSP CBK, Fourth Edition

Author: Adam Gordon

Publisher: CRC Press

ISBN: 1498759882

Category: Computers

Page: 1304

View: 8240

As a result of a rigorous, methodical process that (ISC)2 follows to routinely update its credential exams, it has announced that enhancements will be made to both the Certified Information Systems Security Professional (CISSP) credential, beginning April 15, 2015. (ISC)2 conducts this process on a regular basis to ensure that the examinations and subsequent training and continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals. Refreshed technical content has been added to the official (ISC)2 CISSP CBK to reflect the most current topics in the information security industry today. Some topics have been expanded (e.g., asset security, security assessment and testing), while other topics have been realigned under different domains. The result is an exam that most accurately reflects the technical and managerial competence required from an experienced information security professional to effectively design, engineer, implement and manage an organization’s information security program within an ever-changing security landscape. The domain names have been updated as follows: CISSP Domains, Effective April 15, 2015 Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity) Asset Security (Protecting Security of Assets) Security Engineering (Engineering and Management of Security) Communications and Network Security (Designing and Protecting Network Security) Identity and Access Management (Controlling Access and Managing Identity) Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery) Software Development Security (Understanding, Applying, and Enforcing Software Security) Some candidates may be wondering how these updates affect training materials for the CISSP credential. As part of the organization’s comprehensive education strategy and certifying body best practices, (ISC)2 training materials do not teach directly to its credential examinations. Rather, (ISC)2 Education is focused on teaching the core competencies relevant to the roles and responsibilities of today’s practicing information security professional. It is designed to refresh and enhance the knowledge of experienced industry professionals.
Computers

Official (ISC)2® Guide to the ISSMP® CBK®

Author: Joseph Steinberg

Publisher: CRC Press

ISBN: 9781420094442

Category: Computers

Page: 468

View: 6771

As the recognized leader in the field of information security education and certification, the (ISC)2® promotes the development of information security professionals around the world. The Certified Information Systems Security Professional-Information Systems Security Management Professional (CISSP-ISSMP®) examination assesses individuals’ understanding of security management practices. Obtaining certification validates your ability to create and implement effective information security management programs that meet the security needs of today’s organizations. Preparing professionals for certification and job readiness, the Official (ISC)2® Guide to the ISSMP® CBK® supplies a complete overview of the management topics related to information security. It provides for an expanded enterprise model of security and management that delves into project management, risk management, and continuity planning. Facilitating the mastery of the five ISSEP domains required for certification, the book includes authoritative coverage of enterprise security management, enterprise-wide system development, compliance of operations security, business continuity planning, disaster recovery planning, as well as legal and ethical considerations. Presents a complete overview of the managerial elements related to information security Examines a larger enterprise model of security and management Provides an all-inclusive analysis of the five domains of the CISSP-ISSMP CBK—including sample questions for each domain Representing over a century of combined experience working at the forefront of information security, the editor and distinguished team of contributors provide unprecedented coverage of the things you need to know to achieve certification. This book will not only help you prepare for the CISSP-ISSMP certification exam, but also provide you with a solid foundation to enhance your career path—whether you’re a seasoned security veteran or just starting out.
Computers

Official (ISC)2 Guide to the ISSAP CBK

Author: (ISC)2 Corporate

Publisher: CRC Press

ISBN: 1466579013

Category: Computers

Page: 600

View: 3673

Candidates for the CISSP-ISSAP professional certification need to not only demonstrate a thorough understanding of the six domains of the ISSAP CBK, but also need to have the ability to apply this in-depth knowledge to develop a detailed security architecture. Supplying an authoritative review of the key concepts and requirements of the ISSAP CBK, the Official (ISC)2® Guide to the ISSAP® CBK®, Second Edition provides the practical understanding required to implement the latest security protocols to improve productivity, profitability, security, and efficiency. Encompassing all of the knowledge elements needed to create secure architectures, the text covers the six domains: Access Control Systems and Methodology, Communications and Network Security, Cryptology, Security Architecture Analysis, BCP/DRP, and Physical Security Considerations. Newly Enhanced Design – This Guide Has It All! Only guide endorsed by (ISC)2 Most up-to-date CISSP-ISSAP CBK Evolving terminology and changing requirements for security professionals Practical examples that illustrate how to apply concepts in real-life situations Chapter outlines and objectives Review questions and answers References to free study resources Read It. Study It. Refer to It Often. Build your knowledge and improve your chance of achieving certification the first time around. Endorsed by (ISC)2 and compiled and reviewed by CISSP-ISSAPs and (ISC)2 members, this book provides unrivaled preparation for the certification exam and is a reference that will serve you well into your career. Earning your ISSAP is a deserving achievement that gives you a competitive advantage and makes you a member of an elite network of professionals worldwide.
Computers

The Official (ISC)2 Guide to the CCSP CBK

Author: Adam Gordon

Publisher: John Wiley & Sons

ISBN: 1119276748

Category: Computers

Page: 544

View: 7986

Globally recognized and backed by the Cloud Security Alliance (CSA) and the (ISC)2 the CCSP credential is the ideal way to match marketability and credibility to your cloud security skill set. The Official (ISC)2 Guide to the CCSPSM CBK Second Edition is your ticket for expert insight through the 6 CCSP domains. You will find step-by-step guidance through real-life scenarios, illustrated examples, tables, best practices, and more. This Second Edition features clearer diagrams as well as refined explanations based on extensive expert feedback. Sample questions help you reinforce what you have learned and prepare smarter. Numerous illustrated examples and tables are included to demonstrate concepts, frameworks and real-life scenarios. The book offers step-by-step guidance through each of CCSP’s domains, including best practices and techniques used by the world's most experienced practitioners. Developed by (ISC)², endorsed by the Cloud Security Alliance® (CSA) and compiled and reviewed by cloud security experts across the world, this book brings together a global, thorough perspective. The Official (ISC)² Guide to the CCSP CBK should be utilized as your fundamental study tool in preparation for the CCSP exam and provides a comprehensive reference that will serve you for years to come.
Business & Economics

The Complete Guide to Physical Security

Author: Paul R. Baker,Daniel J. Benny

Publisher: CRC Press

ISBN: 1420099647

Category: Business & Economics

Page: 360

View: 6260

To adequately protect an organization, physical security must go beyond the "gates, guns, and guards" mentality that characterizes most security programs. Creating a sound security plan involves understanding not only security requirements but also the dynamics of the marketplace, employee issues, and management goals. The Complete Guide to Physical Security discusses the assets of a facility—people, building, and location—and the various means to protect them. It emphasizes the marriage of technology and physical hardware to help those tasked with protecting these assets to operate successfully in the ever-changing world of security. The book covers specific physical security technologies, such as intrusion detection, access control, and video surveillance systems—including networked video. It addresses the reasoning behind installations, how to work with contractors, and how to develop a central station for monitoring. It also discusses government regulations for building secured facilities and SCIFs (Sensitive Compartmented Information Facilities). Case examples demonstrate the alignment of security program management techniques with not only the core physical security elements and technologies but also operational security practices. The authors of this book have nearly 50 years combined experience in the security industry—including the physical security and security management arenas. Their insights provide the foundation for security professionals to develop a comprehensive approach to achieving physical security requirements while also establishing leadership roles that help further the overall mission of their organization.
Computers

Readings & Cases in Information Security: Law & Ethics

Author: Michael E. Whitman,Herbert J. Mattord

Publisher: Cengage Learning

ISBN: 1133168647

Category: Computers

Page: 352

View: 7504

Readings and Cases in Information Security: Law and Ethics provides a depth of content and analytical viewpoint not found in many other books. Designed for use with any Cengage Learning security text, this resource offers readers a real-life view of information security management, including the ethical and legal issues associated with various on-the-job experiences. Included are a wide selection of foundational readings and scenarios from a variety of experts to give the reader the most realistic perspective of a career in information security. Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.
Computers

Information Assurance Handbook: Effective Computer Security and Risk Management Strategies

Author: Corey Schou,Steven Hernandez

Publisher: McGraw Hill Professional

ISBN: 0071826319

Category: Computers

Page: 480

View: 3525

Best practices for protecting critical data and systems Information Assurance Handbook: Effective Computer Security and Risk Management Strategies discusses the tools and techniques required to prevent, detect, contain, correct, and recover from security breaches and other information assurance failures. This practical resource explains how to integrate information assurance into your enterprise planning in a non-technical manner. It leads you through building an IT strategy and offers an organizational approach to identifying, implementing, and controlling information assurance initiatives for small businesses and global enterprises alike. Common threats and vulnerabilities are described and applicable controls based on risk profiles are provided. Practical information assurance application examples are presented for select industries, including healthcare, retail, and industrial control systems. Chapter-ending critical thinking exercises reinforce the material covered. An extensive list of scholarly works and international government standards is also provided in this detailed guide. Comprehensive coverage includes: Basic information assurance principles and concepts Information assurance management system Current practices, regulations, and plans Impact of organizational structure Asset management Risk management and mitigation Human resource assurance Advantages of certification, accreditation, and assurance Information assurance in system development and acquisition Physical and environmental security controls Information assurance awareness, training, and education Access control Information security monitoring tools and methods Information assurance measurements and metrics Incident handling and computer forensics Business continuity management Backup and restoration Cloud computing and outsourcing strategies Information assurance big data concerns

Secrets & lies

IT-Sicherheit in einer vernetzten Welt

Author: Bruce Schneier

Publisher: N.A

ISBN: 9783898643023

Category:

Page: 408

View: 2038

Willkommen in der New Economy, der Welt der digitalen Wirtschaft. Informationen sind leichter zugänglich als je zuvor. Die Vernetzung wird dicher, und digitale Kommunikation ist aus den Unternehmen nicht mehr wegzudenken. Die Begeisterung für die Technologie hat jedoch Ihren Preis: Die Zahl der Sicherheitsrisiken nimmt ständig zu. Die neuen Gefahren, die mit dem E-Business verknüpft sind, müssen den Unternehmen weltweit aber erst klar werden. Dieses Buch ist ein erster Schritt in diese Richtung. Bruce Schneier, anerkannter Experte im Bereich Kryptographie, erklärt, was Unternehmen über IT-Sicherheit wissen müssen, um zu überleben und wettbewerbsfähig zu bleiben. Er deckt das gesamte System auf, von den Ursachen der Sicherheitslücken bis hin zu den Motiven, die hinter böswilligen Attacken stehen. Schneier zeigt Sicherheitstechnologien und deren Möglichkeiten, aber auch deren Grenzen auf. Fundiert und anschaulich zugleich behandelt dieser praktische Leitfaden: - Die digitalen Bedrohungen und Angriffe, die es zu kennen gilt - Die derzeit verfügbaren Sicherheitsprodukte und -prozesse - Die Technologien, die in den nächsten Jahren interessant werden könnten - Die Grenzen der Technik - Das Vorgehen, um Sicherheitsmängel an einem Produkt offenzulegen - Die Möglichkeiten, existierende Risiken in einem Unternehmen festzustellen - Die Implementierung einer wirksamen Sicherheitspolitik Schneiers Darstellung der digitalen Welt und unserer vernetzten Gesellschaft ist pragmatisch, interessant und humorvoll. Und sie ermöglicht es dem Leser, die vernetzte Welt zu verstehen und sich gegen ihre Bedrohungen zu wappnen. Hier finden Sie die Unterstützung eines Experten, die Sie für die Entscheidungsfindung im Bereich IT-Sicherheit brauchen.
Computer security

Angewandte Kryptographie

Protokolle, Algorithmen und Sourcecode in C

Author: Bruce Schneier

Publisher: N.A

ISBN: 9783827372284

Category: Computer security

Page: 844

View: 604

Science

Die Information

Geschichte, Theorie, Flut

Author: James Gleick

Publisher: Redline Wirtschaft

ISBN: 3864142245

Category: Science

Page: 500

View: 5767

Blut, Treibstoff, Lebensprinzip - in seinem furiosen Buch erzählt Bestsellerautor James Gleick, wie die Information zum Kernstück unserer heutigen Zivilisation wurde. Beginnend bei den Wörtern, den "sprechenden" Trommeln in Afrika, über das Morsealphabet und bis hin zur Internetrevolution beleuchtet er, wie die Übermittlung von Informationen die Gesellschaften prägten und veränderten. Gleick erläutert die Theorien, die sich mit dem Codieren und Decodieren, der Übermittlung von Inhalten und dem Verbreiten der Myriaden von Botschaften beschäftigen. Er stellt die bekannten und unbekannten Pioniere der Informationsgesellschaft vor: Claude Shannon, Norbert Wiener, Ada Byron, Alan Turing und andere. Er bietet dem Leser neue Einblicke in die Mechanismen des Informationsaustausches. So lernt dieser etwa die sich selbst replizierende Meme kennen, die "DNA" der Informationen. Sein Buch ermöglicht ein neues Verständnis von Musik, Quantenmechanik - und eine gänzlich neue Sicht auf die faszinierende Welt der Informationen.