Information Security Management Handbook, Volume 6

DOMAIN 1: ACCESS CONTROL
Access Control Administration
What Business Associates Need to Know About Protected Health Information Under HIPAA and HITECH; Rebecca Herold

DOMAIN 2: TELECOMMUNICATIONS AND NETWORK SECURITY
Internet, Intranet, Extranet Security
E-mail Security; Terence Fernandes

DOMAIN 3: INFORMATION SECURITY AND RISK MANAGEMENT
Security Management Concepts and Principles
Appreciating Organizational Behavior and Institutions to Solidify Your Information Security Program; Robert Pittman
Risk Management
The Information Security Auditors Have Arrived, Now What?; Todd Fitzgerald
Continuous Monitoring: Extremely Valuable to Deploy Within Reason; Foster J. Henderson and Mark A. Podracky
Social Networking; Sandy Bacik
Insider Threat Defense; Sandy Bacik
Risk Management in Public Key Certificate Applications; Alex Golod
Server Virtualization: Information Security Considerations; Thomas A. Johnson
Security Management Planning
Security Requirements Analysis; Sean M. Price
CERT Resilience Management Model: An Overview; Bonnie A. Goins Pilewski and Christopher Pilewski
Managing Bluetooth Security; E. Eugene Schultz, Matthew W. A. Pemble, and Wendy Goucher
Employment Policies and Practices
Slash and Burn: In Times of Recession, Do Not Let Emotions Drive Business Decisions; Seth Kinnett
A "Zero Trust" Model for Security; Ken Shaurette and Thomas J. Schleppenbach

DOMAIN 4: APPLICATION DEVELOPMENT SECURITY
System Development Controls
Application Whitelisting; Georges Jahchan
Design of Information Security for Large System Development Projects; James C. Murphy
Building Application Security Testing into the Software Development Life Cycle; Sandy Bacik
Malicious Code
Twenty-Five (or Forty) Years of Malware History; Robert M. Slade

DOMAIN 5: CRYPTOGRAPHY
Cryptographic Concepts, Methodologies, and Practices
Format Preserving Encryption; Ralph Spencer Poore
Elliptic Curve Cryptosystems; Jeff Stapleton
Pirating the Ultimate Killer APP: Hacking Military Unmanned Aerial Vehicles; Sean P. Mcbride

DOMAIN 6: SECURITY ARCHITECTURE AND DESIGN
Principles of Computer and Network Organizations, Architectures, and Designs
Service-Oriented Architecture; Walter B. Williams
Cloud Security; Terry Komperda
Enterprise Zones of Trust; Sandy Bacik

DOMAIN 7: OPERATIONS SECURITY: OPERATIONS CONTROLS
Complex Event Processing for Automated Security Event Analysis; Rob Shein
Records Management; Sandy Bacik

DOMAIN 8: BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING
Business Continuity Planning
Data Backup Strategies: Traditional Versus Cloud: Carl B. Jackson

DOMAIN 9: LEGAL, REGULATIONS, COMPLIANCE, AND INVESTIGATIONS
Major Categories of Computer Crime
Managing Advanced Persistent Threats; Eugene Schultz and Cuc Du
Incident Handling
Virtualization Forensics; Paul A. Henry

DOMAIN 10: PHYSICAL (ENVIRONMENTAL) SECURITY
Elements of Physical Security
Terrorism: An Overview; Frank Bolz, Kenneth J. Dudonis, and David P. Schulz
Technical Controls
Countermeasure Goals and Strategies; Thomas L. Norman

Index