Information Security Management Handbook on CD-ROM, 2005 Edition

ACCESS CONTROL SYSTEMS AND METHODOLOGY
Access Control Techniques
Access Control Administration
Identification and Authentication Techniques
Access Control Methodologies and Implementation
Methods of Attack
Monitoring and Penetration Testing

TELECOMMUNICATIONS, NETWORK, AND INTERNET
SECURITY
Communications and Network Security
Internet, Intranet, Extranet Security
E-mail Security
Secure Voice Communications
Network Attacks and Countermeasures

SECURITY MANAGEMENT PRACTICES
Security Management Concepts and Principles
Change Control Management
Data Classification
Risk Management
Policies, Standards, Procedures and Guidelines
Risk Management
Security Awareness Training
Security Management Planning

APPLICATION PROGRAM SECURITY
Application Issues
Databases and Data Warehousing
Systems Development Controls
Malicious Code
Methods of Attack

CRYPTOGRAPHY
Use of Cryptography
Cryptographic Concepts, Methodologies, and Practices
Private Key Algorithms
Public Key Infrastructure (PKI)
System Architecture for Implementing Cryptographic
Functions
Methods of Attack

SECURITY ARCHITECTURE AND MODELS
Principles of Computer and Network Organizations,
Architectures, and Designs
Principles of Security Models, Architectures and Evaluation
Criteria Formulating an Enterprise Information Security Architecture
Common Flaws and Security Issues - System Architecture
and Design

OPERATIONS SECURITY
Concepts
Resource Protection Requirements
Auditing
Intrusion Detection
Operations Controls

BUSINESS CONTINUITY PLANNING AND DISASTER
RECOVERY PLANNING
Business Continuity Planning
Disaster Recovery Planning
Elements of Business Continuity Planning

LAW, INVESTIGATION, AND ETHICS
Information Law
Investigations
Major Categories of Computer Crime
Incident Handling
Ethics

PHYSICAL SECURITY
Elements of Physical Security
Environment and Life Safety