فهرست مطالب کتاب Information Security Management Handbook:
Introduction
- 1. ACCESS CONTROL SYSTEMS AND METHODOLOGY
Section 1.1 Access Control Techniques
Section 1.2 Access Control Administration
Section 1.3 Identification and Authentication Techniques
Section 1.4 Access Control Methodologies and Implementation
Section 1.5 Methods of Attack
Section 1.6 Monitoring and Penetration Testing
- 2. TELECOMMUNICATIONS, NETWORK, AND INTERNET SECURITY
Section 2.1 Communications and Network Security
Section 2.2 Internet/Intranet/Extranet
Section 2.3 E-mail Security
Section 2.4 Secure Voice Communications
Section 2.5 Network Attacks and Countermeasures
- 3. INFORMATION SECURITY MANAGEMENT
Section 3.1 Security Management Concepts and Principles
Section 3.2 Change Control Management
Section 3.3 Data Classification
Section 3.4 Risk Management
Section 3.5 Employment Policies and Practices
Section 3.6 Risk Management
Section 3.7 Security Awareness Training
Section 3.8 Security Management Planning
- 4. APPLICATION PROGRAM SECURITY
Section 4.1 Application Issues
Section 4.2 Databases and Data Warehousing
Section 4.3 Systems Development Controls
Section 4.4 Malicious Code
Section 4.5 Methods of Attack
- 5. CRYPTOGRAPHY
Section 5.1 Use of Cryptography
Section 5.2 Cryptographic Concepts, Methodologies, and Practices
Section 5.3 Private Key Algorithms
Section 5.4 Public Key Infrastructure (PKI)
Section 5.5 System Architecture for Implementing Cryptographic Functions
Section 5.6 Methods of Attack
- 6. ENTERPRISE SECURITY ARCHITECTURE
Section 6.1 Principles of Computer and Network Organizations, Architectures, and Designs
Section 6.2 Principles of Security Models, Architectures and Evaluation Criteria
Section 6.3 Common Flaws and Security Issues — System Architecture and Design
- 7. OPERATIONS SECURITY
Section 7.1 Concepts
Section 7.2 Resource Protection Requirements
Section 7.3 Auditing
Section 7.4 Intrusion Detection
Section 7.5 Operations Controls
- 8. BUSINESS CONTINUITY PLANNING
Section 8.1 Business Continuity Planning
Section 8.2 Disaster Recovery Planning
Section 8.3 Elements of Business Continuity Planning
- 9. LAW, INVESTIGATION, AND ETHICS
Section 9.1 Information Law
Section 9.2 Investigations
Section 9.3 Major Categories of Computer Crime
Section 9.4 Incident Handling
Section 9.5 Ethics
- 10. PHYSICAL SECURITY
Section 10.1 Facility Requirements
Section 10.2 Technical Controls
Section 10.3 Environment and Life Safety
