Computer&IT@Add Ebook

Information Security Management Handbook, Fourth Edition, Volume III
by CISSP, Harold F. Tipton

Information Security Management Handbook, Fourth Edition, Volume III
By CISSP, Harold F. Tipton

Publisher: AUERBACH
Number Of Pages: 848
Publication Date: 2001-09-26
ISBN-10 / ASIN: 0849311276
ISBN-13 / EAN: 9780849311277
Binding: Hardcover

This is the latest version of one of the most important books for security professionals and others taking the CISSP examination as well as for people who use the Handbook as a reference. The changes in technology in information security and the increasing threats to security from open systems is creating a new industry. This update to the handbook is a stand alone reference for anyone involved in the security of information systems as well as preparation for those taking the CISSP certification examination.

Summary: An absolute “must-have” for information security professionals
Rating: 5

Now in its sixth updated edition, Information Security Management Handbook is an in-depth reference for business executives and professionals as well as a technical resource for information management experts. Essays written by a diversity of expert authors cover complex issues of information security management: the latest laws and regulations designed to force corporations to strengthen their ethics policies, risk assessments, metrics, disaster recovery, and much more. From the many different types and uses of cryptography, to effective implementation of physical security from guard personnel to closed-circuit television, to security in computer architecture, to telecommunications and network security, Information Security Management Handbook lives up to its title. An extensive glossary and index round out this massive reference, featuring over three thousand pages of expertise distilled in terms accessible to lay readers and professionals alike. “Password cracking would include cryptographic and brute-force attacks against password files, applying massive amounts of computer power to overwhelm the cryptographic protection of the passwords, typically in a remote or offline mode. Password guessing would include users attempting to guess the passwords to specific accounts, based on analysis and conjecture, and would typically be conducted through the password interface in an online mode. Password disclosure would include users sharing password credentials, or writing down passwords such that they are discoverable by an attacker.” An absolute “must-have” for information security professionals, and anyone else responsible for ensuring that trade secrets stay secret!

Summary: too thick
Rating: 4

The book should be published in 3 volumes. It is just too thick, imagine flipping through 3000 pages. The quality of the paper used is very poor too. Content of the book is fine.

Summary: Solid (and heavy)
Rating: 4

I have the Sixth Edition. Yes, it is 3000 pages and is printed on wafer thin paper.

The content is excellent for security professionals, particularly those at the management level. There are 220 articles within the 10 (ISC)2 domains on a wide variety of topics. Most of the stuff is higher level but just technical enough for you to have confidence in the concepts presented. It would probably be typical that you’d read an article in here for one of three reasons: background research for an immediate decision that doesn’t require detailed technical knowledge; introduction to concepts that will require further in-depth research; or research for a presentation to senior management, in which case you’d have to distill and simplify conceptually (something you’re probably already used to).

You will find multiple articles on single topics- some more complete than others, and potentially with a variety of perspectives, so you’ll have to make your own calls on what’s presented. It’s not a “InfoSec Management for Dummies” book that will give you easy answers to your problem or a step-by-step “how to implement an InfoSec program” guide; it’s more like an encyclopedia for research that you can use to factor into making your own, independent decisions. For example, there’s not a lot of specifics on actual risk assessment techniques, but there are high level articles on the principles.

I wish each of the individual articles were specifically dated so I’d know the time context; seeing a statement like “the position of CISO was virtually unheard of five years ago” or even “80 percent of companies monitor their employees’ email” means less without knowing when the article was written.

I could probably find a lot of similar information Googling for it, but Google doesn’t seem to be what it once was (or the Internet for that matter… so much for the days of shared research) and my time is too valuable to spend a lot of it culling through blogs, noisy forums, and marketing junk disguised as whitepapers to get this information.

For the record, I have passed the CISSP exam. I did not use this book, nor would I recommend it as a study guide. I bought this particular book because I needed it as a reference for my work. If you mastered this book cover to cover and didn’t read anything else, you’d probably do OK on the exam, but there are far more efficient means to getting there.

Summary: Excellent Security book
Rating: 4

Excellent very extensive security book. A very good reminder for the preparation of the CISSP exam. (is one of the official recommended books).

I passed my CISSP exam, because of this book.

Jako Boonekamp
CISSP #97956
The Netherlands

Summary: A multiple vision of IT Security
Rating: 5

This book is an excellent example of compilation of dozens of good works on IT Security. The quality of articles and the different points of view whereupon are treated turn to it an essential work. It only has a failure: such amount of information has been packed in only a volume that has forced the publisher to reduce both the font and the thickness of the paper to the maximum. Very bad for that no longer we have twenty years and in addition we were used to mark the most interesting paragraphs with a pencil.

Please Login or Register to read the rest of this content.

Related Posts

• Information Security and Privacy: 14th Australasian Conference, ACISP 2009 Brisbane, Australia, July 1-3, 2009 Proceedings (Lecture Notes in Computer Science / Security and Cryptology)
• Advances in Information Security and Assurance: Third International Conference and Workshops, ISA 2009, Seoul, Korea, June 25-27, 2009. Proceedings (Lecture … Computer Science / Security and Cryptology)
• Advances in Information Security and Its Application (Communications in Computer and Information Science)
• Information Security and Privacy: First Australasian Conference, ACISP ‘96, Wollongong, NSW, Australia, June 24 - 26, 1996, Proceedings (Lecture Notes in Computer Science)
• Information Security and Privacy: Second Australasian Conference, ACISP ‘97, Sydney, NSW, Australia, July 7-9, 1997 Proceedings (Lecture Notes in Computer Science)
• Information Security and Privacy: 5th Australasian Conference, ACISP 2000, Brisbane, Australia, July 10-12, 2000, Proceedings (Lecture Notes in Computer Science) (Taschenbuch)
• Information Security and Privacy: Third Australasian Conference, ACISP’98, Brisbane, Australia July 13-15, 1998, Proceedings (Lecture Notes in Computer Science)
• Information Security and Privacy: 4th Australasian Conference, ACISP’99, Wollongong, NSW, Australia, April 7-9, 1999, Proceedings (Lecture Notes in Computer Science)
• Information Security and Privacy: 13th Australasian Conference, ACISP 2008, Wollongong, Australia, July 7-9, 2008, Proceedings (Lecture Notes in Computer Science / Security and Cryptology)
• Information Security Governance (Wiley Series in Systems Engineering and Management)