Information Security Management Handbook 4th Ed.

Harold F. Tipton, Micki Krause

Publisher: Auerbach, 2000, 711 pages

ISBN: 0-8493-9829-0

Keywords: IT Security, Information Security

Last modified: June 30, 2021, 1:58 a.m.

Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for use by practioners to conduct the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination.

Preparing for the examination is a major effort because it requires a thorough understanding of the topics contained in the Common Body of Knowledge (CBK) for the field as specified in the Generally Accepted Systems Security Principles (GASSP). The handbook is one of the most important references used by candidates preparing for the exam.

The Information Security Management Handbook maps to the ten domains of the Common Body of Knowledge tested on the certification examination: access control issues and methodology; telecommunications and network security; security management practices; applications and systems development security; cryptography; security architecture and models; operations security; business continuity planning and disaster recovery planning; law, investigations, and ethics; and physical security.

The Information Security Management Handbook is a 'must have' book, whether you're preparing for the CISSP exam or need a comprehensive, up-to-date reference, or both.

  • Domain 1: Access Control Systems and Methodologies
    • Domain 1.1: Access Control Issues
      1. Biometric Identification
        Donald R. Richards
      2. Single Sign-on for the Enterprise
        John R. Vacca
  • Domain 2: Telecommunications and Network Security
    • Domain 2.1: Network Security
      1. Secured Connections to External Networks
        Steven F. Blanding
    • Domain 2.2: Internet, Intranet, and Extranet Security
      1. Firewalls: An Effective Solution for Internet Security
        E. Eugene Schultz
      2. Internet Security: Securing the Perimeter
        Douglas G. Conorich
      3. Extranet Access Control Issues
        Christopher King
      4. Firewall Management and Internet Attacks
        Lt. Jeffery J. Lowder
      5. Network Layer Security
        Steven F. Blanding
      6. Transport Layer Security
        Steven F. Blanding
      7. Application-Layer Security Protocols for Networks
        Bill Stackpole
      8. Security of Communication Protocols and Services
        William Hugh Murray
  • Domain 3: Security Management Practices
    • Domain 3.1: Security Awareness
      1. Security Awareness Program
        Tom Peltier
    • Domain 3.2: Organization Architecture
      1. Enterprise Security Architecture
        William Hugh Murray
      2. An Introduction to IPSec
        Bill Stackpole
    • Domain 3.3: Risk Management
      1. Risk Analysis and Assessment
        Will Ozier
      2. Protecting High-Tech Trade Secrets
        William C. Bont
      3. Information Security Management in the Healthcare Industry
        Micki Krause
  • Domain 4: Applications and Systems Development Security
    • Domain 4.1: Application Security
      1. Security Models for Object-Oriented Databases
        James Cannady
  • Domain 5: Cryptography
    • Domain 5.1: Crypto Technology and Implementations
      1. Fundamentals of Cryptography and Encryption
        Ronald A. Gove
      2. Principles and Applications of Cryptographic Key Management
        William Hugh Murray
      3. Implementing Kerberos in Distributed Systems
        Joe Kovara and Ray Kaplan
      4. getting Started with PKI
        Harry DeMaio
  • Domain 6: Security Architecture and Models
    • Domain 6.1: Microcomputer and LAN Security
      1. Microcomputers and LAN Security
        Stephen Cobb
  • Domain 7: Computer Operations Security
    • Domain 7.1: Threats
      1. How to Trap the Network Intruder
        Jeff Flynn
      2. A Look at Java Security
        Ben Rothke
  • Domain 8: Business Continuity Planning and Disaster Recovery Planning
    • Domain 8.1: Business Continuity Planning
      1. Reengineering the Business Continuity Planning Process
        Carl B. Jackson
    • Domain 8.2: Disaster Recovery Planning
      1. Restoration Components of Business Continuity Planning
        John Dorf and Marty Johnson
  • Domain 9: Law, Investigation, and Ethics
    • Domain 9.1: Investigation
      1. Computer Crime Investigations and Computer Forensics
        Thomas Welch
    • Domain 9.2: Information Ethics
      1. Ethics and the Internet
        Micki Krause
    • Domain 9.3: Information Law
      1. Jurisdictional Issues in Global Transmissions
        Ralph Spencer Poore
  • Domain 10: Physcal Security
    • Domain 10.1: Threats and Facility Requirements
      1. Intrusion Detection: How to Utilize a Still Immature Technology
        E. Eugene Schultz and Eugene Spafford


Information Security Management Handbook

Reviewed by Roland Buresund

OK ***** (5 out of 10)

Last modified: Nov. 14, 2008, 1:36 p.m.

Describes a lot of the fields within the CISSP. Nothing to get too excited about, a bit dry and boring, but not bad. Too shallow to use for a CISSP exam.


There are currently no comments

New Comment


required (not published)