This annually updated handbook provides a compilation of the fundamental knowledge, skills, techniques, and tools required by IT security professionals. It covers the CISSP^® Common Body of Knowledge (CBK^®) that forms the standard on which all IT security programs and certifications are based. Topics covered include access control, physical (environmental) security, cryptography, application security, and operations security. This new edition features the latest developments in information security and the (ISC)^2® CISSP CBK, including advanced persistent threats, new HIPAA requirements, social networks, virtualization, and SOA. 

Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 6 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay one step ahead of evolving threats, standards, and regulations.

Reporting on the latest developments in information security and recent changes to the (ISC)^2® CISSP Common Body of Knowledge (CBK^®), this volume features new information on advanced persistent threats, HIPAA requirements, social networks, virtualization, and SOA. Its comprehensive coverage touches on all the key areas IT security professionals need to know, including:

• Access Control: Technologies and administration including the requirements of current laws
• Telecommunications and Network Security: Addressing the Internet, intranet, and extranet
• Information Security and Risk Management: Organizational culture, preparing for a security audit, and the risks of social media
• Application Security: Ever-present malware threats and building security into the development process
• Security Architecture and Design: Principles of design including zones of trust
• Cryptography: Elliptic curve cryptosystems, format-preserving encryption
• Operations Security: Event analysis
• Business Continuity and Disaster Recovery Planning: Business continuity in the cloud
• Legal, Regulations, Compliance, and Investigation: Persistent threats and incident response in the virtual realm
• Physical Security: Essential aspects of physical security

The ubiquitous nature of computers and networks will always provide the opportunity and means to do harm. This edition updates its popular predecessors with the information you need to address the vulnerabilities created by recent innovations such as cloud computing, mobile banking, digital wallets, and near-field communications. This handbook is also available on CD.