IT Security

http://www.crcpress.com/product/isbn/9781420078541



Page 4 Page 10

Page 6 Page 19

Page 8 Page 22

MB

NC

IT0_

MC

_2.0

410g

tr

Want to maximize your buying power?

Order direct from our online store and

Receive FREE Standard Shipping

with every order, big or small.

Visit us at www.crcpress.com

to view more information and

complete tables of contents

for these and many other related books.

Contents

Security Management ......................................3

Security Operations ..........................................9

(ISC)2 Press......................................................12

Information Security Management Handbook ..13

Physical Security ............................................14

Application Security ........................................15

Computer Forensics ........................................16

Audit ..............................................................18

Governance, Risk, and Compliance ................19

System Defense ..............................................21

InformationSecurityNetBASE ..........................23







3

Security Management

For more information and complete contents, visit www.crcpress.com

InformationSecurityManagementMetricsA Definitive Guide toEffective SecurityMonitoring andMeasurementW. Krag Brotby, CISMEnterprise Security Architect, Thousand Oaks, California,

Spectacular security failures continue to domi-nate the headlines despite huge increases insecurity budgets and ever-more draconianregulations. The 20/20 hindsight of audits isno longer an effective solution to securityweaknesses and the necessity for real-timestrategic metrics has never been more critical.

Information Security Metrics: A DefinitiveGuide to Effective Security Monitoring andMeasurement offers a radical new approachfor developing and implementing securitymetrics essential for supporting business activ-ities and managing information risk. This workprovides insight into these critical securityquestions:

• How secure is my organization?• How much security is enough?• What are the most cost-effective securitysolutions?

• How do we determine the degree of risk?

Using case studies, this volume shows readershow to develop metrics that can be usedacross an organization to assure its informationsystems are functioning, secure, and support-ive of the organization’s business objectives. Itprovides a comprehensive overview of securitymetrics, discusses the current state of metricsin use today, and looks at promising newdevelopments. Later chapters explore ways todevelop effective strategic and managementmetrics for information security governance,risk management, program implementationand management, and incident managementand response.

Catalog no. AU5285, 2009, 200 pp.ISBN: 978-1-4200-5285-5, $79.95 / £48.99

Complete Guideto Security andPrivacy MetricsMeasuringRegulatoryCompliance,OperationalResilience, and ROIDebra S. HerrmannU.S. Nuclear Regulatory Commission, Washington, D.C., USA

While it has become increasingly apparent thatindividuals and organizations need a securitymetrics program, it has been exceedingly diffi-cult to define exactly what that means in agiven situation. Finding the correct formula fora specific scenario calls for a clear concise guidewith which to navigate this sea of information.

Complete Guide to Security and PrivacyMetrics: Measuring Regulatory Compliance,Operational Resilience, and ROI definesmore than 900 ready-to-use metrics that meas-ure compliance, resiliency, and return oninvestment. The author explains what needs tobe measured, why and how to measure it, andhow to tie security and privacy metrics to busi-ness goals and objectives. The book addressesmeasuring compliance with current legislation,regulations, andstandards in the United States,European Union, and Canada, includingSarbanes–Oxley, HIPAA, and the DataProtection Act-UK.

The metrics covered are scaled by informationsensitivity, asset criticality, and risk, and alignedto correspond with different lateral and hierar-chical functions within an organization. Thetext includes numerous examples and samplereports to illustrate these concepts and stressesa complete assessment by evaluating the inter-action and interdependence between physical,personnel, IT, and operational security controls.




4 SAVE 15% when you order online at www.crcpress.com

Security Management

Building anEffectiveInformationSecurity PolicyArchitectureSandy BacikConsultant, Fuquay Varina,North Carolina, USA

Information security teams are charged withdeveloping and maintaining a set of docu-ments that will protect the assets of an enter-prise from constant threats and risks. In orderfor these safeguards and controls to be effec-tive, they must suit the particular businessneeds of the enterprise.

A guide for security professionals, Building anEffective Information Security PolicyArchitecture explains how to review, develop,and implement a security architecture for anysize enterprise, whether it is a global companyor a small or medium-sized business. Throughthe use of questionnaires and interviews, thebook demonstrates how to evaluate an orga-nization’s culture and its ability to meet varioussecurity standards and requirements. Becausethe effectiveness of a policy is dependent oncooperation and compliance, the author alsoprovides tips on how to communicate the pol-icy and gain support for it.

Features:

• Explains how to review an existing policyarchitecture

• Provides a manual of style with sample document formatting

• Demonstrates how to perform a risk analysis

• Describes how to effectively communicatethe policy architecture to an organization

Suitable for any level of technical aptitude, thisbook can help professionals evaluate the busi-ness needs and risks of an enterprise and incor-porate this information into an effective secu-rity policy architecture.


New!

InformationSecurityManagementConcepts andPracticeBel G. RaggadPace University, Pleasantville,New York, USA

Information security cannot be effectively man-aged unless secure methods and standards areintegrated into all phases of the informationsecurity life cycle. Although the internationalcommunity has been aggressively engaged indeveloping security standards for network andinformation security worldwide, there are fewtexts that provide clear guidance on how toproperly apply the new standards in conduct-ing security audits and creating risk-driveninformation security programs.

Information Security Management:Concepts and Practice provides a generaloverview of security auditing before examiningthe various elements of the information securi-ty life cycle. It explains the ISO 17799 standardand walks readers through the steps of con-ducting a nominal security audit that conformsto the standard. The text also provides detailedguidance for conducting an in-depth technicalsecurity audit leading to certification againstthe 27001 standard. Topics addressed includecyber security, security risk assessments, privacyrights, HIPAA, SOX, intrusion detection sys-tems, security testing activities, cyber terrorism,and vulnerability assessments.

This self-contained text is filled with reviewquestions and real-world examples that illus-trate effective implementation and securityauditing methodologies. It also includes adetailed security auditing protocol readers canuse to devise and implement effective risk-driv-en security programs that touch all phases of acomputing environment.

Catalog no. AU7854, January 2010, 871 pp.ISBN: 978-1-4200-7854-1, $79.95 / £49.99



5

Security Management


InformationAssuranceArchitectureKeith D. WillettCTN Technologies, Millersville,Maryland, USA

Since information is the lifeblood of an organ-ization, security professionals must be espe-cially vigilant about assuring it. The hacker,spy, or cyber-thief of today can breach anybarrier if it remains unchanged long enough orhas even the tiniest leak; consequently, infor-mation architecture must be dynamic and fullyintegrated within all facets of the enterprise. InInformation Assurance Architecture, KeithD. Willett draws on his over 25 years of tech-nical, security, and business experience to pro-vide a framework for organizations to aligninformation assurance with the enterprise andtheir overall mission.

This work provides the security industry withthe know-how to create a formal informationassurance architecture that complements anenterprise architecture, systems engineering,and the enterprise life cycle management(ELCM). The book consists of a framework, aprocess, and many supporting tools, tem-plates, and methodologies. The frameworkprovides a reference model for the considera-tion of security in many contexts and from var-ious perspectives; the process provides direc-tion on how to apply that framework. Mr.Willett teaches readers how to identify and usethe right tools for the right job. Furthermore,he demonstrates a disciplined approach inthinking about, planning, implementing, andmanaging security, emphasizing that solidsolutions can be made impenetrable whenthey are seamlessly integrated with the wholeof an enterprise.


CISO Soft SkillsSecuringOrganizationsImpaired byEmployee Politics,Apathy, andIntolerantPerspectivesRon Collette andMichael GentileCISOHandbook.com & Traxx Consulting Services,Newport Beach, California, USA

Skye GentileAptos, California, USA

A companion volume to the highly toutedCISO Handbook, CISO Soft Skills: SecuringOrganizations Impaired by EmployeePolitics, Apathy, and Intolerant Perspectivespresents tools that empower security practi-tioners to identify the intangible negative influ-encers of security that plague most organiza-tions, and provides further techniques to iden-tify, minimize, and overcome these pitfallswithin customized situations.

The book discusses the root causes that nega-tively influence both a CISO and an organiza-tion’s ability to truly secure itself. These rootcauses, also known as security constraints,include:

• Employee apathy• Employee myopia or tunnel vision• Employee primacy, often exhibited as office politics

• The infancy of the information securitydiscipline

The authors provide numerous practical andactionable exercises, tools, and techniques toidentify, limit, and compensate for the influ-ence of security constraints in any type oforganization. The final chapters discuss someproactive techniques that CISOs can utilize toeffectively secure challenging work environ-ments. Reflecting the experience and solutionsof those that are in the trenches of modernorganizations, this volume provides practicalideas that can make a difference in the dailylives of security practitioners.





Security Management

New!

CloudComputingImplementation,Management, andSecurityJohn W. RittinghouseHypersecurity LLC, Houston,Texas, USA

James F. RansomeCisco Systems, Santa Clara, California, USA

Cloud Computing: Implementation,Management, and Security provides anunderstanding of what cloud computing real-ly means, examines its advantages and disad-vantages, and explores how disruptive it maybecome in the future. The authors first discussthe evolution of computing from a historicalperspective, focusing primarily on advancesthat led to the development of cloud comput-ing. They then survey some of the critical com-ponents that are necessary to make the cloudcomputing paradigm feasible. They also pres-ent standards based on the use and imple-mentation issues surrounding cloud comput-ing and describe the infrastructure manage-ment that is maintained by cloud computingservice providers. After addressing significantlegal and philosophical issues, the book con-cludes with a hard look at successful cloudcomputing vendors.

Features:

• Discusses how new technologies, such asvirtualization, played a huge role in thegrowth and acceptance of cloud computing

• Describes different types of cloud services • Illustrates how to build a cloud network• Presents common standards for applicationdevelopment, messaging, and security

• Covers the legal and philosophical issuesthat must be addressed to properly protectuser data and mitigate corporate liability

• Examines the successes of several cloudcomputing vendors and how their achieve-ments have helped shape cloud computing

Catalog no. K10347, January 2010, 340 pp.ISBN: 978-1-4398-0680-7, $79.95 / £49.99

InformationSecurityDesign,Implementation,Measurement, andComplianceTimothy P. LaytonGrover, Missouri, USA

Information Security: Design, Implement-ation, Measurement, and Compliance out-lines a complete roadmap to successful adap-tation and implementation of a security pro-gram based on the ISO/IEC 17799:2005(27002) Code of Practice for Information SecurityManagement. The book first describes a riskassessment model, a detailed risk assessmentmethodology, and an information securityevaluation process. Upon this foundation, theauthor presents a proposed security baselinefor all organizations, an executive summary ofthe ISO/IEC 17799 standard, and a gap analy-sis exposing the differences between therecently rescinded version and the newlyreleased version of the standard. Finally, hedevotes individual chapters to each of the 11control areas defined in the standard, system-atically covering the 133 controls within the 39control objectives.

Features:

• Contains a programmatic approach thatapplies to a business regardless of its size ortype

• Presents a process that allows firms toshape customized information securitypractices for their own requirements

• Demonstrates how to conduct a risk assessment covering all controls and control objectives

• Illustrates how to use data both qualitativelyand quantitatively to meet the ISO/IEC17799 standard

• Provides a gap analysis between the firstand second editions of the standard to simplify transition to the new one




7

Security Management


New!

The ExecutiveMBA inInformationSecurityJohn J. Trinckes, Jr.Hampton, Florida, USA

According to the Brookings Institute, an orga-nization’s information and other intangibleassets account for over 80 percent of its mar-ket value. As the primary sponsors and imple-menters of information security programs,those in key leadership positions must possessa solid understanding of the constantly evolv-ing fundamental concepts of informationsecurity management. Supplying a completeoverview of key concepts, The ExecutiveMBA in Information Security provides thetools needed to ensure an organization has aneffective and up-to-date information securitymanagement program in place. This one-stopresource provides a ready-to use securityframework that can be used to develop work-able programs and includes proven tips foravoiding common pitfalls.

Allowing for quick and easy reference, thistime-saving manual explores:

• The difference between information securityand IT security

• Corporate governance and how it relates toinformation security

• Steps and processes involved in hiring theright information security staff

• The different functional areas related toinformation security

• Roles and responsibilities of the chief information security officer (CISO)

Presenting difficult concepts in a straightfor-ward manner, this concise guide allows corpo-rate leaders to learn what it takes to develop arock-solid information security managementprogram that is as flexible as it is secure.


How to Developand Implementa SecurityMaster PlanTimothy GilesNewnan, Georgia, USA

How to Develop andImplement a SecurityMaster Plan details howto construct a customized, comprehensive five-year corporate security plan that synchronizeswith the strategies of any business or institu-tion. The author explains how to develop aplan and implementation strategy that alignswith an organization’s particular philosophies,strategies, goals, programs, and processes.Readers learn how to outline risks and then for-mulate appropriate mitigation strategies.

This guide provides tested, real-world adviceon how to:

• Conduct an effective, efficient assessment ofthe site and security personnel, meticulouslyaddressing the particular needs of manydifferent environments

• Make decisions about security philosophies,strategies, contract relationships, technology,and equipment replacement

• Interview executive and security manage-ment to determine their concerns, educatethem, and ensure that they buy in to theplan

• Use all gathered data to construct and finalize the Security Master Plan and thenimplement it into the management of thebusiness

• Apply insights from an expert with globalexperience at the highest level

Author Tim Giles worked at IBM for 31 yearsserving as Director of Security for the compa-ny’s operations in the United States, Canada,Latin America, and Asia-Pacific. His immeasura-ble insight and experience provide readers withan extraordinarily comprehensive understand-ing that they can use to design and execute ahighly effective, tailored security program.


http://www.crcpress.com/utility_search/search_results.jsf?conversationId=120830



Security Management

The CISOHandbookA Practical Guide toSecuring YourCompanyMichael Gentile andRon ColletteCISOHandbook.com & TraxxConsulting Services, NewportBeach, California, USA

Tom AugustSony Corporation of America, San Diego, California, USA

The CISO Handbook: A Practical Guide toSecuring Your Company offers unique insightsinto designing and implementing an informa-tion security program, building a robust frame-work that enables professionals to map con-cepts to their company’s environment.

The book identifies the elements that drive theneed for infosec programs and discusses how tobuild the foundation of a program and developan executive mandate along with reportingmetrics and an organizational matrix withdefined roles and responsibilities. It demon-strates how to construct the policies and proce-dures to meet identified business objectives,emphasizing the creation of a successful execu-tion model for the implementation of securityprojects against the backdop of common busi-ness constraints. Lastly, it focuses on communi-cating back to the external and internal stake-holders with information that fits the variousaudiences.

Features:

• Presents a comprehensive roadmap fordesigning and implementing an effectiveinfosec program

• Builds a bridge between high-level theoryand practical execution

• Provides a set of practices that security professionals can use every day

• Illustrates practical issues often overlookedby theoretical texts

• Outlines a framework that can be expandedor contracted to meet a company’s needs


Second Edition of a bestseller!

Managing anInformationSecurity andPrivacyAwareness and Training ProgramSecond EditionRebecca HeroldRebecca Herold, LLC, Van Meter, Iowa, USA

“Rebecca Herold has the answers in her defini-tive book on everything everybody needs toknow about how to impart security awareness,training, and motivation. Motivation had beenmissing from the information security lexiconuntil Herold put it there in most thorough andeffective ways… The power of this book also liesin applying real education theory, methods,and practice to teaching security awarenessand training … After reading this book, there isno question about the necessary and importantroles of security awareness, training, and moti-vation.”

—Donn B. Parker, CISSP, from the Preface

“This book is remarkable because it covers indetail all the facets of providing effective securi-ty awareness training … I can, without reserva-tion, recommend use of this book to any organ-ization faced with the need to develop a suc-cessful training and awareness program. Itsurely provides everything you need to know tocreate a real winner.”

—Hal Tipton, from the Foreword

This volume provides a starting point and an all-in-one resource for infosec and privacy educa-tion practitioners who are building programs fortheir organizations. The author applies knowl-edge obtained through her work in education,creating a comprehensive resource of nearlyeverything involved with managing an infosecand privacy training course. This book includesexamples and tools from a wide range of busi-nesses, enabling readers to select effective com-ponents that will be beneficial to their enterpris-es. The text progresses from the inception of aneducation program through development,implementation, delivery, and evaluation.

Catalog no. K10793, July 2010, c. 528 pp.,ISBN: 978-1-4398-1545-8, $79.95 / £49.99



9

Security Operations


Digital PrivacyTheory, Technologies,and PracticesEdited by

Alessandro Acquisti,Stefanos Gritzalis,Costos Lambrinoudakis,and Sabrina DeCapitani di Vimercati

While the utilization of personal informationcan improve customer services, increase rev-enues, and lower business costs, it can also beeasily misused and lead to violations of priva-cy. According to recent surveys, privacy, andanonymity are the fundamental issues of con-cern for most internet users, ranked higherthan ease-of-use, spam, cost, and security.Reflecting the growing interest in this area,Digital Privacy: Theory, Techniques, andPractices covers state-of-the-art technologies,best practices, and research results, as well aslegal, regulatory, and ethical issues.

The editors, established researchers whosework enjoys worldwide recognition, draw oncontributions from experts in academia, indus-try, and government to delineate theoretical,technical, and practical aspects of digital priva-cy. They provide an up-to-date, integratedapproach to privacy issues that spells out whatdigital privacy is, and they cover the threats,rights, and provisions of the legal framework interms of technical countermeasures for theprotection of an individual’s privacy. The workis a thorough exploration of protocols, mech-anisms, applications, architectures, systems,and experimental studies.

Encompassing a wide range of privacy topicsexamined by a stellar cast of contributors, thisvolume provides the foundation for buildingeffective and legal privacy protocols into anorganization’s business processes.


Mechanics of UserIdentificationandAuthenticationFundamentals ofIdentityManagementDobromir TodorovConsultant, Buckinghamshire, UK

User identification and authentication areessential parts of information security. Usersmust authenticate as they access their comput-er systems at work or at home every day. Yet dousers understand how and why they are actu-ally being authenticated, the security level ofthe authentication mechanism that they areusing, and the potential impacts of selectingone authentication mechanism or another?

Introducing key concepts, Mechanics of UserIdentification and Authentication:Fundamentals of Identity Management out-lines the process of controlled access toresources through authentication, authoriza-tion, and accounting in an in-depth yet acces-sible manner. It examines today’s security land-scape and the specific threats to user authenti-cation. The book then outlines the process ofcontrolled access to resources and discusses thetypes of user credentials that can be presentedas proof of identity prior to accessing a com-puter system. It also contains an overview oncryptography that includes the essentialapproaches and terms required for under-standing how user authentication works.

This book provides specific information on theuser authentication process for both UNIX andWindows. Addressing more advanced applica-tions and services, the author presents com-mon security models such as GSSAPI and dis-cusses authentication architecture. Eachmethod is illustrated with a specific authentica-tion scenario.




New!

VulnerabilityManagementPark ForemanGroupM, New York, USA

As old as the threat of danger itself, vulnerabil-ity management (VM) has been the responsi-bility of leaders in every human organization.Today, the focus of vulnerability managementis still on infrastructure, but as knowledge ispower and the lifeblood of any organization isits capacity for quick system-wide response,current emphasis needs to be placed on main-taining the integrity of IT applications.

Valuable guidance from an expert withtwo decades of security experience

Written by international security consultantPark Foreman, Vulnerability Managementdemonstrates a proactive approach. Illustratedwith examples drawn from more than twodecades of multinational experience, Foremandemonstrates how much easier it is to managepotential weaknesses than to clean up after aviolation. He provides the strategic vision andaction steps needed to prevent the exploita-tion of IT security gaps, especially those thatare inherent in a larger organization.

Features:

• Offers the guidance needed to develop andpersonalize a VM management program

• Goes far beyond the obvious to cover thoseareas often neglected, as well as those thatare actually less secure than they mightappear

• Demonstrates a host of proven methods to assess and reduce the potential forexploitation from within as well as by outsiders

• Provides detailed checklists used by theauthor


SoftwareDeployment,Updating, andPatchingBill Stackpole andPatrick HanrionMicrosoft Corporation, Redmond,Washington, USA

The deployment of software patches can bejust as challenging as building entirely newworkstations. Preparing for the rigors of soft-ware deployment includes not just imple-menting change, but training employees, pre-dicting and mitigating pitfalls, and managingexpectations.

Software Deployment, Updating, andPatching provides the skills needed to devel-op a comprehensive strategy for tracking andmanaging system configurations, as well as forupdating and securing systems with the latestpacks and patches. Written by two ofMicrosoft’s top experts, this clear and concisemanual demonstrates how to perform inven-tories of IT assets, test compatibility, targetdeployment, and evaluate management tech-nologies. It also shows how to create andimplement deployment plans with recoveryand remediation options, and how to recog-nize potential vulnerabilities.

Empowering businesses to develop a compre-hensive strategy for managing, updating, andsecuring essential systems, this volume:

• Demonstrates how to implement systemconfiguration management

• Explains software updating and patch management strategies

• Illustrates how to take inventory of IT assetsand identify old versions and potential vulnerabilities

• Shows how to test updates and patches to verify functionality, stability, and compatibility

• Allows readers to create and execute adeployment plan with recovery and remediation options



Security Operations



11

Security Operations


Security in anIPv6EnvironmentDaniel MinoliSES Engineering, Princeton, New Jersey, USA

Jake KounsMarkel Corporation, Glen Allen,Virginia, USA

As Internet Protocol Version 6 (IPv6) becomes aninstitutional imperative, questions emerge aboutthe security of an IPv6-based architecture andthe strategies for transition from IPv4. A practicalprimer, Security in an IPv6 Environment dis-cusses IPv6 security vulnerabilities, considera-tions, mechanisms, and approaches.

Surveying methods used to ensure a reliableand controlled IPv6 migration, this volume:

• Explains the IPSec Authentication Header(AH) and Encapsulating Security Protocol(ESP), and the use of these protocols inIPv6 environments

• Elaborates on IPv6 addressing security,extension headers and fragmentation,neighbor discovery issues, DNS issues,NATs, packet filtering, and Teredo

• Examines firewall use in IPv6 environments,including use of host-based and distributedfirewalls

An increasing amount of mission-critical com-mercial and military operations are supportedby distributed, mobile, always-connected,hybrid public-private networks, especially IPv6-based networks. The growing number ofattackers or inimical agents means that all com-puting environments must have high-assur-ance security mechanisms. This comprehensivebook explains why security savvy is indispensi-ble, and includes considerations for mixed IPv4and IPv6 migration environments. More thanan exhaustive treatment of IPv6 and securitytopics, this book is a point of departure for any-one adjusting to this technological transitionand the subtending security considerations.


New!

Building anEnterprise-WideBusinessContinuityProgramKelley OkolitaMBCP (Master BusinessContinuity Planner), Worcester, Massachusetts, USA

Drawing on over two decades of experiencecreating continuity plans and using them inactual recoveries, Kelley Okolita goes beyondtheory to provide planners with thetools needed to build a continuity program inany enterprise. The book offers guidance oneach step of the process, including how to val-idate the plan, time-tested tips for keeping theplan action-ready over the course of time, andhow to sell the program to senior leadership.

Catalog no. AU8645, January 2010, 344 pp.ISBN: 978-1-4200-8864-9, $79.95 / £49.99

EnterpriseSystems Backupand RecoveryA CorporateInsurance PolicyPreston de GuiseIDATA Pty Ltd., Sydney, Australia

This book recommends corporate proceduresand policies that need to be established forcomprehensive data protection. Suitable forany organization, regardless of what operatingsystems or applications are deployed, whatbackup system is in place, or what planninghas been done for business continuity, thebook explains how backup must be includedin every phase of system planning, develop-ment, operation, and maintenance. It also pro-vides techniques for analyzing and improvingcurrent backup system performance.

Catalog no. AU6396, 2009, 308 pp., Soft Cover,ISBN: 978-1-4200-7639-4, $69.95 / £44.99





(ISC)2 Press

Bestseller!

Building and Implementing a Security Certification andAccreditation ProgramOFFICIAL (ISC)2® GUIDE to the CAPcm CBK®

Patrick D. HowardNuclear Regulatory Commission, USA

Demonstrates the effectiveness of certificationand accreditation (C&A) as a risk managementmethodology for IT systems in public and privateorganizations


CISO LeadershipEssential Principles for SuccessEdited by

Todd Fitzgerald, CISSP, CISA, CISMMilwaukee, Wisconsin, USA

Micki Krause, CISSPPacific Life Insurance Company, Newport Beach,California, USA

Describes the management skills needed byaspiring senior security executives


Bestseller!

Official (ISC)2® Guide to theCISSP®-ISSEP® CBK®

Edited by

Susan Hansche, CISSP-ISSEPPEC Solutions, Fairfax, Virginia, USA

An inclusive analysis of all of the topics coveredon the ISSEP Exam


New!

Official (ISC)2® Guide to the CISSP® CBK®

Second EditionEdited by

Harold F. TiptonHFT Associates, Villa Park, California, USA

Kevin HenryNorth Gower, Canada

Includes a CD-ROM with sample exams


Official (ISC)2 Guide to theSSCP® CBK®

Edited by

Diana-Lynn Contesti, Douglas Andre, Eric Waxvik, Paul A. Henry, and Bonnie A. Goins

Explores the seven domains of the CBK


Coming Soon!

Official (ISC)2® Guide to theISSAP® CBK®

Edited by

Harold F. TiptonHFT Associates, Villa Park, California, USA

Kevin Henry(ISC)2 Institute, North Gower, Ontario, Canada

Assures competence of the six major domainsof the Information Systems SecurityArchitecture Professional (ISSAP) Concentration

Catalog no. K10073, June 2010, c. 500 pp.ISBN: 978-1-4398-0093-5, $79.95 / £49.99







13

Information Security Management Handbook


Information Security Management Handbook

Sixth Edition, Volume 3Edited by

Harold F. Tipton, CISSPHFT Associates, Villa Park, California, USA

Micki Krause, CISSPPacific Life Insurance Company, Newport Beach, California, USA

Every year, in response to new technologies and new laws in different countries and regions,there are changes to the fundamental knowledge, skills, techniques, and tools required by allIT security professionals. In step with the lightning-quick, increasingly fast pace of change inthe technology field, the Information Security Management Handbook has become thestandard on which all IT security programs and certifications are based. It reflects newupdates to the Common Body of Knowledge (CBK®) that IT security professionals all over theglobe need to know. The Sixth Edition, Volume 3 is as a stand-alone reference and alsoupdates the 3280-page benchmark Volume 1.

Captures the crucial elements of the CBKExploring the ten domains of the CBK, the book explores access control, telecommunicationsand network security, information security and risk management, application security, andcryptography. In addition, the expert contributors address security architecture and design,operations security, business continuity planning, and disaster recovery planning. The bookalso covers legal regulations, compliance, investigation, and physical security. In this anthol-ogy of treatises dealing with the management and technical facets of information security,the contributors examine varied topics such as anywhere computing, virtualization, pod-slurping, quantum computing, mashups, blue snarfing, mobile device theft, social comput-ing, voting machine insecurity, and format string vulnerabilities.

Catalog no. AU0925, 2009, 392 pp., ISBN: 978-1-4200-9092-5, $99.95 / £60.99

Bestseller!

Information Security Management HandbookSixth Edition, Volume 1


Information Security Management HandbookSixth Edition, Volume 2


New! Get all 3 volumes on CD-ROM!

Information Security Management Handbook2009 CD-ROM Edition

The multi-volume set of the Information Security Management Handbook is now avail-able on CD-ROM. Containing the complete contents of the set, it offers a resource that isportable, linked, and searchable by keyword, and is organized under the CISSP® CommonBody of Knowledge (CBK®) domains. Inaddition to an electronic version of the most com-prehensive resource for information security management, this CD-ROM contains an extravolume’s worth of information, including chapters from other security and networking booksthat have never appeared in the print editions and cannot found anywhere else.

Exportable text and hard copies are available at the click of a mouse.

Catalog no. AU0984, January 2010, CD-ROM, ISBN: 978-1-4200-9098-7, $199.95 / £127.00

AlsoAvailable






Physical Security

Bestseller!

IntelligentNetwork VideoUnderstandingModern VideoSurveillance SystemsFredrik NilssonAxis Communications Inc.,Chelmsford, Massachusetts, USA

This resource provides detailed coverage ofadvanced digital networking and intelligentvideo capabilities and optimization. It address-es general concepts, explains why IP-basedsystems provide better quality at a lower cost,and provides current information on camerasand DVRs. It also discusses frame rate control,indoor/outdoor installations, and MPEG-4 andother digital video formats. The book isaccompanied by a CD-ROM containing toolsfor deploying and optimizing an installation.


New!

IntelligentVideoSurveillanceSystems andTechnologyEdited by

Yunqian MaHoneywell International, Inc.,Minnesota, USA

Gang QianArizona State University, Tempe, USA

The latest implementation of surveillance cam-eras includes advanced video systems that canautonomously recognize people, detect move-ments, and identify targeted activities in real-time. In response to such technology, thisbook examines the fundamental principles ofcurrent intelligent video surveillance systems.Providing a comprehensive look at the algo-rithmic design and system implementation forintelligent video surveillance, the authorscover computational principles and practicalapplications of present and future systems.


21st CenturySecurity andCPTEDDesigning for CriticalInfrastructureProtection and Crime PreventionRandall I. AtlasAtlas Safety and Security Design,Inc., Fort Lauderdale, Florida, USA

Offering important insight into concernsabout violence and terrorism, this volumeexamines current trends in the developingfield of Crime Prevention throughEnvironmental Design (CPTED). Highly rele-vant to critical infrastructure protection, thebook addresses application of CPTED to high-security environments, as well as public andprivate sector buildings. Facilitating under-standing across fields, each chapter includesreferences and web links for further study.


CriticalInfrastructureUnderstanding ItsComponent Parts,Vulnerabilities,Operating Risks, andInterdependenciesTyson MacaulayCISSIP, CISA, ISSPCS, Ottawa,Ontario, Canada

Moving beyond definitions, this volume looksat the “iron triangle” within critical infrastruc-tures: power, telecom, and finance. It intro-duces the concept of CIs as industrial andenterprise “risk conductors,” highlighting thefact that a CI failure can propagate an impactthroughout an enterprise. This text rethinks theconcept of a CI according to contemporary fac-tors, providing guidance for mitigating riskwithin the framework of national economies.






15

Application Security


ApplicationSecuritySecuritySoftwareDevelopmentAssessing andManaging Security RisksDouglas A. AshbaughSoftware Engineering Services,West Des Moines, Iowa, USA

Secure Software Development: Assessingand Managing Security Risks illustrates howsoftware application security can be best andmost cost-effectively achieved when develop-ers monitor and regulate risks early on, inte-grating assessment and management into thedevelopment life cycle. Drawing from theauthor’s extensive experience as a developer,this volume examines current trends as well asproblems that have plagued software securityfor more than a decade.

Helping readers understand the security envi-ronment and the need for safety measures, thebook:

• Explains the fundamental terms related tothe security process

• Outlines and compares various techniquesfor assessing, identifying, and managingsecurity risks and vulnerabilities, with step-by-step instruction on how to executeeach approach

• Elaborates on the pros and cons of eachmethod, phase by phase, to help readersselect the one that best suits their needs

Despite decades of extraordinary growth insoftware development, many open-source,government, regulatory, and industry organi-zations have been slow to adopt new applica-tion safety controls, hesitant to take on theadded expense. This book improves under-standing of the security environment and theneed for safety measures. It shows readers howto analyze relevant threats to their applicationsand then implement time- and money-savingtechniques to safeguard them.


ArchitectingSecure SoftwareSystemsAsoke K. TalukderSRIT House, Kundalahalli,Bangalore, India

Manish ChaitanyaIrving, Texas, USA

Through the use of examples, this volumedefines a myriad of security vulnerabilities andtheir resultant threats. It details how to do asecurity requirement analysis and outlines thesecurity development lifecycle. The authorsexamine security architectures and threatcountermeasures for UNIX, .NET, Java, mobile,and web environments. Finally, they explorethe security of telecommunications and otherdistributed services through Service OrientedArchitecture (SOA).


Testing CodeSecurityMaura A. van der LindenMicrosoft, Snohomish,Washington, USA

Written in simple, straightforward terms, thistext is a consolidated resource designed toteach the basic software security conceptsrequired to conduct relevant and effectivetests. Offering real-life examples that are notplatform- or operating system-dependant, itpresents foundation concepts, process andapproach in security testing, security test plan-ning, threat-modeling, and specific root vul-nerability problems with instructions on howto test for them.






Computer Forensics

ComputerForensicsEvidence Collectionand ManagementRobert C. NewmanGeorgia Southern University,Statesboro, USA

Focusing on numerousvulnerabilities and threatsthat are inherent on the internet and network-ing environments, Computer Forensics:Evidence Collection and Management exam-ines activities that can be used to exploit theinternet, computers, and electronic devices.Divided into two major sections, the first partexplores various crimes, laws, policies, forensictools, and the information needed to under-stand the underlying concepts of computerforensic investigations. The second sectionpresents information relating to crime sceneinvestigations and management, disk and filestructure, laboratory construction and func-tions, and legal testimony. Separate chaptersfocus on investigations involving computer sys-tems, e-mail, and wireless devices.

Features:

• Presents more than 200 key terms throughout the book, with definitions supplied in the glossary

• Contains over 100 review questions andanswers that help solidify comprehension

• Offers optional exercises and cases thatemphasize the book’s content

• Provides two sets of forms: the first forguiding readers through a forensic investi-gation and the second for guiding themthrough the procedures used in computerforensic laboratories

• Contains a selected bibliography withresources beneficial to forensic professionals

Offering a wealth of knowledge, the bookpresents techniques and suggestions for cor-porate security personnel, investigators, andforensic examiners to successfully identify,retrieve, and protect valuable forensic evi-dence for litigation and prosecution.


Cyber ForensicsA Field Manual forCollecting,Examining, andPreserving Evidenceof Computer Crimes,Second EditionAlbert Marcella, Jr.CISA Business AutomationConsultants, LLC, Ballwin,Missouri, USA

Doug MenendezCISA, Saint Louis, Missouri, USA

Designed as an introduction and overview tothe field, Cyber Forensics: A Field Manualfor Collecting, Examining, and PreservingEvidence of Computer Crimes, SecondEdition integrates theory and practice to pres-ent the policies, procedures, methodologies,and legal ramifications and implications of acyber forensic investigation. The authors guidereaders step-by-step through the basics ofinvestigation and introduce the tools and pro-cedures required to legally seize and forensi-cally evaluate a suspect machine.

Features:

• Updates and expands information on concealment techniques, new technologies,hardware, software, and relevant newlegislation

• Details the ability of cyber forensics toreveal and track legal and illegal activity

• Describes how to begin an investigationand employ investigative methodology

• Explains rules of evidence and chain of custody within both the local and federallegal framework

• Discusses standard operating proceduresfor cyber forensic investigation in the fieldand laboratory

• Evaluates the current data security andintegrity exposure of multifunctional devices

• Establishes a flowchart for the seizure ofelectronic evidence

An extensive list of appendices provides valu-able “hands-on” information including web-sites, organizations, pertinent legislation, furtherreadings, and best practice recommendations.




17

Computer Forensics


Wireless Crimeand ForensicInvestigationGregory KipperComputer Security Innovations,Herndon, Virginia, USA

From short text messaging to war driving,Wireless Crime and Forensic Investigationexplores all aspects of wireless technology,how it is used in daily life, and how it will beused in the future. The book provides a one-stop resource on the types of wireless crimesthat are being committed and forensic investi-gation techniques for wireless devices andwireless networks. The author’s straightfor-ward and easy-to-read style seamlessly inte-grates the topics of wireless security and com-puter forensics. He provides a solid under-standing of modern wireless technologies,wireless security techniques, wireless crimetechniques, and forensic analysis on wirelessdevices and networks. Each chapter, while partof a greater whole, can stand alone.

With a problem space as big and complex aswireless, proactive measures must be imple-mented immediately. To protect an organiza-tion, security professionals must be well versedin the new technology sooner rather thanlater. This book not only has all the informationrequired to become proficient in wireless tech-nology, but also provides the informationrequired for conducting a forensic analysis in awireless environment.


Practical HackingTechniques andCountermeasuresMark D. Spivey, CISSPConsultant, Tomball, Texas, USA

Examining computer security from the hack-er’s perspective, Practical HackingTechniques and Countermeasures employsthe use of virtual computers to illustrate howan attack is executed, including the script,compilation, and results. Readers can experi-ment firsthand with hacking techniques with-out the fear of corrupting computers or violat-ing existing laws.

The book’s easy-to-use lab manual presenta-tion begins with instructions on how to installVMware® Workstation and proceeds to guideusers through detailed hacking labs enablingthem to experience what a hacker actuallydoes during an attack. The labs cover socialengineering techniques, footprinting tech-niques, and scanning tools. Later labs examinespoofing and sniffing techniques, passwordcracking, and attack tools. Identifying wirelessattacks, this manual also explores Trojans,Man-in-the-Middle (MTM) and Denial ofService (DoS) attacks.

Features:

• Provides detailed examples of attacks onWindows and Linux

• Contains more than 1100 screenshots foreasily verified results

• Details Linux script compilation and use• Lists the complete syntax for tools usedthroughout the book

• Includes an accompanying CD-ROM withthe tools to duplicate each lab





Audit

IT Auditing andSarbanes-OxleyComplianceKey Strategies forBusinessImprovementDimitris N. ChorafasConsultant for MajorCorporations, France &Switzerland

Information technology auditing andSarbanes-Oxley compliance have several over-lapping characteristics. They both require ethi-cal accounting practices, focused auditingactivities, a functioning system of internal con-trol, and a close watch by the board’s auditcommittee and CEO. Written as a contributionto the accounting and auditing professions aswell as to IT practitioners, IT Auditing andSarbanes-Oxley Compliance: Key Strategiesfor Business Improvement links these two keybusiness strategies and explains how to per-form IT auditing in a comprehensive and strate-gic manner.

Proper auditing as a means to greater solvency

Drawing on 46 years of experience as a con-sultant to the boards of major corporations inmanufacturing and banking, the authoraddresses objectives, practices, and businessopportunities expected from auditing informa-tion systems. Topics discussed include the con-cept of internal control, auditing functions,internal and external auditors, and the respon-sibilities of the board of directors. The bookuses several case studies to illustrate and clarifythe material. Its chapters analyze the underly-ing reasons for failures in IT projects and howthey can be avoided, examine critical technicalquestions concerning information technology,discuss problems related to system reliabilityand response time, and explore issues of com-pliance.


InformationTechnologyControl andAuditThird EditionSandra Senft andFrederick GallegosCalifornia State PolytechnicUniversity, Pomona, USA

Now in its third edition, this book is an intro-ductory reference to IT governance, control,and auditing. It reviews pertinent legislation,discusses the future of auditing in the 21stcentury, and examines strategy and standards,and acquisition and implementation. Itexplores delivery and support and reviewsadvanced topics such as virtual environment,virtual security, e-commerce, and enterpriseresource planning. It also includes guidelinesfor preparing for the CISA Exam.


HOWTO Secureand Audit Oracle10g and 11gRon Ben-NatanCTO, Guardium Inc., Waltham,Massachusetts, USA

Demonstrating how to secure sensitive dataand comply with audit regulations usingOracle 10g and 11g, this volume provides thehands-on guidance required to understandthe complex options provided by Oracle andthe know-how to choose the best option for aparticular case. The book presents specificsequences of actions that should be taken toenable, configure, or administer security-relat-ed features. It includes best practices in secur-ing Oracle and on Oracle security options andproducts.





19

Governance, Risk and Compliance


How toComplete a Risk Assessmentin 5 Days or LessThomas R. PeltierThomas R. Peltier Associates,LLC, Wyandotte, Michigan, USA

Successful security professionals have had tomodify the process of responding to newthreats in the high-profile, ultra-connectedbusiness environment. But just because athreat exists does not mean that an organiza-tion is at risk. This is what risk assessment is allabout. How to Complete a Risk Assessmentin 5 Days or Less demonstrates how to iden-tify threats a company faces and then deter-mine if those threats pose a real risk to theorganization.

With more than 350 pages of helpful ancillarymaterials, this volume effectively:

• Presents and explains the key componentsof risk management

• Shows how a cost-benefit analysis is part ofrisk management and how this analysis isperformed as part of risk mitigation

• Explains how to draw up an action plan toprotect the assets of an organization whenthe risk assessment process concludes

• Examines the difference between a GapAnalysis and a Security or ControlsAssessment

• Presents case studies and examples of allrisk management components

A one-stop, how-to resource for industry andacademia professionals, this authoritative ref-erence provides the knowledge base and theskill set necessary to achieve a speedy, yethighly effective risk analysis assessment in amatter of days.


How to Achieve 27001CertificationAn Example ofApplied ComplianceManagementSigurjon Thor ArnasonSocial Insurance Administration,Reykjavik, Iceland

Keith D. WillettCTN Technologies, Millersville, Maryland, USA

The security criteria of the InternationalStandards Organization (ISO) provides anexcellent foundation for identifying andaddressing business risks through a disciplinedsecurity management process. Using securitystandards ISO 17799 and ISO 27001 as abasis, How to Achieve 27001 Certification:An Example of Applied ComplianceManagement helps an organization align itssecurity and organizational goals so it can gen-erate effective security, compliance, and man-agement programs.

The authors offer insight from their own expe-riences, providing questions and answers todetermine an organization’s information secu-rity strengths and weaknesses with respect tothe standard. They also present step-by-stepinformation to help an organization plan animplementation, as well as prepare for certifi-cation and audit.

Detailed protocol from the experts

Security is no longer a luxury for an organiza-tion; it is a legislative mandate. A formalmethodology that helps an organizationdefine and execute an ISMS is essential inorder to perform and prove due diligence inupholding stakeholder interests and legislativecompliance. Providing a good starting pointfor novices, as well as finely tuned nuances forseasoned security professionals, this book is aninvaluable resource for anyone involved withmeeting an organization’s security, certifica-tion, and compliance needs.





Governance, Risk and Compliance

Oracle IdentityManagementGovernance, Risk,and ComplianceArchitecture, ThirdEditionMarlin B. PohlmanOracle Corporation, RedwoodShores, California, USA

Oracle Identity Management: Governance,Risk, and Compliance Architecture is thedefinitive guide for corporate stewards whoare struggling with the challenge of meetingregulatory compliance pressures whileembarking on the path of process and systemremediation. The text is written by MarlinPohlman, a director with Oracle who is recog-nized as one of the primary educators world-wide on identity management, regulatorycompliance, and corporate governance.

In the book’s first chapters, Dr. Pohlman exam-ines multinational regulations and delves intothe nature of governance, risk, and compli-ance. He also cites common standards, illus-trating a number of well-known complianceframeworks. He then focuses on specific soft-ware components that will enable secure busi-ness operations. To complete the picture, hediscusses elements of the Oracle architecture,which permit reporting essential to the regula-tory compliance process, and the vaultingsolutions and data hubs, which collect,enforce, and store policy information.

Using illustrative case studies, this work teach-es corporation stewards how to:

• Attain and maintain high levels of integrity

• Eliminate redundancy and excessiveexpense in identity management

• Map solutions directly to region and legislation

• Hold providers accountable for contractedservices

Catalog no. AU7247, 2008, 552 pp., Soft Cover,ISBN: 978-1-4200-7247-1, $69.95 / £44.99

Bestseller!

The SecurityRisk AssessmentHandbookA Complete Guidefor PerformingSecurity RiskAssessmentsDouglas J. LandollEn Pointe Technologies, Austin, Texas, USA

Providing detailed insight into precisely howto conduct an information security risk assess-ment, this volume contains real-world advicethat promotes professional development andexperience. It enables security consumers tobetter negotiate the scope and rigor of a secu-rity assessment, effectively interface with asecurity assessment team, deliver insightfulcomments on a draft report, and have agreater understanding of final report recom-mendations. The book is filled with charts,checklists, examples, and templates.


Bestseller!

A PracticalGuide toSecurityAssessmentsSudhanshu KairabAmper, Politziner, & Mattia, P.C.,New Jersey, USA

Taking a process-focused approach, this vol-ume presents a structured methodology forconducting assessments. The key element ofthe methodology is an understanding of busi-ness goals and processes, and how securitymeasures are aligned with business risks. Themethodology described serves as a foundationfor building and maintaining an informationsecurity program. The book includes anAppendix that contains questionnaires thatcan be modified and used to conduct securityassessments.





21

Governance, Risk andCompliance


System Defense

Malicious BotsAn Inside Look intothe Cyber-CriminalUnderground of the InternetKen Dunham andJim MelnickiSIGHT Partners, Inc., Dallas, Texas, USA

Computerized bots have increasingly beenused maliciously by online criminals in massspamming events, fraud, extortion, identitytheft, and software theft. Written by KenDunham and Jim Melnick, who serve on thefront line of critical cyber-attacks and counter-measures as experts in the deployment ofgeopolitical and technical bots, MaliciousBots: An Inside Look into the Cyber-Criminal Underground of the Internetexplores the rise of dangerous bots and expos-es the nefarious methods of bot herders.

This volume provides in-depth coverage of thetop bot attacks against financial and govern-ment networks over the last several years. Thebook presents exclusive details of the opera-tion of the notorious Thr34t Krew, one of themost malicious bot herder groups in recenthistory. For the first time, this story is publiclyrevealed, showing how the bot herders gotarrested, along with details on other bots inthe wild today.

With unprecedented detail, the book goes onto explain step-by-step how a hacker launchesa botnet attack, providing specifics that onlythose entrenched in the cyber-crime investiga-tion world could possibly offer.

By examining the methods of the internetpredators, information security managers willbe better armed against these cybercriminalsand better able to more proactively protecttheir own networks from such attacks.


InsiderComputerFraudAn In-depthFramework forDetecting andDefending againstInsider IT AttacksKenneth BrancikInformation Security Consultant, New York, USA

An organization’s employees are often moreintimate with its computer system than any-one else. Many also have access to sensitiveinformation regarding the company and itscustomers. This makes disgruntled or greedyemployees prime candidates for sabotaging asystem or selling privileged information.Insider Computer Fraud: An In-depthFramework for Detecting and Defendingagainst Insider IT Attacks presents the meth-ods, safeguards, and techniques that help pro-tect an organization from insider computerfraud.

Drawing from the author’s vast experienceassessing the adequacy of IT security for thebanking and securities industries, the bookpresents a practical framework for identifying,measuring, monitoring, and controlling therisks associated with insider threats. It not onlyprovides an analysis of application or system-related risks, it demonstrates the interrelation-ships that exist between an application andthe IT infrastructure components it uses totransmit, process, and store sensitive data. Theauthor also examines the symbiotic relation-ship between the risks, controls, threats, andaction plans that should be deployed toenhance the overall information security gov-ernance processes.

Increasing the awareness and understandingnecessary to effectively manage the risks andcontrols associated with an insider threat, thisbook is an invaluable resource for those inter-ested in attaining sound and best practicesover the risk management process.





System Defense

Cyber FraudTactics, Techniquesand ProceduresJames Graham

One of the most impor-tant challenges of the 21stcentury, cybercrime hasevolved from a minor nuisance to a major con-cern involving well-organized actors and high-ly sophisticated organizations. Cyber Fraud:Tactics, Techniques, and Procedures docu-ments changes in the culture of cyber crimi-nals and explores the innovations that are theresult of those changes.

Features:

• Examines economic vulnerability models inthe market and analyzes how they affectvendors, end users, and vulnerabilityresearchers

• Outlines a conceptual model of the structures, functions, and roles of actorsand organizations within this illicit marketplace

• Addresses the developing maturity of mal-code communication and the preventativemeasures organizations can take

• Discusses Trojan software used to target the financial sector

• Outlines the necessary countermeasureexpenditures that should be considered byorganizations

This eye-opening work includes a variety ofcase studies, including the cyber threat land-scape in Russia and Brazil. An in-depth discus-sion is provided on the Russian BusinessNetwork’s (RBN) role in global cyber crime aswell as new evidence on how these criminalssteal, package, buy, sell, and profit from thepersonal financial information of consumers.Armed with this invaluable information,organizations and individuals are better able tosecure their systems and develop countermea-sures to disrupt underground fraud.

Catalog no. AU9127, 2009, c. 520 pp.ISBN: 978-1-4200-9127-4, $79.95 / £48.99

The EthicalHackA Framework forBusiness ValuePenetration TestingJames S. TillerBT INS, Raleigh, North Carolina, USA

“ … explains not only why ethical hacks areviable, but also why they are critical. … [This]is one of the most complete books on pene-tration testing available.”

—Security Management

“ … an outstanding book that describes indetail the right way to conduct a thoroughpenetration test. … our industry needs a baseline of solid practices to help separate the pro-fessionals from the charlatans. Jim’s bookdescribes such practices, including the poli-cies, procedures, and technical insights thatcome from years of in-the-trenches experi-ence.”

—Ed Skoudis, VP of Security Strategy, GlobalIntegrity, from the Foreword

“This book differentiates itself by presenting astructured approach to testing an organiza-tion’s security…Tiller’s writing style makes thebook easy to follow, and he uses plenty ofreal-world examples… “

—IEEE Security & Privacy

This book explains the methodologies andframework that ethical hacks should employ toprovide the maximum value to organizationsthat want to strengthen their security. Itaddresses the processes and rules of engage-ment for successful tests and shows how test-ing ramifications affect an entire organization.Security practitioners can use this book toreduce their exposure and deliver better serv-ice, while organizations will learn how to aligninformation about tools, techniques, and vul-nerabilities with their business objectives.




Call us about different subscription options

http://www.crcnetbase.com/page/information_security_ebooks?cookieSet=1

Pre

sort

ed S

tand

ard

US

Pos

tage

PAID

Per

mit

382

Sou

th H

olla

nd IL

6000 Broken Sound Parkway, N

W, Suite 300

Boca Raton, FL 33487, USA

For

a c

om

ple

te li

st o

f IT

Securit

y tit

les,

ple

ase

vis

it www.crcpress.com

Pag

e 7

Pag

e 5

Pag

e 3

Use this Promo Code

when ordering to

SAVE 15%!




Date post:	25-Mar-2016
Category:	Documents
Upload:	crc-press
View:	216 times
Download:	1 times

IT Security

Documents