James S. Tiller, CISM, CISA, CISSP, is the Head of Security Consulting, Americas, HP Enterprise Security Services, Hewlett-Packard Company. Formerly Vice President of Security North America for BT Global Services, Jim has provided security solutions for global organizations for the past 20 years. He is the author of the following books published by Auerbach: CISO's Guide to Penetration Testing: A Framework to Plan, Manage, and Maximize Benefits; Adaptive Security Management Architecture; and A Technical Guide to IPSec Virtual Private Networks. Richard O'Hanley is the Publisher for Information and Communications Technology, Business, and Security at CRC Press. Mr. O'Hanley can be reached at rich.ohanley@taylorandfrancis.com
"DOMAIN 1: ACCESS CONTROL Access Control Administration What Business Associates Need to Know About Protected Health Information Under HIPAA and HITECH; Rebecca Herold DOMAIN 2: TELECOMMUNICATIONS AND NETWORK SECURITY Internet, Intranet, Extranet Security E-mail Security; Terence Fernandes DOMAIN 3: INFORMATION SECURITY AND RISK MANAGEMENT Security Management Concepts and Principles Appreciating Organizational Behavior and Institutions to Solidify Your Information Security Program; Robert Pittman Risk Management The Information Security Auditors Have Arrived, Now What?; Todd Fitzgerald Continuous Monitoring: Extremely Valuable to Deploy Within Reason; Foster J. Henderson and Mark A. Podracky Social Networking; Sandy Bacik Insider Threat Defense; Sandy Bacik Risk Management in Public Key Certificate Applications; Alex Golod Server Virtualization: Information Security Considerations; Thomas A. Johnson Security Management Planning Security Requirements Analysis; Sean M. Price CERT Resilience Management Model: An Overview; Bonnie A. Goins Pilewski and Christopher Pilewski Managing Bluetooth Security; E. Eugene Schultz, Matthew W. A. Pemble, and Wendy Goucher Employment Policies and Practices Slash and Burn: In Times of Recession, Do Not Let Emotions Drive Business Decisions; Seth Kinnett A ""Zero Trust"" Model for Security; Ken Shaurette and Thomas J. Schleppenbach DOMAIN 4: APPLICATION DEVELOPMENT SECURITY System Development Controls Application Whitelisting; Georges Jahchan Design of Information Security for Large System Development Projects; James C. Murphy Building Application Security Testing into the Software Development Life Cycle; Sandy Bacik Malicious Code Twenty-Five (or Forty) Years of Malware History; Robert M. Slade DOMAIN 5: CRYPTOGRAPHY Cryptographic Concepts, Methodologies, and Practices Format Preserving Encryption; Ralph Spencer Poore Elliptic Curve Cryptosystems; Jeff Stapleton Pirating the Ultimate Killer APP: Hacking Military Unmanned Aerial Vehicles; Sean P. Mcbride DOMAIN 6: SECURITY ARCHITECTURE AND DESIGN Principles of Computer and Network Organizations, Architectures, and Designs Service-Oriented Architecture; Walter B. Williams Cloud Security; Terry Komperda Enterprise Zones of Trust; Sandy Bacik DOMAIN 7: OPERATIONS SECURITY: OPERATIONS CONTROLS Complex Event Processing for Automated Security Event Analysis; Rob Shein Records Management; Sandy Bacik DOMAIN 8: BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Business Continuity Planning Data Backup Strategies: Traditional Versus Cloud: Carl B. Jackson DOMAIN 9: LEGAL, REGULATIONS, COMPLIANCE, AND INVESTIGATIONS Major Categories of Computer Crime Managing Advanced Persistent Threats; Eugene Schultz and Cuc Du Incident Handling Virtualization Forensics; Paul A. Henry DOMAIN 10: PHYSICAL (ENVIRONMENTAL) SECURITY Elements of Physical Security Terrorism: An Overview; Frank Bolz, Kenneth J. Dudonis, and David P. Schulz Technical Controls Countermeasure Goals and Strategies; Thomas L. Norman Index"