… a comprehensive overview of security topics related to the management and development of secure systems. This rich collection of literature reviews matches every stage of security management, implementation, and deployment. … The extensive breakdown of risk analysis and threat assessment will be of particular interest to practitioners with background in this area… one of the most comprehensive works to date on the topic, and includes lengthy examples of how to determine and manage the risks associated with a new development project. The book describes most, if not all, security paradigms that are in practice today in terms of analyzing the goals of a project and establishing priorities. … a valuable resource for anyone conducting research in the field of information security as well as for experienced managers seeking to concentrate on security in future endeavors. Summing Up: Highly recommended.
— T.D. Richardson, South University, in CHOICE, November 2010, Vol. 48 No. 03

INTRODUCTION. Introduction to Information Security Management. Introduction to Management Concepts. The Information Security Life Cycle. SECURITY PLAN. Security Plan. Security Policy. Business Continuity Planning. SECURITY ANALYSIS. Security Risk Management. Continual Security: Integrated Fault-Event Analysis and Response Framework (IFEAR). Active Security Assessment. System Availability. SECURITY DESIGN. Nominal Security Enhancement Design Based on ISO/IEC 27002. Technical Security Enhancement Based on ISO/IEC 27001. SECURITY IMPLEMENTATION. Security Solutions. The Common Criteria. SECURITY REVIEW. Security Review through Security Audit. Privacy Rights, Information Technology, and HIPAA. CONTINUAL SECURITY. The Sarbanes–Oxley Act and IT Compliance. Cyberterrorism and Homeland Security. INDEX.

Bel G. Raggad