|
Information Security Management Handbook, Sixth Edition (Isc2 Press) | 
 enlarge | Authors: Harold F. Tipton, Micki Krause
Publisher: CRC Press
Category: Book
List Price: $199.95
Buy New: $150.78
You Save: $49.17 (25%)
New (9) Used (5) from $106.37
Rating:  42 reviews
Media: Hardcover
Edition: 6
Pages: 3280
Number Of Items: 1
Shipping Weight (lbs): 6.5
Dimensions (in): 10.2 x 7.1 x 3.5
ISBN: 0849374952
Dewey Decimal Number: 005.8
EAN: 9780849374951
Publication Date: May 14, 2007
Availability: Usually ships in 1-2 business days
| |
| Also Available In:
| • | Hardcover - Information Security Management Handbook, Fourth Edition, Volume II | | • | Hardcover - Information Security Management Handbook, Fourth Edition, Volume III | | • | CD-ROM - Information Security Management Handbook on CD-ROM, 2002 Edition | | • | Hardcover - Information Security Management Handbook, Fourth Edition, Volume 4 | | • | CD-ROM - Information Security Management Handbook on CD-ROM, 2003 Edition | | • | Hardcover - Information Security Management Handbook, Fifth Edition | | • | CD-ROM - Information Security Management Handbook, 2004 Edition | | • | Hardcover - Information Security Management Handbook, Volume 2 | | • | CD-ROM - Information Security Management Handbook on CD-ROM, 2005 Edition | | • | Hardcover - Information Security Management Handbook, Fifth Edition, Volume 3 | | • | Hardcover - Information Security Management Handbook, Fourth Edition, Volume I | | • | Hardcover - Information Security Management Handbook, Sixth Edition, Volume 3 | | • | Kindle Edition - Information Security Management Handbook, Fifth Edition, Volume 2 | | • | Kindle Edition - Information Security Management Handbook, Fifth Edition | | • | Hardcover - Information Security Management Handbook, Four Volume Set |
|
| Similar Items:
| |
| Editorial Reviews:
Product Description
A comprehensive compilation of the fundamental knowledge, skills, techniques, and tools required by all information technology professionals, Information Security Management Handbook, Sixth Edition features new developments in information security and additions to the Common Body of Knowledge. It contains new information on identity management, intrusion detection, role-based networking, legislative and privacy requirements, compliance and governance, risk assessment and management, and forensics. A bestseller several times over, this handbook has become the standard on which all IT security programs and certifications are based.
|
| Customer Reviews:
Showing reviews 1-5 of 42
 Major disappointment! Terrible January 26, 2010
A. grado (Texas)
0 out of 1 found this review helpful
I checked the mail every day for my copy to arrive. I got the CD version, but I didn't want to post the review there as I suspect more would purchase the book. I want to get the word out on this book! I was lured in by the large number of 4 and 5 star ratings this book received. Well, the book came today. Wow. I am almost in tears! Literally. I was looking forward to a sound, intellectual, smart, compilation of legitimate reference sources for both the CISSP and my job. I was deceived. I have read "All in One CISSP", "Exam Cram CISSP", LabSim CISSP, I have even looked at the official guide from ISC(2), which it truly is an intellectual reference source. This book is a waste of my time. I have ejected the CD, packed it back up, and am how hoping that I'll be able to get my money back for such a poor investment!
This disappointment has outdated information, white papers written like they were completed for a high school thesis, and advice that would probably get someone fired if followed in the real world. I read two articles. One on Phising and one on Self Audits. I thought both would be a good chance to get into some details on information security. However, the Phishing whitepaper was of the depth of a AM news/entertainment show on the dangers of opening unknown e-mails. The Self Auditing Hacking, which had alot of opportunities to be technical focused on social engineering and getting physical access to a computer. Even a rookie Info Sec person (not an InfoSec Manager) knows those are the oldest tricks in the book (pun not originally intended, but after reviewing, it seems appropriate). We don't need a bloated book, over $50 or even $150 to tell us common knowledge.
 Good try June 5, 2009
Viken Derderian (Los Angeles, CA)
1 out of 1 found this review helpful
If your goal is to pass the CISSP exam, this book may help, but there are better books out there. If your goal is to actually dig deep into the security domains, this book contains a vast collection of security related topics that may help you reach that goal.
I gave it a 2 star because I was disappointing at the number of errors and omissions I discovered in this book, for example chapter 4 has 4 dates for ITGI's begining which are all wrong, Chapter 8 has the correct date. as matter of fact if I was the editor of the book, I would remove the entire chapter 4. I was happy to see Kevin Henry bring up the "placement of security" but he does not take it far enough. So chapter 14 we are back to "IT" based information security. I think it is time for security experts to start writing outside the box, most companies have confidential information that is not "IT" related, take contracts as an example.
Chapter 76 "Intrusion in information system security simply means the attempts or actions of unauthorized entry into an IT system. " really!, this is 1990's way of thinking Gildas Deograt-Lumy Roy Naldo Please read The Art of Intrusion by Kevin D. Mitnick.
I would write a book describing all that is wrong with this book, only if I had the time and writing skills some of which was wasted reading this book, Oh by the way Mr.Ralph Spencer Poore, there are so many exciting new standards coming up with cryptographic key management you should have and could have written about, such as the 1619.3, but I guess I have to read yet another book to learn about it.
 An absolute "must-have" for information security professionals June 7, 2008
Midwest Book Review (Oregon, WI USA)
Now in its sixth updated edition, Information Security Management Handbook is an in-depth reference for business executives and professionals as well as a technical resource for information management experts. Essays written by a diversity of expert authors cover complex issues of information security management: the latest laws and regulations designed to force corporations to strengthen their ethics policies, risk assessments, metrics, disaster recovery, and much more. From the many different types and uses of cryptography, to effective implementation of physical security from guard personnel to closed-circuit television, to security in computer architecture, to telecommunications and network security, Information Security Management Handbook lives up to its title. An extensive glossary and index round out this massive reference, featuring over three thousand pages of expertise distilled in terms accessible to lay readers and professionals alike. "Password cracking would include cryptographic and brute-force attacks against password files, applying massive amounts of computer power to overwhelm the cryptographic protection of the passwords, typically in a remote or offline mode. Password guessing would include users attempting to guess the passwords to specific accounts, based on analysis and conjecture, and would typically be conducted through the password interface in an online mode. Password disclosure would include users sharing password credentials, or writing down passwords such that they are discoverable by an attacker." An absolute "must-have" for information security professionals, and anyone else responsible for ensuring that trade secrets stay secret!
 too thick March 3, 2008
M. A. Razak Abdullah (Kuala Lumpur, Malaysia)
The book should be published in 3 volumes. It is just too thick, imagine flipping through 3000++ pages. The quality of the paper used is very poor too. Content of the book is fine.
Solid (and heavy) February 21, 2008
Argentum68 (San Diego, CA United States)
I have the Sixth Edition. Yes, it is 3000+ pages and is printed on wafer thin paper.
The content is excellent for security professionals, particularly those at the management level. There are 220+ articles within the 10 (ISC)2 domains on a wide variety of topics. Most of the stuff is higher level but just technical enough for you to have confidence in the concepts presented. It would probably be typical that you'd read an article in here for one of three reasons: background research for an immediate decision that doesn't require detailed technical knowledge; introduction to concepts that will require further in-depth research; or research for a presentation to senior management, in which case you'd have to distill and simplify conceptually (something you're probably already used to).
You will find multiple articles on single topics- some more complete than others, and potentially with a variety of perspectives, so you'll have to make your own calls on what's presented. It's not a "InfoSec Management for Dummies" book that will give you easy answers to your problem or a step-by-step "how to implement an InfoSec program" guide; it's more like an encyclopedia for research that you can use to factor into making your own, independent decisions. For example, there's not a lot of specifics on actual risk assessment techniques, but there are high level articles on the principles.
I wish each of the individual articles were specifically dated so I'd know the time context; seeing a statement like "the position of CISO was virtually unheard of five years ago" or even "80 percent of companies monitor their employees' email" means less without knowing when the article was written.
I could probably find a lot of similar information Googling for it, but Google doesn't seem to be what it once was (or the Internet for that matter... so much for the days of shared research) and my time is too valuable to spend a lot of it culling through blogs, noisy forums, and marketing junk disguised as whitepapers to get this information.
For the record, I have passed the CISSP exam. I did not use this book, nor would I recommend it as a study guide. I bought this particular book because I needed it as a reference for my work. If you mastered this book cover to cover and didn't read anything else, you'd probably do OK on the exam, but there are far more efficient means to getting there.
Showing reviews 1-5 of 42
|
|
|
| |
