Information Security Management Handbook

The sixth edition of this handbook for information security professionals is fully updated to cover the latest technologies, threats and best practices for planning and implementing data security programs. The volume consists of thirty-three articles by security professional on major areas of information security including access control, telecommunications and network security, risk management, software security, cryptography, operations security and legal regulations, compliance, and investigations. Essays include illustrations and tables as well as clear bullet points on practical security practices. The contributors are information security experts from major governmental and private institutions including Hewlett-Packard, Verizon and Los Angeles County. Annotation c2011 Book News, Inc., Portland, OR (booknews.com)

Harold F. Tipton is an independent consultant and past president of the International Information System Security Certification Consortium, and has been a director of computer security for Rockwell International Corporation, Seal Beach, California, for about 15 years. He initiated the Rockwell computer and data security program in 1977 and then continued to administer, develop, enhance, and expand the program to accommodate the control needs produced by technological advances until his retirement from Rockwell in 1994.

Tipton has been a member of the Information Systems Security Association (ISSA) since 1982. He was the president of the Los Angeles chapter in 1984 and president of the national ISSA organization (1987–1989). He was added to the ISSA Hall of Fame and the ISSA Honor Roll in 2000 and elected an ISSA Distinguished Fellow in 2009. Tipton was a member of the National Institute for Standards and Technology (NIST), the Computer and Telecommunications Security Council, and the National Research Council Secure Systems Study Committee (for the National Academy of Science). He received his bachelor of science in engineering from the United States Naval Academy and his master of arts in personnel administration from George Washington University in Washington, D. C.; he also received his certificate in computer science from the University of California, Irvine, California. He is a Certified Information System Security Professional, an Information Systems Security Architecture Professional, and an Information Systems Security Management Professional.

He has published several papers on information security issues for Auerbach Publishers in the Handbook of Information Security Management and Data Security Management, and other publishers, in the Information Security Journal, the National Academy of Sciences’ Computers at Risk, DataPro Reports, various Elsevier publications, and the ISSA Journal. He has been a speaker at all the major information security conferences, including the following: Computer Security Institute, the ISSA Annual Working Conference, the Computer Security Workshop, MIS Conferences, AIS Security for Space Operations, DOE Computer Security Conference, National Computer Security Conference, IIA Security Conference, EDPAA, UCCEL Security & Audit Users’ Conference, and Industrial Security Awareness Conference.

He has conducted/participated in information security seminars for International Information Systems Security Certification Consortium [(ISC)2R]; Frost & Sullivan; University of California, Irvine; California State University, Long Beach; System Exchange Seminars; and the Institute for International Research. He participated in the Ernst & Young video, "Protecting Information Assets." He is currently serving as the Editor of the Handbook of Information Security Management (Auerbach). He chairs the (ISC)²’s CBK committees and QA committee. He received the Computer Security Institute’s Lifetime Achievement Award in 1994 and the (ISC)²’s Harold F. Tipton Lifetime Achievement Award in 2001.

Micki Krause Nozaki, MBA, CISSP, has held positions in the information security profession for the past 20 years. Nozaki was named one of the 25 most influential women in the field of information security by industry peers and Information Security magazine as part of their recognition of "Women of Vision" in the field of information technology security. She received the Harold F. Tipton Lifetime Achievement Award in recognition of sustained career excellence and outstanding contributions to the profession. She has held several leadership roles in industry-influential groups, including the ISSA and the (ISC)2, and is a passionate advocate for professional security leadership. She is also a reputed speaker, published author, and coeditor of the Information Security