Includes bibliographical references and index.

Machine generated contents note: Part I Information Security Infrastructure -- 1: The Need for Information Security -- 2: Concepts in Informaiton Security -- 3: Assets, Threats, Vulnerabilities, Risks, and Controls -- 4: Security Professionals and Organizations -- 5: Information Security management System -- 6: Implementing Information Security Strategy into Current Practices, Regulations, and Plans -- Part II Information Security Planning Process -- 7: Approaches to Implementing Information Security -- 8: Organizational Structure for Mananging Information Security -- 9: Asset Management -- 10: Information Security Risk Management -- 11: Information Security Policy -- 12: Human Resouce Security -- 13: Certification, Accreditation, and Assurance -- Part III Information Security Prevention Process -- 14: Information Security in System Development -- 15: Physical and Environmental Security Controls -- 16: Information Security Awareness, Training, and Education -- 17: Preventive Tools and Techniques -- 18: Access Control -- Part IV Information Security Detection Process -- 19: Information Security Monitoring Tools and Methods -- 20: Information Security Measurements and Metrics -- Part V Information Security Recovery Process -- 21: Information Security Incident Handling -- 22: Computer Forensics -- 23: Business Continuity -- 24: Backup and Restoration -- Appendices.

"Information Assurance Handbook: Effective Computer Security and Risk Management Strategies discusses the tools and techniques required to prevent, detect, contain, correct, and recover from security breaches and other information assurance failures. This practical resource explains how to integrate information assurance into your enterprise planning and IT strategy and offers an organizational approach to identifying, implementing, and controlling information assurance initiatives for small business and global enterprises alike"--