This book was produced in an attempt to understand today’s security environment and how the application of existing international standards and best practices can be used to assist in the protection of information systems and their associated software. It identifies a body of knowledge essential to acquire, develop, and sustain a secure information environment. Each chapter contains a list of related references, as well as recommendations for additional reading. Together, this book provides a foundation for developing further education and training curricula and products, as well as being useful to security practitioners, system administrators, managers, standards developers, evaluators, testers, and those wishing to be knowledgeable about ...