Fighting cybercrime is about more than bureaucracy and compliance. A key objective of any information security assessment is to ensure that the relevant policies are not just treated by the staff as a formality. Your company's approach to information security has to be integrated with your overall business goals. To protect your sensitive information and systems, you must avoid a fortress mentality and be capable of adapting to an ever-changing environment. This means you need to plan an effective strategy for deterring the cybercriminal. Assessing Information Security deals with the philosophy, strategy and tactics of soliciting, managing and conducting information security audits of all flavours. It will give you the founding principles around information security assessments and why they are important. The book provides a fluid framework for developing an astute 'information security mind' capable of rapid adaptation to evolving technologies, markets, regulations, laws, and so on. The authors, Dr Andrew Vladimirov, Konstantin Gavrilenko and Andriej Michajlowski, are information security experts.
They are the joint founders of Arhont Ltd, a consultancy which offers a range of information security services, including auditing, monitoring and investigation. Arhont provides advice on information security to major companies and multinational corporations.
The authors, Dr Andrew Vladimirov, Konstantin Gavrilenko and Andriej Michajlowski are information security experts. They are the joint founders of Arhont Ltd., a consultancy which offers a range of information security services, including auditing, monitoring and investigation. Arhont provides advice on information security to major companies and multinational corporations
Introduction Chapter 1: Information Security Auditing and Strategy To do or not to do? On monetary contemplations The fundamentals On aggressive defence On counteroffensive On the conditions of success Chapter 2: Security Auditing, Governance, Policies and Compliance On evaluating the top-down approach When things go bottom-up On analysing ISMS strategies and flows On security assessments and security policies On security assessments and compliance Chapter 3: Security Assessments Classification On broad categories of security audits On technical information security assessments On non-technical information security audits Chapter 4: Advanced Pre-Assessment Planning On pre-audit gap analysis On auditing the auditors On arranging the audit process Chapter 5: Security Audit Strategies and Tactics On critical points On reconnaissance On evaluating vulnerabilities and gaps Contents xii The operational art of vulnerability assessment Chapter 6: Synthetic Evaluation of Risks On applicable epistemology of risk Analysing individual vulnerability risks Risks synthesis, summary and its breakdown Chapter 7: Presenting the Outcome and Follow-Up Acts On structure and content of the assessment report On drawing conclusions On audit recommendations and follow-up reaction Chapter 8: Reviewing Security Assessment Failures and Auditor Management Strategies On information security assessment follies On assembling and managing the auditor team Science and art of information security evaluation Bibliography Information and IT security sources General/military strategy and related sources ITG Resources