Information Security Management
By: Bel G. Raggad (author)Hardback
2 - 4 weeks availability
Information security cannot be effectively managed unless secure methods and standards are integrated into all phases of the information security life cycle. And, although the international community has been aggressively engaged in developing security standards for network and information security worldwide, there are few textbooks available that provide clear guidance on how to properly apply the new standards in conducting security audits and creating risk-driven information security programs. An authoritative and practical classroom resource, Information Security Management: Concepts and Practice provides a general overview of security auditing before examining the various elements of the information security life cycle. It explains the ISO 17799 standard and walks readers through the steps of conducting a nominal security audit that conforms to the standard. The text also provides detailed guidance for conducting an in-depth technical security audit leading to certification against the 27001 standard.
Topics addressed include cyber security, security risk assessments, privacy rights, HIPAA, SOX, intrusion detection systems, security testing activities, cyber terrorism, and vulnerability assessments. This self-contained text is filled with review questions, workshops, and real-world examples that illustrate effective implementation and security auditing methodologies. It also includes a detailed security auditing methodology students can use to devise and implement effective risk-driven security programs that touch all phases of a computing environment-including the sequential stages needed to maintain virtually air-tight IS management systems that conform to the latest ISO standards.
Pace University, Pleasantville, New York, USA
INTRODUCTION Introduction to Information Security Management Why Information Security Matters Information Sensitivity Classification Information Security Governance The Computing Environment Security of Various Components in the Computing Environment Security Interdependence CIA Triad Security Goals versus Business Goals The Security Star Parker's View of Information Security What Is Information Security Management? Defense-In-Depth Security Security Controls The NSA Triad for Security Assessment Introduction to Management Concepts Brief History of Management Traditional Management Skills and Security Literacy Managerial Skills Redefining Mintzberg's Managerial Roles Strategic Management Concepts IS Security Management Activities Do We Really Need an Independent Information Security Functional Unit? The Information Security Management Cycle IS Security Management versus Functional Management The Information Security Life Cycle Security Planning in the SLC Security Analysis Security Design Security Implementation Security Review Continual Security SECURITY PLAN Security Plan SP Development Guidelines SP Methodology Security Policy Security Policy, Standards, and Guidelines Security Policy Methodologies Business Continuity Planning Business Disruptions Business Continuity Disaster Recovery Responding to Business Disruptions Developing a BCP SECURITY ANALYSIS Security Risk Management The Risk Management Life Cycle The Preparation Effort for Risk Management A Sustainable Security Culture Information Needed to Manage Risks Factors Affecting Security Risk The ALE Risk Methodology Operational, Functional, and Strategic Risks Operational Risk Management: Case of the Naval Safety Center The ABLE Methodology Continual Security: Integrated Fault-Event Analysis and Response Framework (IFEAR) IFEAR Methodology Fault Tree Analysis Event Tree Analysis FTA-ETA Integration Risk Management |Simulation and Sensitivity Analysis Active Security Assessment Standards for Active Security Assessment Limits of Active Security Assessment Can You Hack Your Own System? Ethical Hacking of a Computing Environment Ethics in Ethical Hacking ASA through Penetration Testing Strategies for Active Security Assessment Guidelines and Terms between Testers and the Organization The Active Security Assessment Project System Availability Computer Clustering Review of Cluster Concepts Types of Clusters Web Site Availability Application Centers No Longer the Only Sound Implementation Computation of Availability in High-Availability Cluster Related Availability Definitions How to Obtain Higher Availability: The Cisco Process Nines' Availability Common Configurations for Clusters Self-Healing and Availability SECURITY DESIGN Nominal Security Enhancement Design Based on ISO/IEC 27002 History of the ISO/IEC 27002 ISO/IEC 27002 How to Use the ISO/IEC 27002 to Enhance Security Measurement and Implementations Strategies to Enhance the ISO/IEC 27002-Based Security Posture Comparing the ISO/IEC 27002-Based Security Posture Enhancement Strategies Technical Security Enhancement Based on ISO/IEC 27001 How Organizations Interact with the Standards General ISMS Framework The ISMS Model The Process Approach Ensures the Continual Improvement of the ISMS Development of the Information Security Management System Design of the ISMS Security Inventory Needs The Integration of ISMS Subsystems Self-Assessment for Compliance Revisiting ISMS Scoping SECURITY IMPLEMENTATION Security Solutions Security Solutions The NIST Security Solution Taxonomy The ISO Security Solution Taxonomy The Common Criteria The Birth of the Common Criteria Common Uses of the CC The CC Document The CC Security Approach Information Resource Evaluation Methodology CC Security Evaluation Programs The American Model of CC Evaluation Programs A National Model Some Other CC Evaluation Requirements Minicase SECURITY REVIEW Security Review through Security Audit Security Audit Means Different Things to Different People Some Security Audit Activities Our Definition of Security Audit Main Features in Security Audit Application Audit How Does Security Audit Relate to the Corporate Security Policy? Structure of a Security Audit Security Audit versus IT Auditing Applicable Security-Related Standards Security Audit Grades Privacy Rights, Information Technology, and HIPAA The Problem of Privacy The Meaning of Privacy HIPAA Regulatory Standards: The Privacy Rule The HIPAA Security Rule Administrative Safeguards NIST on HIPAA Conducting Effective Risk Analysis CONTINUAL SECURITY The Sarbanes-Oxley Act and IT Compliance Methods of Doing Business Background of the SarbanesOxley Act SarbanesOxley Act of 2002 Major Provisions of SO Management Assessment of Internal Controls and IT Compliance IT Compliance International Responses Advantages to SOX Compliance Foreign Whistleblowers and SOX Reconciling SOX and European Conflicting Standards EU Corporate Governance Initiatives E.U.'s Eighth Directive Planning IT Management for SOX: Delayed SOX Impact Cyberterrorism and Homeland Security Security Economic Intelligence Homeland Security Cyberterrorism in the Literature Cyberterrorism in the Real World: The FBI Perspective U.S. Legislative Enactments and Proposed Programs U.S. Criminal Statutes Affecting the Internet Statutes and Executive Orders Concerned with Cyberterrorism International Initiatives Individual European State Approaches to Security and Counterterrorism Other International Efforts Index Each chapter begins with an Introduction and concludes with a Summary, Review Questions, Workshops, and References
Number Of Pages:
- ID: 9781420078541
- Saver Delivery: Yes
- 1st Class Delivery: Yes
- Courier Delivery: Yes
- Store Delivery: Yes
Prices are for internet purchases only. Prices and availability in WHSmith Stores may vary significantly
© Copyright 2013 - 2017 WHSmith and its suppliers.
WHSmith High Street Limited Greenbridge Road, Swindon, Wiltshire, United Kingdom, SN3 3LD, VAT GB238 5548 36