A Practical Guide to Managing Information Security (Artech by Steve Purser

By Steve Purser

This groundbreaking e-book is helping you grasp the administration of knowledge safety, focusing on the proactive attractiveness and determination of the sensible problems with constructing and imposing IT protection for the firm. Drawing upon the authors?’ wealth of important adventure in high-risk advertisement environments, the paintings makes a speciality of the necessity to align the knowledge protection strategy as an entire with the necessities of the fashionable company, which includes empowering enterprise managers to regulate info security-related probability. all through, the ebook locations emphasis at the use of easy, pragmatic chance administration as a device for decision-making. the 1st booklet to hide the strategic problems with IT defense, it lets you: comprehend the adaptation among extra theoretical remedies of knowledge safeguard and operational truth; find out how info protection possibility could be measured and to that end controlled; outline and execute a knowledge safeguard process layout and enforce a safety structure; and make sure that constrained assets are used optimally.

Show description

Read Online or Download A Practical Guide to Managing Information Security (Artech House Technology Management Library) PDF

Best comptia books

Techniques and applications for advanced information privacy and security: emerging organizational, ethical, and human issues

Advances in know-how are inflicting new privateness issues as a growing number of electorate are carrying out on-line actions. suggestions and purposes for complicated details privateness and safeguard: rising Organizational, moral, and Human matters presents a radical realizing of matters and matters in info expertise safety.

Security and Usability: Designing Secure Systems That People Can Use

Human components and value concerns have commonly performed a restricted position in protection examine and safe structures improvement. defense specialists have principally neglected usability issues--both simply because they generally did not realize the significance of human elements and since they lacked the services to handle them.

SAP Security: SAP Security Essentials

The fundamental advisor to SAP defense and Audit thoughts With seventy five+ defense necessities, FAQs, and step-by-step Examples It' s transparent that safety and audit are one of the so much not easy components in SAP studying might be tough. SAP defense necessities is an immediate solution to the necessity for useful safety info for SAP clients, experts, and bosses.

Information Security Management: Concepts and Practice

Info defense can't be successfully controlled except safe equipment and criteria are built-in into all stages of the data protection existence cycle. And, even if the foreign group has been aggressively engaged in constructing protection criteria for community and data safeguard world wide, there are few textbooks on hand that supply transparent suggestions on easy methods to effectively observe the hot criteria in undertaking safeguard audits and growing risk-driven info safeguard courses.

Extra info for A Practical Guide to Managing Information Security (Artech House Technology Management Library)

Sample text

This implies defining and implementing mechanisms for reducing the risk to an acceptable level. When managing risks in this way, the risk is rarely reduced to zero, and it is important to identify the residual risk and to ensure that this is accepted by the appropriate business manager. Finally, risks can sometimes be transferred to a third party, usually via some form of insurance, although this can be difficult in the area of information security. Some risks, such as risk to reputation, cannot be transferred to third parties.

As part of the approach to manage skill sets within the team, managers need to take account of their own requirements. One of the most difficult issues facing managers is judging the level of personal knowledge required to manage the team efficiently. This is a difficult issue because information security is a vast subject and touches upon all areas of technology. In addition, it is often necessary to understand the details of particular technologies in order to take the right decisions. The important rule here is: Managers should seek to maintain a level of knowledge that allows them to understand problems to the level of detail required to make a decision.

1 Accept Risk Manage Residual risk Transfer Residual risk = franchise Different responses to identified risks. 3 Risk analysis and risk management 29 questionnaires can be updated to reflect recent developments. The major drawback associated with these methods is the amount of time and effort it takes to derive the final result; this can be a major factor in deciding the level of acceptance by those involved. It is interesting to note that the Club de la Sécurité des Systèmes d’Information Français (CLUSIF) has responded to some of these issues with the methode harmonisée d’analyse de risques MEHARI method [21].

Download PDF sample

Rated 4.64 of 5 – based on 11 votes