Assessing and Managing Security Risk in IT Systems: A by John McCumber

By John McCumber

The booklet basically describes the McCumber dice info protection methodology.
And the McCumber dice method is certainly fascinating and price the read.

Unfortunately, the writer wrote round it an entire book!
In the 1st half the writer describes the bases at the info defense and relates it to the McCumber dice (without quite describing what the dice is! fortunately, the hardcover has an image of it.)
In the second one half he dwelves in a bit extra aspect of the McCumber dice technique, repeating many times an identical techniques, simply with moderate point of view variations.

Obviously his technique is defined as more advantageous to the other technique! whereas he makes a number of beneficial properties, frequently he simply states this with no fairly evaluating it to the opposite technologies.

Worth the learn when you have time to spare... it certainly has a number of attention-grabbing rules and viewpoints.
If in basic terms they have been expressed in a 10th of the space!

Show description

Read or Download Assessing and Managing Security Risk in IT Systems: A Structured Methodology PDF

Similar comptia books

Techniques and applications for advanced information privacy and security: emerging organizational, ethical, and human issues

Advances in know-how are inflicting new privateness issues as a growing number of voters are conducting on-line actions. thoughts and purposes for complicated details privateness and safeguard: rising Organizational, moral, and Human matters presents a radical knowing of concerns and matters in info expertise defense.

Security and Usability: Designing Secure Systems That People Can Use

Human components and value matters have ordinarily performed a restricted position in safeguard examine and safe structures improvement. defense specialists have mostly overlooked usability issues--both simply because they generally didn't realize the significance of human components and since they lacked the services to deal with them.

SAP Security: SAP Security Essentials

The fundamental consultant to SAP safeguard and Audit suggestions With seventy five+ safeguard necessities, FAQs, and step-by-step Examples It' s transparent that safeguard and audit are one of the such a lot difficult parts in SAP studying should be tricky. SAP safeguard necessities is an immediate solution to the necessity for functional safety details for SAP clients, specialists, and executives.

Information Security Management: Concepts and Practice

Details defense can't be successfully controlled until safe tools and criteria are built-in into all stages of the data protection lifestyles cycle. And, even if the foreign group has been aggressively engaged in constructing safeguard criteria for community and data defense around the globe, there are few textbooks to be had that offer transparent advice on find out how to appropriately observe the recent criteria in undertaking protection audits and growing risk-driven info safety courses.

Additional info for Assessing and Managing Security Risk in IT Systems: A Structured Methodology

Sample text

They work in nearly all industry categories, including financial and banking, public accounting, government and the public sector, utilities, and manufacturing. This diversity enables members to learn from each other, and exchange widely divergent viewpoints on a variety of professional topics. It has long been considered one of ISACA’s strengths. Another organization that supports the information security professional is the Information Systems Security Association (ISSA). ISSA is a not-forprofit, international organization of information security professionals and practitioners.

4 gives an example of an organization chart for a smaller enterprise. Where Not to Report Auditing: Reporting here would put the information security activity into a conflict of interest. It would be the same as having those that make the laws and those that judge compliance with them r eporting in the same organization. It is best to establish a partnership between the groups. Operations: The key problem here is that operations must concentrate on completing the production schedule and keep the system available for the users.

The problem with having information security report into this structure is that it is a perception problem. For many organizations, security is viewed as being responsible for loss control. fm Page 19 Friday, November 3, 2006 8:16 AM Information Security Governance Ⅲ 19 Recommendation The information security function must grapple with the new challenges posed by the decentralized client/server workplace and an increased level of legal and regulatory issues. Senior management increasingly recognizes that information is an asset of the organization, and that they are responsible for exercising their fiduciary duty to ensure that organizational information resources are properly protected.

Download PDF sample

Rated 4.91 of 5 – based on 16 votes