Information Security Management: Concepts and Practice by Bel G. Raggad

By Bel G. Raggad

Details safeguard can't be successfully controlled except safe tools and criteria are built-in into all levels of the data safeguard lifestyles cycle. And, even if the overseas neighborhood has been aggressively engaged in constructing defense criteria for community and data protection around the world, there are few textbooks on hand that offer transparent tips on the best way to competently follow the recent criteria in engaging in protection audits and growing risk-driven info safeguard programs.

An authoritative and useful lecture room source, info defense administration: ideas and perform presents a basic evaluation of safety auditing ahead of reading some of the components of the knowledge safety lifestyles cycle. It explains the ISO 17799 general and walks readers during the steps of engaging in a nominal protection audit that conforms to the normal. The textual content additionally presents distinctive tips for accomplishing an in-depth technical defense audit resulting in certification opposed to the 27001 ordinary. themes addressed comprise cyber safeguard, safety threat tests, privateness rights, HIPAA, SOX, intrusion detection platforms, protection checking out actions, cyber terrorism, and vulnerability assessments.

This self-contained textual content is stuffed with evaluation questions, workshops, and real-world examples that illustrate powerful implementation and safeguard auditing methodologies. it's also a close defense auditing method scholars can use to plan and enforce potent risk-driven safety courses that contact all levels of a computing environment—including the sequential levels had to hold almost air-tight IS administration platforms that agree to the newest ISO criteria.

Show description

Read Online or Download Information Security Management: Concepts and Practice PDF

Similar comptia books

Techniques and applications for advanced information privacy and security: emerging organizational, ethical, and human issues

Advances in know-how are inflicting new privateness matters as a growing number of voters are conducting on-line actions. innovations and purposes for complicated details privateness and protection: rising Organizational, moral, and Human concerns offers an intensive knowing of concerns and issues in info expertise protection.

Security and Usability: Designing Secure Systems That People Can Use

Human components and value concerns have usually performed a restricted position in protection learn and safe structures improvement. safety specialists have principally neglected usability issues--both simply because they generally didn't realize the significance of human elements and since they lacked the services to handle them.

SAP Security: SAP Security Essentials

The basic advisor to SAP safeguard and Audit techniques With seventy five+ defense necessities, FAQs, and step-by-step Examples It' s transparent that safety and audit are one of the such a lot not easy parts in SAP studying might be tough. SAP safeguard necessities is a right away solution to the necessity for functional safeguard details for SAP clients, experts, and bosses.

Information Security Management: Concepts and Practice

Info safeguard can't be successfully controlled until safe tools and criteria are built-in into all levels of the data safety lifestyles cycle. And, even if the overseas group has been aggressively engaged in constructing safety criteria for community and data safety around the world, there are few textbooks to be had that supply transparent tips on the way to safely follow the recent criteria in carrying out defense audits and growing risk-driven details safeguard courses.

Additional resources for Information Security Management: Concepts and Practice

Example text

Policies describe how the organization plans to protect its computing environment, including people, activities, data, technology, and networks. A security policy for an information system defines acceptable behavior of this system. A security policy is a formal statement of the rules that system components, people, data, activities, technology, and networks, all of which constitute the system, must adhere to. The policy defines the security goals for all system components, including users, administrators, managers, and owners.

Data resources, as meant here, can contain data facts, encrypted data facts, information, or knowledge. These conceptual resources become useful when a transformation process is applied to produce the information needed to add business value. 4 Technology Over time, the term technology has taken several meanings: Objects such as tools, machines, electronic devices, and so on; knowledge describing the know-how associated with innovations; methodologies describing the tasks, approaches, and methods invented to gain competitive advantage; processes defined to enhance productivity; etc.

For a given asset, if its security risk is smaller than its tolerated risk, no security controls will be adopted to protect it. For an asset with a security risk higher than its tolerated risk, you should not invest in more security controls than are needed to reduce current risks down to the asset’s tolerated risk. Risks have to be identified, assessed, and mitigated by a group of people including information owners, business experts, and security experts. Studying risk involves studying the existing threats, vulnerabilities, and security controls and their capabilities to counter existing threats, consequences of the effects of threats on vulnerabilities and possible business losses, and ways to mitigate risks.

Download PDF sample

Rated 4.02 of 5 – based on 39 votes