𝔖 Scriptorium
✦   LIBER   ✦
πŸ“

Information security governance: a practical development and implementation approach

✍ Scribed by Brotby, W. Krag

Publisher
John Wiley & Sons
Year
2009
Tongue
English
Leaves
207
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Table of Contents

INTRODUCTION. CHAPTER 1: GOVERNANCE OVERVIEW. 1.1 What Is It? 1.2 Back to Basics. 1.3 Origins of Governance. 1.4 Governance Definition. 1.5 Information Security Governance. 1.6 Six Outcomes of Effective Security Governance. 1.7 Defining Information, Data, Knowledge. 1.8 Value of Information. CHAPTER 2: WHY GOVERNANCE? 2.1 Benefits of Good Governance. 2.1.1 Aligning Security with Business Objectives. 2.1.2 Providing the structure and framework to optimize allocations of limited resources. 2.1.3 Providing assurance that critical decisions are not based on faulty information. 2.1.4 Ensuring accountability for safeguarding critical assets. 2.1.5 Increasing trust of customers and stakeholders. 2.1.6 Increasing the company's worth. 2.1.7 Reducing liability for information inaccuracy or lack of due care in protection. 2.1.8 Increasing predictability and reducing uncertainty of business operations. 2.2 A Management Problem. CHAPTER 3: LEGAL AND REGULATORY REQUIREMENTS. 3.1 Security Governance and Regulation. CHAPTER 4: ROLES & RESPONSIBILITIES. 4.1 The Board of Directors. 4.2 Executive Management. 4.3 Security Steering Committee. 4.4 The CISCO. CHAPTER: STRATEGIC METRICS. 5.1 Governance Objectives. 5.1.1 Strategic Direction. 5.1.2 Ensuring Objectives are Achieved. 5.1.3. Risks Managed Appropriately. 5.1.4 Verifying Resources are Used Responsibly. CHAPTER 6: INFORMATION SECURITY OUTCOMES. 6.1 Defining Outcomes. 6.1.1 Strategic alignment. 6.1.2 Risk Management. 6.1.3 Business process assurance / convergence. 6.1.4 Value delivery. 6.1.5 Resource management. 6.1.6 Performance measurement. CHAPTER 7: SECURITY GOVERNANCE OBJECTIVES. 7.1 Security Architecture. 7.1.1 Managing Complexity. 7.1.2 Providing a Framework & Road Map. 7.1.3 Simplicity & Clarity through Layering & Modularisation. 7.1.4 Business Focus beyond the Technical Domain. 7.1.5 Objectives of Information Security Architectures. 7.1.6 SABSA Framework for Security Service Management. 7.1.7 SABSA Development Process. 7.1.8 SABSA Lifecycle. 7.1.9 SABSA Attributes. 7.2 COBIT. 7.3 Capability Maturity Model. 7.4 ISO/IEC 27001/ 27002. 7.4.1 ISO 27001. 7.4.2 ISO 27002. 7.5 Other Approaches. 7.5.1 National Cybersecurity Task Force. CHAPTER 8: RISK MANAGEMENT OBJECTIVES. Risk Management Responsibilities. Managing Risk Appropriately. 8.1 Determining Risk Management Objectives. 8.1.1 Recovery Time Objectives. CHAPTER 9: CURRENT STATE. 9.1 Current State of Security. 9.2 Current State of Risk Management. 9.3 Gap Analysis - Unmitigated Risk. 9.3.1 SABSA. 9.3.2 CMM. CHAPTER 10: DEVELOPING A SECURITY STRATEGY. 10.1 Failures of Strategy. 10.2 Attributes of A Good Security Strategy. 10.3 Strategy Resources. 10.3.1 Utilizing Architecture for Strategy Development. 10.3.2 Using Cobit for Strategy Development. 10.3.3 Using CMM for Strategy Development. 10.4 STRATEGY CONSTRAINTS. 10.4.1 Contextual constraints. 10.4.2 Operational constraints. CHAPTER 11: SAMPLE STRATEGY DEVELOPMENT. 11.1 The Process. CHAPTER 12: IMPLEMENTING STRATEGY. Action Plan Intermediate Goals. Action Plan Metrics. Re-engineering. Inadequate Performance. 12.1 Elements Of Strategy. 12.1.1 Policy Development. Attributes of Good Policies. Sample Policy Development. Other Policies. 12.1.2 Standards. Attributes of Good Standards. Sample Standards. Classifications. Standard Statement. CHAPTER 13: SECURITY PROGRAM DEVELOPMENT METRICS. 13.1 Information Security Program Development Metrics. 13.2 Program Development Operational Metrics. CHAPTER 14: INFORMATION SECURITY MANAGEMENT METRICS. 14.1 Management Metrics. 14.2 Security Management Decision Support Metrics. 14.4 CISO Decisions. 14.2.1 Strategic alignment. 14.2.2 Risk Management. 14.2.3 Metrics for Risk Management. 14.2.4 Assurance Process Integration. 14.2.5 Value Delivery. 14.2.6 Resource Management. 14.2.7 Performance Measurement. 14.7 Information Security Operational Metrics. 14.3.1 IT and Information Security Management. 14.3.2 Compliance Metrics. CHAPTER 15: INCIDENT MANAGEMENT AND RESPONSE METRICS. 15.1 Incident Management Decision Support Metrics. Conclusion. Appendix A. SABSA Business Attributes & Metrics. Appendix B. Cultural Worldviews. Heirarchists. Egalitarians. Individualists. Fatalists.

✦ Subjects

Protection de l'information (Informatique);Sécurité informatique--Gestion;Technologie de l'information--Sécurité--Mesures;Computer security--Management;Information technology--Security measures;Data protection;Ressources Internet;Computer security -- Management;Information technology -- Security measures;Sécurité informatique -- Gestion;Technologie de l'information -- Sécurité -- Mesures

πŸ“œ SIMILAR VOLUMES

Information security governance: a pract
πŸ“ Information security governance: a practical development and implementation approach
✍ Krag Brotby πŸ“‚ Library πŸ“… 2009 πŸ› Wiley 🌐 English

The Growing Imperative Need for Effective Information Security Governance With monotonous regularity, headlines announce ever more spectacular failures of information security and mounting losses. The succession of corporate debacles and dramatic control failures in recent years underscores the n

Information Security Governance: A Pract
πŸ“ Information Security Governance: A Practical Development and Implementation Approach
✍ Krag Brotby πŸ“‚ Library πŸ“… 2009 πŸ› Wiley 🌐 English

The Growing Imperative Need for Effective Information Security Governance<p>With monotonous regularity, headlines announce ever more spectacular failures of information security and mounting losses. The succession of corporate debacles and dramatic control failures in recent years underscores the ne

Information Security Planning: A Practic
πŸ“ Information Security Planning: A Practical Approach
✍ Susan Lincke πŸ“‚ Library πŸ“… 2024 πŸ› Springer 🌐 English

<p><span>This book demonstrates how information security requires a deep understanding of an organization's assets, threats and processes, combined with the technology that can best protect organizational security. It provides step-by-step guidance on how to analyze business processes from a securit

Auditing Information and Cyber Security
πŸ“ Auditing Information and Cyber Security Governance: A Controls-Based Approach
✍ Robert E. Davis πŸ“‚ Library πŸ“… 2021 πŸ› CRC Press 🌐 English

A comprehensive entity security program deploys information asset protection through stratified technological and non-technological controls. Controls are necessary for counteracting threats, opportunities, and vulnerabilities risks in a manner that reduces potential adverse effects to defined, acce

Implementing Information Technology Gove
πŸ“ Implementing Information Technology Governance: Models, Practices and Cases
✍ Wim Van Grembergen, Steven Dehaes πŸ“‚ Library πŸ“… 2007 πŸ› IGI Publishing 🌐 English

In many organizations, information technology (IT) has become crucial in the support, sustainability, and growth of the business. This pervasive use of technology has created a critical dependency on IT that calls for a specific focus on IT governance. <b>Implementing Information Technology Governa

Implementing Information Technology Gove
πŸ“ Implementing Information Technology Governance: Models, Practices and Cases
✍ Wim Van Grembergen, Steven Dehaes πŸ“‚ Library πŸ“… 2007 🌐 English

In many organizations, information technology (IT) has become crucial in the support, sustainability, and growth of the business. This pervasive use of technology has created a critical dependency on IT that calls for a specific focus on IT governance. Implementing Information Technology Governance