β Scribed by Bel G. Raggad
No coin nor oath required. For personal study only.
Information security cannot be effectively managed unless secure methods and standards are integrated into all phases of the information security life cycle. And, although the international community has been aggressively engaged in developing security standards for network and information security worldwide, there are few textbooks available that provide clear guidance on how to properly apply the new standards in conducting security audits and creating risk-driven information security programs.
An authoritative and practical classroom resource, Information Security Management: Concepts and Practice provides a general overview of security auditing before examining the various elements of the information security life cycle. It explains the ISO 17799 standard and walks readers through the steps of conducting a nominal security audit that conforms to the standard. The text also provides detailed guidance for conducting an in-depth technical security audit leading to certification against the 27001 standard. Topics addressed include cyber security, security risk assessments, privacy rights, HIPAA, SOX, intrusion detection systems, security testing activities, cyber terrorism, and vulnerability assessments.
This self-contained text is filled with review questions, workshops, and real-world examples that illustrate effective implementation and security auditing methodologies. It also includes a detailed security auditing methodology students can use to devise and implement effective risk-driven security programs that touch all phases of a computing environmentβincluding the sequential stages needed to maintain virtually air-tight IS management systems that conform to the latest ISO standards.
Front cover
Contents
Preface
About the Author
SECTION I: INTRODUCTION
Chapter 1. Introduction to Information Security Management
Chapter 2. Introduction to Management Concepts
Chapter 3. The Information Security Life Cycle
SECTION II: SECURITY PLAN
Chapter 4. Security Plan
Chapter 5. Security Policy
Chapter 6. Business Continuity Planning
SECTION III: SECURITY ANALYSIS
Chapter 7. Security Risk Management
Chapter 8. Continual Security: Integrated Fault-Event Analysis and Response Framework (IFEAR)
Chapter 9. Active Security Assessment
Chapter 10. System Availability SECTION IV: SECURITY DESIGNChapter 11. Nominal Security Enhancement Design Based on ISO/IEC 27002
Chapter 12. Technical Security Enhancement Based on ISO/IEC 27001
SECTION V: SECURITY IMPLEMENTATION
Chapter 13. Security Solutions
Chapter 14. The Common Criteria
SECTION VI: SECURITY REVIEW
Chapter 15. Security Review throguh Security Audit
Chapter 16. Privacy Rights, Information Technology, and HIPAA
SECTION VII: CONTINUAL SECURITY
Chapter 17. The Sarbanes-Oxley Act and IT Compliance
Chapter 18. Cyberterrorism and Homeland Security
Index
Back cover
Computer security Management Data protection
π SIMILAR VOLUMES
<span>Rare book</span>
<span>THIS IS A BRAND NEW BOOK. WE PROVIDE A TRACKING NUMBER FOR ALL ORDERS REGARDLESS OF SHIPPING OPTION SELECTED.</span>
This groundbreaking book helps you master the management of information security, concentrating on the proactive recognition and resolution of the practical issues of developing and implementing IT security for the enterprise. Drawing upon the authors' wealth of valuable experience in high-risk comm