𝔖 Scriptorium
✦   LIBER   ✦
πŸ“

IT Security Risk Control Management: An Audit Preparation Plan

✍ Scribed by Raymond Pompon (auth.)

Publisher
Apress
Year
2016
Tongue
English
Leaves
328
Edition
1
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

This book explains how to construct an information security program, from inception to audit, with enduring, practical, hands-on advice and actionable behavior for IT professionals. Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking.

IT Security Risk Control Management provides step-by-step guidance on how to craft a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constant changing threats. Readers will understand the paradoxes of information security and discover handy tools that hook security controls into business processes.

With this book, you will be able to equip your security program to prepare for and pass such common audits as PCI, SSAE-16 and ISO 27001. In addition, you will learn the depth and breadth of the expertise necessary to become an adaptive and effective security professional. This book:

  • Starts at the beginning of how to approach, scope, and customize a security program to fit an organization.
  • Walks you through how to implement the most challenging processes, pointing out common pitfalls and distractions.
  • Teaches you how to frame security and risk issues to be clear and actionable to decision makers, technical personnel, and users.

What you’ll learn

  • How to organically grow a useful, functional security program appropriate to an organization's culture and requirements
  • How to inform, advise, and influence executives, IT staff, and users on information security
  • How to think like a seasoned security professional, understanding how cyber-criminals subvert systems with subtle and insidious tricks.
  • How to analyze, select, implement, and monitor security controls such as change control, vulnerability management, incident response, and access controls.
  • How to prepare an organization to pass external formal audits such as PCI, SSAE-16 or ISO 27001
  • How to write clear, easy to follow, comprehensive security policies and procedures

Who This Book Is For

IT professionals moving into the security field; new security managers, directors, project heads, and would-be CISOs; and security specialists from other disciplines moving into information security (e.g., former military security professionals, law enforcement professionals, and physical security professionals).

✦ Table of Contents

Front Matter....Pages i-xxxi
Front Matter....Pages 1-1
Why Audit?....Pages 3-11
Assume Breach....Pages 13-21
Risk Analysis: Assets and Impacts....Pages 23-37
Risk Analysis: Natural Threats....Pages 39-50
Risk Analysis: Adversarial Risk....Pages 51-65
Front Matter....Pages 67-67
Scope....Pages 69-80
Governance....Pages 81-98
Talking to the Suits....Pages 99-112
Talking to the Techs....Pages 113-121
Talking to the Users....Pages 123-130
Front Matter....Pages 131-131
Policy....Pages 133-143
Control Design....Pages 145-152
Administrative Controls....Pages 153-163
Vulnerability Management....Pages 165-174
People Controls....Pages 175-185
Logical Access Control....Pages 187-195
Network Security....Pages 197-217
More Technical Controls....Pages 219-229
Physical Security Controls....Pages 231-238
Response Controls....Pages 239-258
Front Matter....Pages 259-259
Starting the Audit....Pages 261-274
Internal Audit....Pages 275-282
Third-Party Security....Pages 283-292
Post Audit Improvement....Pages 293-300
Back Matter....Pages 301-311

✦ Subjects

Security;Systems and Data Security;Information Systems Applications (incl. Internet)

πŸ“œ SIMILAR VOLUMES

IT Security Risk Control Management: an
πŸ“ IT Security Risk Control Management: an Audit Preparation Plan
✍ Pompon, Raymond πŸ“‚ Library πŸ“… 2016 πŸ› Apress 🌐 English

Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking. IT Security

IT Security Risk Control Management: An
πŸ“ IT Security Risk Control Management: An Audit Preparation Plan
✍ Raymond Pompon πŸ“‚ Library πŸ“… 2016 πŸ› Apress 🌐 English

<p>This book explains how to construct an information security program, from inception to audit, with enduring, practical, hands-on advice and actionable behavior for IT professionals. Β Information security is more than configuring firewalls, removingΒ viruses, hacking machines, or setting passwords.

Securing an IT Organization through Gove
πŸ“ Securing an IT Organization through Governance, Risk Management, and Audit
✍ Ken E. Sigler, James L. Rainey III πŸ“‚ Library πŸ“… 2016 πŸ› Auerbach Publications 🌐 English

<P>Past events have shed light on the vulnerability of mission-critical computer systems at highly sensitive levels. It has been demonstrated that common hackers can use tools and techniques downloaded from the Internet to attack government and commercial information systems. Although threats may co

IT Security Risk Management: Perceived I
πŸ“ IT Security Risk Management: Perceived IT Security Risks in the Context of Cloud Computing
✍ Tobias Ackermann (auth.) πŸ“‚ Library πŸ“… 2013 πŸ› Gabler Verlag 🌐 English

<p>This book provides a comprehensive conceptualization of perceived IT security risk in the Cloud Computing context that is based on six distinct risk dimensions grounded on a structured literature review, Q-sorting, expert interviews, and analysis of data collected from 356 organizations. Addition