Information Security FundamentalsBook - 2014
"Effective security rules and procedures do not exist for their own sake-they are put in place to protect critical assets, thereby supporting overall business objectives. Recognizing security as a business enabler is the first step in building a successful program.Information Security Fundamentals allows future security professionals to gain a solid understanding of the foundations of the field and the entire range of issues that practitioners must address. This book enables students to understand the key elements that comprise a successful information security program and eventually apply these concepts to their own efforts. The book examines the elements of computer security, employee roles and responsibilities, and common threats. It examines the needfor management controls, policies and procedures, and risk analysis, and also presents a comprehensive list of tasks and objectives that make up a typical information protection program.The volume discusses organizationwide policies and their documentation, and legal and business requirements. It explains policy format, focusing on global, topic-specific, and application-specific policies. Following a review of asset classification, the book explores access control, the components of physical security, and the foundations and processes of risk analysis and risk management. Information Security Fundamentals concludes by describing business continuity planning, including preventive controls, recovery strategies, and ways to conduct a business impact analysis"--
& Francis Publishing
Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise’s effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.
The book examines the elements of computer security, employee roles and responsibilities, and common threats. It discusses the legal requirements that impact security policies, including Sarbanes-Oxley, HIPAA, and the Gramm-Leach-Bliley Act. Detailing physical security requirements and controls, this updated edition offers a sample physical security policy and includes a complete list of tasks and objectives that make up an effective information protection program.
- Includes ten new chapters
- Broadens its coverage of regulations to include FISMA, PCI compliance, and foreign requirements
- Expands its coverage of compliance and governance issues
- Adds discussions of ISO 27001, ITIL, COSO, COBIT, and other frameworks
- Presents new information on mobile security issues
- Reorganizes the contents around ISO 27002
The book discusses organization-wide policies, their documentation, and legal and business requirements. It explains policy format with a focus on global, topic-specific, and application-specific policies. Following a review of asset classification, it explores access control, the components of physical security, and the foundations and processes of risk analysis and risk management.
The text concludes by describing business continuity planning, preventive controls, recovery strategies, and how to conduct a business impact analysis. Each chapter in the book has been written by a different expert to ensure you gain the comprehensive understanding of what it takes to develop an effective information security program.
This guide to information security focuses more on the organizational and general aspects of the subject rather than specific software and methods. The collection of papers by many leading industry professionals is in its second edition, updating and largely expanding on its predecessor. Many new chapters are included, and regulation coverage--already significant in the first edition--is greatly expanded. Legal aspects and physical security are discussed in depth; many policy recommendations, from organization-wide to specific incident response team management, are included. ISO standards are described, along with governance and compliance issues and their interaction with everyday operations. The emphasis throughout is on general systems and risk analysis and management. Annotation ©2014 Book News, Inc., Portland, OR (booknews.com)