In today’s technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. The second edition includes the security of cloud-based resources and the contents have been revised to reflect the changes to the BCS Certification in Information Security Management Principles which the book supports.
Management of Information Security, Third Edition focuses on the managerial aspects of information security and assurance. Topics covered include access control models, information security governance, and information security program assessment and metrics. Coverage on the foundational and technical components of information security is included to reinforce key concepts. This new edition includes up-to-date information on changes in the field such as revised sections on national and international laws and international standards like the ISO 27000 series. With these updates, Management of Information Security continues to offer a unique overview of information security from a management perspective while maintaining a finger on the pulse of industry changes and academic relevance. Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.
Create appropriate, security-focused business propositions that consider the balance between cost, risk, and usability, while starting your journey to become an information security manager. Covering a wealth of information that explains exactly how the industry works today, this book focuses on how you can set up an effective information security practice, hire the right people, and strike the best balance between security controls, costs, and risks. Practical Information Security Management provides a wealth of practical advice for anyone responsible for information security management in the workplace, focusing on the ‘how’ rather than the ‘what’. Together we’ll cut through the policies, regulations, and standards to expose the real inner workings of what makes a security management program effective, covering the full gamut of subject matter pertaining to security management: organizational structures, security architectures, technical controls, governance frameworks, and operational security. This book was not written to help you pass your CISSP, CISM, or CISMP or become a PCI-DSS auditor. It won’t help you build an ISO 27001 or COBIT-compliant security management system, and it won’t help you become an ethical hacker or digital forensics investigator – there are many excellent books on the market that cover these subjects in detail. Instead, this is a practical book that offers years of real-world experience in helping you focus on the getting the job done. What You Will Learn Learn the practical aspects of being an effective information security manager Strike the right balance between cost and risk Take security policies and standards and make them work in reality Leverage complex security functions, such as Digital Forensics, Incident Response and Security Architecture Who This Book Is For“/div>divAnyone who wants to make a difference in offering effective security management for their business. You might already be a security manager seeking insight into areas of the job that you’ve not looked at before, or you might be a techie or risk guy wanting to switch into this challenging new career. Whatever your career goals are, Practical Security Management has something to offer you.
Incorporating both the managerial and technical aspects of this discipline, the authors address knowledge areas of Certified Information Systems Security Professional certification throughout and include many examples of issues faced by today's businesses.
How to Reduce Risk Through Employee Education, Training and Awareness
Author: Mr Angus McIlwraith
Publisher: Gower Publishing, Ltd.
Category: Business & Economics
Research suggests that between 60-75% of all information security incidents are the result of a lack of knowledge and/or understanding amongst an organization's own staff. And yet the great majority of money spent protecting systems is focused on creating technical defences against external threats. Angus McIlwraith's book explains how corporate culture affects perceptions of risk and information security, and how this in turn affects employee behaviour. He then provides a pragmatic approach for educating and training employees in information security and explains how different metrics can be used to assess awareness and behaviour. Information security awareness will always be an ongoing struggle against complacency, problems associated with new systems and technology, and the challenge of other more glamorous and often short term priorities. Information Security and Employee Behaviour will help you develop the capability and culture that will enable your organization to avoid or reduce the impact of unwanted security breaches.
Information security is moving much higher up the agenda of corporate concerns. If information is our most important asset, then we must gird ourselves up for the task of protecting it properly. Information Security Management: Global Challenges in the New Millennium focuses on aspects of information security planning, evaluation, design and implementation.
The Information Security Management Handbook continues its tradition of consistently communicating the fundamental concepts of security needed to be a true CISSP. In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded coverage on security management issues and applications security. Even those that don't plan on sitting for the CISSP exam will find that this handbook is a great information security reference. The changes in the technology of information security and the increasing threats to security make a complete and up-to-date understanding of this material essential. Volume 4 supplements the information in the earlier volumes of this handbook, updating it and keeping it current. Organized by the ten domains of the Common Body of Knowledge (CBK) on which the CISSP exam is based, this volume gives you the information you need to understand what makes information secure and how to secure it. Because the knowledge required to master information security - the CBK - is growing so quickly, there is little duplication of material among the four volumes. As a study guide or resource that you can use on the job, the Information Security Management Handbook, Fourth Edition, Volume 4 is the book you will refer to over and over again.
Discover a managerially-focused overview of information security with a thorough presentation of how to most effectively administer it with MANAGEMENT OF INFORMATION SECURITY, 5E. Insightful, engaging content prepares you to become an information security management practitioner able to secure systems and networks in a world where continuously emerging threats, ever-present attacks, and the success of criminals illustrate the weaknesses in current information technologies. You'll develop both the information security skills and practical experience that organizations are looking for as they strive to ensure more secure computing environments. This edition offers a tightened focus on key executive and managerial aspects of information security while still emphasizing the foundational material to reinforce key concepts. Updated content reflects the most recent developments in the field, including NIST, ISO, and security governance.
"This book provides high-quality research papers and industrial practice articles about information security in the financial service industry. It provides insight into current information security measures, including: technology, processes, and compliance from some of the leading researchers and practitioners in the field"--Provided by publisher.