IT Security Risk Control Management
Apress (Verlag)
978-1-4842-2139-6 (ISBN)
This book focuses on timeless, practical, hands-on advice and actionable behavior specific to information security. It will not get into minutia of the technical details, which become obsolete in a few years after this book is released anyway
It is for security managers who just want to get better and think they are missing something. It’s also for current security professionals who are struggling with audits or just aren’t performing to satisfaction
This book explains how to construct an information security program, from inception to audit, with enduring, practical, hands-on advice and actionable behavior for IT professionals. Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking.
IT Security Risk Control Management provides step-by-step guidance on how to craft a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constant changing threats. Readers will understand the paradoxes of information security and discover handy tools that hook security controls into business processes.
With this book, you will be able to equip your security program to prepare for and pass such common audits as PCI, SSAE-16 and ISO 27001. In addition, you will learn the depth and breadth of the expertise necessary to become an adaptive and effective security professional.
This book:
Starts at the beginning of how to approach, scope, and customize a security program to fit an organization.
Walks you through how to implement the most challenging processes, pointing out common pitfalls and distractions.
Teaches you how to frame security and risk issues to be clear and actionable to decision makers, technical personnel, and users.
What you’ll learn
How to organically grow a useful, functional security program appropriate to an organization's culture and requirements
How to inform, advise, and influence executives, IT staff, and users on information security
How to think like a seasoned security professional, understanding how cyber-criminals subvert systems with subtle and insidious tricks.
How to analyze, select, implement, and monitor security controls such as change control, vulnerability management, incident response, and access controls.
How to prepare an organization to pass external formal audits such as PCI, SSAE-16 or ISO 27001
How to write clear, easy to follow, comprehensive security policies and procedures
Who This Book Is For
IT professionals moving into the security field; new security managers, directors, project heads, and would-be CISOs; and security specialists from other disciplines moving into information security (e.g., former military security professionals, law enforcement professionals, and physical security professionals).
Ray Pompon is currently the Director of Security at Linedata. With over 20 years of experience in Internet security, he works closely with Federal investigators in cyber-crime investigations and apprehensions. He has been directly involved in several major intrusion cases including the FBI undercover Flyhook operation and the NW Hospital botnet prosecution. For six years, Ray was president and founder of the Seattle chapter of InfraGard, the FBI public-private partnership. He is a lecturer and on the board of advisors for three information assurance certificate programs at the University of Washington. Ray has written many articles and white papers on advanced technology topics and is frequently asked to speak as a subject matter expert on Internet security issues. National journalists have solicited and quoted his thoughts and perspective on the topic of computer security numerous times. He is a Certified Information Systems Security Professional as well as GIAC certified in the Law of Data Security & Investigations.
Part I: Getting a Handle on Things Chapter 1: Why Audit Chapter 2: Assume Breach Chapter 3: Risk Analysis: Assets and Impacts Chapter 4: Risk Analysis: Natural Threats Chapter 5: Risk Analysis: Adversarial Risk Part II: Wrangling the Organization Chapter 6: Scope Chapter 7: Governance Chapter 8: Talking to the Suits Chapter 9: Talking to the Techs"/p> Chapter 10: Talking to the Users Part III: Managing Risk with Controls Chapter 11: Policy Chapter 12: Control Design Chapter 13: Administrative Controls Chapter 14: Vulnerability Management Chapter 15: People Controls Chapter 16: Logical Access Control Chapter 17: Network Security Controls Chapter 18: More Technical Controls Chapter 19: Physical Security Controls Part IV: Being Audited Chapter 20: Response Controls Chapter 21: Starting the Audit Chapter 22: Internal Audit Chapter 23: Third Party Security Chapter 24: Post Audit Improvement
Erscheinungsdatum | 22.09.2016 |
---|---|
Zusatzinfo | 22 black & white illustrations, 11 colour illustrations, biography |
Verlagsort | Berkley |
Sprache | englisch |
Maße | 178 x 254 mm |
Gewicht | 662 g |
Themenwelt | Mathematik / Informatik ► Informatik ► Datenbanken |
Informatik ► Netzwerke ► Sicherheit / Firewall | |
Schlagworte | Adversarial Risk • Failure Mode Effects Analysis • iso27001 • IT Security • Logical Access Controls • Network Breach • Network Risk • Network Security Controls • PCI • Risk Management • Security Audit • security policy • Security Risk • SSAE-16 • vulnerability management |
ISBN-10 | 1-4842-2139-7 / 1484221397 |
ISBN-13 | 978-1-4842-2139-6 / 9781484221396 |
Zustand | Neuware |
Haben Sie eine Frage zum Produkt? |
aus dem Bereich