Nicht aus der Schweiz? Besuchen Sie lehmanns.de
IT Security Risk Control Management - Raymond Pompon

IT Security Risk Control Management (eBook)

An Audit Preparation Plan

(Autor)

eBook Download: PDF
2016 | 1st ed.
XXXI, 311 Seiten
Apress (Verlag)
978-1-4842-2140-2 (ISBN)
Systemvoraussetzungen
66,99 inkl. MwSt
(CHF 65,45)
Der eBook-Verkauf erfolgt durch die Lehmanns Media GmbH (Berlin) zum Preis in Euro inkl. MwSt.
  • Download sofort lieferbar
  • Zahlungsarten anzeigen

This book explains how to construct an information security program, from inception to audit, with enduring, practical, hands-on advice and actionable behavior for IT professionals.  Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking.

IT Security Risk Control Management provides step-by-step guidance on how to craft a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constant changing threats.  Readers will understand the paradoxes of information security and discover handy tools that hook security controls into business processes. 

With this book, you will be able to equip your security program to prepare for and pass such common audits as PCI, SSAE-16 and ISO 27001. In addition, you will learn the depth and breadth of the expertise necessary to become an adaptive and effective security professional. This book:

  • Starts at the beginning of how to approach, scope, and customize a security program to fit an organization.
  • Walks you through how to implement the most challenging processes, pointing out common pitfalls and distractions.
  • Teaches you how to frame security and risk issues to be clear and actionable to decision makers, technical personnel, and users.

What you'll learn

  • How to organically grow a useful, functional security program appropriate to an organization's culture and requirements
  • How to inform, advise, and influence executives, IT staff, and users on information security
  • How to think like a seasoned security professional, understanding how cyber-criminals subvert systems with subtle and insidious tricks.
  • How to analyze, select, implement, and monitor security controls such as change control, vulnerability management, incident response, and access controls.
  • How to prepare an organization to pass external formal audits such as PCI, SSAE-16 or ISO 27001
  • How to  write clear, easy to follow, comprehensive security policies and procedures

Who This Book Is For

IT professionals moving into the security field; new security managers, directors, project heads, and would-be CISOs; and security specialists from other disciplines moving into information security (e.g., former military security professionals, law enforcement professionals, and physical security professionals). 



Ray Pompon is currently the Director of Security at Linedata. With over 20 years of experience in Internet security, he works closely with Federal investigators in cyber-crime investigations and apprehensions. He has been directly involved in several major intrusion cases including the FBI undercover Flyhook operation and the NW Hospital botnet prosecution. For six years, Ray was president and founder of the Seattle chapter of InfraGard, the FBI public-private partnership. He is a lecturer and on the board of advisors for three information assurance certificate programs at the University of Washington. Ray has written many articles and white papers on advanced technology topics and is frequently asked to speak as a subject matter expert on Internet security issues. National journalists have solicited and quoted his thoughts and perspective on the topic of computer security numerous times. He is a Certified Information Systems Security Professional as well as GIAC certified in the Law of Data Security & Investigations.


Follow step-by-step guidance to craft a successful security program. You will identify with the paradoxes of information security and discover handy tools that hook security controls into business processes.Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking.What You Will Learn:Build a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constantly changing threatsPrepare  for and pass such common audits as PCI-DSS, SSAE-16, and ISO 27001Calibrate the scope, and customize security controls to fit into an organization's cultureImplement the most challenging processes, pointing out common pitfalls and distractionsFrame security and risk issues to be clear and actionable so that decision makers, technical personnel, and users will listen and value your adviceWho This Book Is For:IT professionals moving into the security field; new security managers, directors, project heads, and would-be CISOs; and security specialists from other disciplines moving into information security (e.g., former military security professionals, law enforcement professionals, and physical security professionals)

Ray Pompon is currently the Director of Security at Linedata. With over 20 years of experience in Internet security, he works closely with Federal investigators in cyber-crime investigations and apprehensions. He has been directly involved in several major intrusion cases, including the FBI undercover Flyhook operation and the NW Hospital botnet prosecution. For six years, Ray was president and founder of the Seattle chapter of InfraGard, the FBI public-private partnership. He is a lecturer and on the board of advisors for three information assurance certificate programs at the University of Washington. Ray has written many articles and white papers on advanced technology topics and is frequently asked to speak as a subject matter expert on Internet security issues. National journalists have solicited and quoted his thoughts and perspective on the topic of computer security numerous times. He is a Certified Information Systems Security Professional as well as GIAC certified in the Law of Data Security & Investigations.

Part I: Getting a Handle on ThingsChapter 1: Why AuditChapter 2: Assume BreachChapter 3: Risk Analysis: Assets and ImpactsChapter 4: Risk Analysis: Natural ThreatsChapter 5: Risk Analysis: Adversarial RiskPart II: Wrangling the OrganizationChapter 6: ScopeChapter 7: GovernanceChapter 8: Talking to the SuitsChapter 9: Talking to the TechsChapter 10: Talking to the UsersPart III: Managing Risk with ControlsChapter 11: PolicyChapter 12: Control DesignChapter 13: Administrative ControlsChapter 14: Vulnerability ManagementChapter 15: People ControlsChapter 16: Logical Access ControlChapter 17: Network Security ControlsChapter 18: More Technical ControlsChapter 19: Physical Security ControlsPart IV: Being AuditedChapter 20: Response ControlsChapter 21: Starting the AuditChapter 22: Internal AuditChapter 23: Third Party SecurityChapter 24: Post Audit Improvement  

Erscheint lt. Verlag 14.9.2016
Zusatzinfo XXXI, 311 p. 33 illus., 11 illus. in color.
Verlagsort Berkeley
Sprache englisch
Themenwelt Mathematik / Informatik Informatik Datenbanken
Informatik Netzwerke Sicherheit / Firewall
Schlagworte Adversarial Risk • Failure Mode Effects Analysis • iso27001 • IT Security • Logical Access Controls • Network Breach • Network Risk • Network Security Controls • PCI • Risk Management • Security Audit • security policy • Security Risk • SSAE-16 • vulnerability management
ISBN-10 1-4842-2140-0 / 1484221400
ISBN-13 978-1-4842-2140-2 / 9781484221402
Haben Sie eine Frage zum Produkt?
PDFPDF (Wasserzeichen)
Größe: 18,3 MB

DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasser­zeichen und ist damit für Sie persona­lisiert. Bei einer missbräuch­lichen Weiter­gabe des eBooks an Dritte ist eine Rück­ver­folgung an die Quelle möglich.

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seiten­layout eignet sich die PDF besonders für Fach­bücher mit Spalten, Tabellen und Abbild­ungen. Eine PDF kann auf fast allen Geräten ange­zeigt werden, ist aber für kleine Displays (Smart­phone, eReader) nur einge­schränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Mehr entdecken
aus dem Bereich
Das Praxishandbuch zu Krisenmanagement und Krisenkommunikation

von Holger Kaschner

eBook Download (2024)
Springer Fachmedien Wiesbaden (Verlag)
CHF 34,15
Methodische Kombination von IT-Strategie und IT-Reifegradmodell

von Markus Mangiapane; Roman P. Büchler

eBook Download (2024)
Springer Vieweg (Verlag)
CHF 41,95