Information Risk and Security

Explaining the complex sources of risk for any organization, this work provides guidance and strategies to prevent these threats before they happen and to investigate them, if and when they do. It focuses on internal IT risk, workplace crime and the preservation of evidence, advises on issues such as adopting control and security measures.

---

Information Risk and Security explains the complex and diverse sources of risk for any organization and provides clear guidance and strategies to address these threats before they happen, and to investigate them, if and when they do. Edward Wilding focuses particularly on internal IT risk, workplace crime, and the preservation of evidence, because it is these areas that are generally so mismanaged. There is advice on: ¢ preventing computer fraud, IP theft and systems sabotage ¢ adopting control and security measures that do not hinder business operations but which effectively block criminal access and misuse ¢ securing information - in both electronic and hard copy form ¢ understanding and countering the techniques by which employees are subverted or entrapped into giving access to systems and processes ¢ dealing with catastrophic risk ¢ best-practice for monitoring and securing office and wireless networks ¢ responding to attempted extortion and malicious information leaks ¢ conducting covert operations and forensic investigations ¢ securing evidence where computer misuse occurs and presenting this evidence in court and much more. The author's clear and informative style mixes numerous case studies with practical, down-to-earth and easily implemented advice to help everyone with responsibility for this threat to manage it effectively. This is an essential guide for risk and security managers, computer auditors, investigators, IT managers, line managers and non-technical experts; all those who need to understand the threat to workplace computers and information systems.