A Practical Guide to Managing Information Security 1st Edition by Steve Purser ISBN 9781580537025 1580537025

A Practical Guide to Managing Information Security 1st Edition by Steve Purser  – Ebook PDF Instant Download/Delivery: 9781580537025, 1580537025 
Full download A Practical Guide to Managing Information Security 1st Edition after payment

Product details: 

ISBN 10:  1580537025 

ISBN 13: 9781580537025

Author:  Steve Purser 

This groundbreaking book helps you master the management of information security, concentrating on the recognition and resolution of the practical issues of developing and implementing IT security for the enterprise. Drawing upon the authors’ wealth of valuable experience in high-risk commercial environments, the work focuses on the need to align the information security process as a whole with the requirements of the modern enterprise, which involves empowering business managers to manage information security-related risk. Throughout, the book places emphasis on the use of simple, pragmatic risk management as a tool for decision-making. The first book to cover the strategic issues of IT security, it helps you to: understand the difference between more theoretical treatments of information security and operational reality; learn how information security risk can be measured and subsequently managed; define and execute an information security strategy design and implement a security architecture; and ensure that limited resources are used optimally. Illustrated by practical examples, this topical volume reveals the current problem areas in IT security deployment and management. Moreover, it offers guidelines for writing scalable and flexible procedures for developing an IT security strategy and monitoring its implementation. You discover an approach for reducing complexity and risk, and find tips for building a successful team and managing communications issues within the organization. This essential resource provides practical insight into contradictions in the current approach to securing enterprise-wide IT infrastructures, recognizes the need to continually challenge dated concepts, demonstrates the necessity of using appropriate risk management techniques, and evaluates whether or not a given risk is acceptable in pursuit of future business opportunities.

Table of contents: 

1. The Need for a Proactive Approach

2. The Reality of the Modern Enterprise

3. Evolution of Organizational Structures

4. Evolution of Technical Infrastructure

5. Limitations of Policy-Driven Decision Making

6. Education and Awareness
    6.2 The Technology Trap

7. Operational Issues

8. Agreement and Publication of Final Strategy
    8.1 Summary
    References

9. Policy and Standards
    9.2 Designing the Documentation Set
    9.3 Policy
     9.3.2 Identifying Required Policy Statements
     9.3.3 Design and Implementation
    9.7 Scalability

10. New Challenges
     10.2 Privacy

11. Introducing The Not So Secure Bank
     11.0 Summary
     References

12. Management Techniques
     12.2 Information Relating to Security Incidents and Vulnerabilities
     12.3 Risk Analysis and Risk Management
     12.4 Strategy and Planning
     12.5 Policy and Standards
     12.6 Processes and Procedures
     12.7 Methodologies and Frameworks
     12.8 Awareness and Training
     12.9 Audits
     12.10 Contracts
     12.11 Outsourcing
     12.12 Summary
     References

13. Technical Tools
     13.2 Classification of Security Tools
     13.3 Host-Oriented Tools
      13.3.2 The Native Operating System Security Subsystem
      13.3.3 Authentication and Authorization
      13.3.4 System Integrity
      13.3.5 System Access Control
      13.3.6 System Security Monitoring
      13.3.7 Data Confidentiality and Integrity
     13.4 Network-Oriented Tools
      13.4.2 Network Integrity
      13.4.3 Network Access Control
      13.4.4 Network Security Monitoring
      13.4.5 Data Confidentiality and Integrity
     13.5 Supporting Infrastructure
      13.5.2 Smart Cards and Cryptographic Modules
      13.5.3 Authentication Devices
     13.6 Summary
     References

14. A Proactive Approach Overview
     14.2 The Consolidation Period and Strategic-Planning Cycles
     14.3 Deciding on a Personal Strategy
     14.4 The Consolidation Period
      14.4.2 Establishing Contact with Stakeholders
      14.4.3 Identifying Major Issues
      14.4.4 Classifying Issues
      14.4.5 Implementing Short-Term Solutions
      14.4.6 Identifying Quick Wins
      14.4.7 Implementing Initial Management-Control Mechanisms
     14.5 The Strategic-Planning Cycle
      14.5.2 Definition of a Strategy
      14.5.3 Production of a Strategic Plan
      14.5.5 Monitoring for Further Improvement
     14.6 The Core Deliverables
     14.7 Summary
     References

15. The Information Security Strategy
     15.2 Planning
     15.3 Analysis of the Current Situation
     15.4 Identification of Business Strategy Requirements
     15.5 Identification of Legal and Regulatory Requirements
     15.6 Identification of Requirements due to External Trends
     15.7 Definition of the Target Situation
     15.8 Definition and Prioritization of Strategic Initiatives
     15.9 Distribution of the Draft Strategy

16. The Secure Bank Policy Statements
     16.4 Establishing a Control Framework
     16.5 Standards
      16.5.2 External Standards
      16.5.3 Internal Standards
      16.5.4 Agreement and Distribution of Standards
     16.6 Guidelines and Working Papers
     References

17. Process Design and Implementation
     17.2 Why Processes Fail to Deliver
      17.2.2 Adaptability Issues
      17.2.3 Acceptance Issues
     17.3 Process Improvement
      17.3.2 Improving Productivity
      17.3.3 Improving Adaptability
      17.3.4 Improving Acceptance
     17.4 Improving the Authorization and Access-Control Procedure
      17.4.3 Identifying the Target Situation
      17.4.4 Planning Incremental Improvements
      17.4.5 Implementing Improvements
     17.5 Continuous Improvement
     17.6 Summary
     References

18. Building an IT Security Architecture
     18.2 Problems Associated with System-Focused Approaches
     18.3 A Three-Phased Approach
     18.4 The Design Phase
      18.4.2 Agreeing on Basic Design Principles
      18.4.3 Modeling the IT Infrastructure
      18.4.4 Risk Analysis
      18.4.5 Identifying Logical Components
      18.4.6 Obtaining Signoff of the Concept
      18.5.2 Production of a Phased Implementation Plan
      18.5.3 Preparing Proposals
      18.5.4 Selection of Commercial Packages
      18.5.5 Testing and Integration
      18.5.6 SLAs and Support Contracts
      18.5.7 Technical Training
      18.6.1 Routine Administration and Maintenance
      18.6.3 Managing Incidents
      18.6.4 Managing Risk Using Risk Indicators
     18.7 Summary

19. Creating a Security-Minded Culture
     19.2 Techniques for Introducing Cultural Change
     19.3 Internal Marketing and Sales
     19.4 Support and Feedback
     19.5 Security-Awareness Training
      19.5.2 Planning Considerations
      19.5.3 Defining the Objectives
      19.5.5 Identifying the Message
      19.5.6 Developing the Material
      19.5.7 Defining Tracking and Follow-Up Procedures
     19.6 Security Skills Training
      19.6.2 The Information Security Team
      19.6.3 Other Staff
     19.7 Involvement Initiatives
     19.8 Summary
     References

20. Fast Risk Analysis
     A3 A Worked Example

21. About the Author

22. Index

People also search for:

a practical guide to computer forensics investigations
    
a practical guide to investment management trading and financial engineering
    
a practical guide to social networks
    
a practical guide to risk management by thomas s coleman
    
a practical guide to buying a business

Tags: Steve Purser, A Practical Guide, Managing Information