Enterprise Information Security and Privacy 1st Edition by C Warren Axelrod, Jennifer Bayuk, Daniel Schutzer ISBN 9781596931909

Enterprise Information Security and Privacy 1st Edition by C Warren Axelrod, Jennifer Bayuk, Daniel Schutzer – Ebook PDF Instant Download/Delivery. 9781596931909 
Full download Enterprise Information Security and Privacy 1st Edition after payment

Product details:

ISBN 10: 
ISBN 13: 9781596931909
Author: C Warren Axelrod, Jennifer Bayuk, Daniel Schutzer

Here’s a unique and practical book that addresses the rapidly growing problem of information security, privacy, and secrecy threats and vulnerabilities. This authoritative resource helps you understand what really needs to be done to protect sensitive data and systems and how to comply with the burgeoning roster of data protection laws and regulations. The book examines the effectiveness and weaknesses of current approaches and guides you towards practical methods and doable processes that can bring about real improvement in the overall security environment. You gain insight into the latest security and privacy trends, learn how to determine and mitigate risks, and discover the specific dangers and responses regarding the most critical sectors of a modern economy.

Enterprise Information Security and Privacy 1st Table of contents:

Part I: Trends
Chapter 1 Privacy Roles and Responsibilities
1.1 Background
1.2 Observations
1.3 Recommendations
1.3.1 Roles and Responsibilities of Information Security
1.3.2 The Impact of Outsourcing: Privacy, Security, and Enforcing Controls
1.3.3 Privacy and New Roles for Information Security
1.4 Future Trends
Chapter 2 Data Protection
2.1 Background
2.2 Observations
2.3 Recommendations
2.3.1 Formalize a Trust Model
2.3.2 Utilize an Integrated and Holistic Approach to Security and Governance
2.3.3 Implement a Risk-Based Systemic Security Architecture
2.3.4 Support an Adaptive Security Approach to Security
2.3.5 Build Systems, Applications, Networks, Protocols, and Others Using Accepted Standards
2.4 Future Trends
Chapter 3 IT Operational Pressures on Information Security
3.1 Background
3.1.1 IT Operations and IT Service Development Impede Information SecurityGoals
3.1.2 Information Security Impedes IT Operations and IT Service Development Goals
3.1.3 Information Security Using a Technology-Centric, Bottom-Up Risk Model
3.2 Observations
3.3 Recommendations
3.3.1 Stabilize the Patient and Get Plugged into Production
3.3.2 Find Business Risks, Identify Controls, and Fix Fragile Artifacts
3.3.3 Implement Development and Release Controls
3.3.4 Continually Improve
3.4 Future Trends
Chapter 4 Information Classification
4.1 Background
4.2 Observations
4.3 Recommendations
4.4 Future Trends
Chapter 5 Human Factors
5.1 Background
5.1.1 Historical Perspective on Privacy
5.1.2 Impact of Technology on Privacy
5.1.3 Privacy in a Corporate Setting
5.1.4 Evolution of Personal Information
5.2 Observations
5.2.1 Privacy Trade-offs—Human Behavioral Impact on Privacy
5.2.2 What is Risk?
5.3 Recommendations
5.4 Future Trends
Acknowledgments
Part II: Risks
Chapter 6 Making the Case for Replacing Risk-Based Security
6.1 Introduction
6.1.1 Understanding Security Risk
6.2 Why Risk Assessment and Risk Management Fail
6.2.1 Misplaced Support for Risk-Based Security in Practice
6.2.2 Alternatives to Security Risk Assessment
6.3 Conclusion
Chapter 7 The Economics of Loss
7.1 Security as the Prevention of Loss
7.2 Quantifying the Risk of Loss
7.3 Refining the Basic Risk Equation
7.4 The Problem of Quantifying Loss Itself
7.5 Confronting the Reality of Hypothetical Actions
7.6 Overcoming the Fixation on Assets
7.7 Overcoming the Fixation on Market Value
7.8 Overcoming the Fixation on Productivity
7.9 Overcoming the Neglect of Substitutes
7.10 Taking Account of the Duration and Extent of the Effects
7.11 Distinguishing Between the Different Business Categories ofAttacks
7.12 Putting the Proper Risk Estimates Back into the ROI Calculation
Chapter 8 Legal and Regulatory Obligations
8.1 The Expanding Duty to Provide Security
8.1.1 Where Does It Come From?
8.1.2 What Is Covered?
8.2 The Emergence of a Legal Standard for Compliance
8.2.1 The Developing Legal Definition of “Reasonable Security”
8.2.2 An Increasing Focus on Specific Data Elements and Controls
8.3 The Imposition of a Duty to Warn of Security Breaches
8.3.1 The Basic Obligation
8.3.2 International Adoption
8.4 Conclusion
Chapter 9 Telecommunications
9.1 Security Issues in Mobile Telecommunications
9.1.1 Pressure on the Perimeter Model
9.1.2 Computer Security Threats for Portable Devices
9.2 Security Issues in Global Telecommunications
9.2.1 Global Cooperation on Cyber Attack
9.2.2 Global Attention to Software Piracy
9.3 Security Issues in Internet Protocol–Based Telecommunications
9.3.1 Reduced Technological Diversity
9.3.2 Increased Reliance on Shared, Decentralized Internet-Based Systems
9.4 Security Issues in Bandwidth-Increasing Telecommunications
9.4.1 Residential Users Have Greater Security Responsibility
9.4.2 Botnets Become a Huge Threat to the Global Economy
References
Part III: Experience
Chapter 10 Financial Services
10.1 Laws, Regulations, and Supervisory Requirements
10.1.1 Gramm-Leach-Bliley Act of 1999
10.1.2 The Sarbanes-Oxley Act of 2002
10.1.3 The Fair and Accurate Credit Transactions Act of 2003
10.1.4 Breach Notification Requirements
10.1.5 Supervisory Guidance
10.2 Future Focus
10.2.1 Identity Theft Prevention
10.2.2 Outsourcing and Offshoring
10.2.3 Cross-Border Data Flows
10.2.4 Encryption
10.2.5 Online Behavioral Advertising
10.2.6 Internet Governance
10.2.7 Wireless Security
10.2.8 Capital Requirements for Operational Risk
10.2.9 Security of Web-Based Business Applications
10.2.10 Other Future Focuses in Financial Sector Security
10.3 Compliance Challenges
Chapter 11 Energy
11.1 Overview of Sector
11.2 Risks Related to Security and Privacy
11.3 How Risks Are Addressed
11.4 Documentation and Its Relation to Information Security
11.5 Conclusion
Acknowledgments
Selected Bibliography
Chapter 12 Transportation Security
12.1 Overview
12.2 Technology’s Role in Transportation Security
12.3 Security in Transit
12.4 Best Practices Applied
Chapter 13 Academia
13.1 Overview
13.1.1 Age and Demographics
13.1.2 You Cannot Fire Me
13.1.3 Hard to Educate Users
13.1.4 Lax Controls
13.1.5 How Everything Is Connected
13.2 Case Studies
13.2.1 Case Study: Social Networking and Crimeware
13.2.2 Case Study: Social Phishing
13.2.3 Case Study: Infected Access Points
13.3 Protection
References
Appendix A Key Information Security Law References
A.1 Federal Statutes
A.2 State Statutes
A.3 Federal Regulations
A.4 State Regulations
A.5 Court Decisions
A.6 FTC Decisions and Consent Decrees
A.7 State Attorneys General Consent Decrees
A.8 European Union—Directives
A.9 European Union—Security Provisions in Country Implementations of Data Protection Directive
A.10 Other Countries

People also search for Enterprise Information Security and Privacy 1st:

    
enterprise information security and privacy
    
enterprise information protection
    
enterprise information security program
    
enterprise information security
    
enterprise information security policy