Information Assurance Managing Organizational IT Security Risks 1st Edition by Joseph Boyce, Daniel Jennings 0750673273 9780750673273
Original price was: $50.00.$35.00Current price is: $35.00.
Authors:Joseph Boyce; Daniel Jennings , Series:Cyber Security [51] , Tags:Computers; Information Technology; Security; General , Author sort:Boyce, Joseph & Jennings, Daniel , Ids:Google; 9780080508719 , Languages:Languages:eng , Published:Published:Jun 2002 , Publisher:Elsevier , Comments:Comments:Written by two INFOSEC experts, this book provides a systematic and practical approach for establishing, managing and operating a comprehensive Information Assurance program. It is designed to provide ISSO managers, security managers, and INFOSEC professionals with an understanding of the essential issues required to develop and apply a targeted information security posture to both public and private corporations and government run agencies.There is a growing concern among all corporations and within the security industry to come up with new approaches to measure an organization’s information security risks and posture. Information Assurance explains and defines the theories and processes that will help a company protect its proprietary information including: * The need to assess the current level of risk.* The need to determine what can impact the risk.* The need to determine how risk can be reduced.The authors lay out a detailed strategy for defining information security, establishing IA goals, providing training for security awareness, and conducting airtight incident response to system compromise. Such topics as defense in depth, configuration management, IA legal issues, and the importance of establishing an IT baseline are covered in-depth from an organizational and managerial decision-making perspective. Experience-based theory provided in a logical and comprehensive manner. Management focused coverage includes establishing an IT security posture, implementing organizational awareness and training, and understanding the dynamics of new technologies. Numerous real-world examples provide a baseline for assessment and comparison.
Information Assurance: Managing Organizational IT Security Risks 1st Edition by Joseph Boyce, Daniel Jennings – Ebook PDF Instant Download/Delivery. 0750673273, 9780750673273
Full download Information Assurance Managing Organizational IT Security Risks 1st Edition after payment
Product details:
ISBN 10: 0750673273
ISBN 13: 9780750673273
Author: Joseph Boyce; Daniel Jennings
There is a growing concern among all corporations and within the security industry to come up with new approaches to measure an organization’s information security risks and posture. Information Assurance explains and defines the theories and processes that will help a company protect its proprietary information including:
* The need to assess the current level of risk.
* The need to determine what can impact the risk.
* The need to determine how risk can be reduced.
The authors lay out a detailed strategy for defining information security, establishing IA goals, providing training for security awareness, and conducting airtight incident response to system compromise. Such topics as defense in depth, configuration management, IA legal issues, and the importance of establishing an IT baseline are covered in-depth from an organizational and managerial decision-making perspective.
* Experience-based theory provided in a logical and comprehensive manner.
* Management focused coverage includes establishing an IT security posture, implementing organizational awareness and training, and understanding the dynamics of new technologies.
* Numerous real-world examples provide a baseline for assessment and comparison.
Information Assurance Managing Organizational IT Security Risks 1st Table of contents:
PART I: THE ORGANIZATIONAL IA PROGRAM: THE PRACTICAL AND CONCEPTUAL FOUNDATION
Chapter 1. IA and the Organization: The Challenges
Chapter Objectives
The Meaning and Significance of IA
The Rights of Organizations
The Contribution of Information and Information Technology (IT) to Achieving the Rights of Organizat
The Emergence of New Challenges
Summary
References
Chapter 2. Basic Security Concepts, Principles, and Strategy
Chapter Objectives
Basic Security Concepts and Principles
Basic Security Strategy
Summary
References
PART II: DEFINING THE ORGANIZATION’S CURRENT IA POSTURE
Chapter 3. Determining the Organization’s IA Baseline
Chapter Objectives
Information Assurance Elements
Summary
References
Chapter 4. Determining IT Security Priorities
Chapter Objectives
Identifying Your Security Protection Priorities
Measuring the Accomplishment of Organizational IA Needs
Summary
References
Chapter 5. The Organization’s IA Posture
Chapter Objectives
Introduction
The Process for Determining Organizational IA Posture
Summary
References
PART III: ESTABLISHING AND MANAGING AN IA DEFENSE IN DEPTH STRATEGY WITHIN AN ORGANIZATION
Chapter 6. Layer 1: IA Policies
Chapter Objectives
The Concept of Policy
The Intent and Significance of IA Policies
The Mechanics of Developing, Communicating, and Enforcing IA Policies
Summary
References
Chapter 7. Layer 2: IA Management
Chapter Objectives
Establishing an IA Management Program
Managing IA
Summary
References
Chapter 8. Layer 3: IA Architecture
Chapter Objectives
The Objectives of the IA Architecture
Knowledge Required to Design the IA Architecture
The Design of the Organization’s IA Architecture
Allocation of Security Services and Security Mechanisms
The Implementation of the Organization’s IA Architecture
Summary
References
Chapter 9. Layer 4: Operational Security Administration
Chapter Objectives
Administering Information Systems Security
Summary
References
Chapter 10. Layer 5: Configuration Management
Chapter Objectives
The Necessity of Managing Changes to the IA Baseline
Configuration Management: An Approach for Managing IA Baseline Changes
Summary
References
Chapter 11. Layer 6: Life-Cycle Security
Chapter Objectives
Security Throughout the System Life Cycle
Summary
Reference
Chapter 12. Layer 7: Contingency Planning
Chapter Objectives
Planning for the Worst
Summary
Reference
Chapter 13. Layer 8: IA Education, Training, and Awareness
Chapter Objectives
The Importance of IA Education, Training, and Awareness
Implementation of Organizational IA Education, Training, and Awareness
Summary
References
Chapter 14. Layer 9: IA Policy Compliance Oversight
Chapter Objective
The Necessity of IA Policy Compliance Oversight
The Implementers of IA Policy Compliance Oversight
Mechanisms of IA Policy Compliance Oversight
Summary
References
Chapter 15. Layer 10: IA Incident Response
Chapter Objectives
Reacting and Responding to IA Incidents
Summary
References
Chapter 16. Layer 11: IA Reporting
Chapter Objectives
The Definition of Formal IA Reporting
The Development of an IA Reporting Structure and Process
Summary
References
APPENDICES
Appendix A. Listing of IA Threats
Threat Category
Definitions
Reference
Appendix B. Listing of Threat Statuses
Appendix C. Listing of Major Sources of Vulnerability Information
General Sources of Vulnerability Information
Vendor-Specific Security Information
Vendor-Specific Security Patches
Appendix D. IA Policy Web Sites
Appendix E. IA Policy Basic Structure and Major Policy Subjects
Basic Structure
Major Policy Subjects
Appendix F. Sample IA Manager Appointment Letter
Appendix G. Sample Outline for IA Master Plan
Appendix H. Things to Do to Improve Organizational IA Posture
Life-Cycle Management
Password and Access Controls
System Auditing and Monitoring
Security Operations/Management
Configuration Management
Contingency Planning
Incident Response and Handling
Appendix I. Information Assurance Self-Inspection Checklist
Appendix J. Sample Outline for a Disaster Recovery Plan (DRP)
References
Appendix K. Sample Threat Response Matrix
About the Authors
People also search for Information Assurance Managing Organizational IT Security Risks 1st:
how to manage information in an organization
information assurance management
information assurance manager army
information assurance manager job description
You may also like…
