25% Off Pre-Order Books with Code: PREORDER25 for Premium & Reward Members Shop Now

A Practical Guide To Managing Information Security / Edition 1

Add to Wishlist

ISBN-10:: 1580537022
ISBN-13:: 9781580537025
Pub. Date:: 03/31/2004
Publisher:: Artech House, Incorporated

ISBN-10:: 1580537022
ISBN-13:: 9781580537025
Pub. Date:: 03/31/2004
Publisher:: Artech House, Incorporated

A Practical Guide To Managing Information Security / Edition 1

Hardcover

$102.0

$102.00

SHIP THIS ITEM
Qualifies for Free Shipping
PICK UP IN STORE
Check Availability at Nearby Stores

Available within 2 business hours

SHIP THIS ITEM

Temporarily Out of Stock Online

Please check back later for updated availability.

Overview

Using a fictitious case study, Purser (director of ICSD Cross Border Security Design and Administration, Clearstream Services) outlines the design and management of information security programs within large organizations, emphasizing the importance of the decision making process. After introducing the key management techniques and technical tools of information security management, chapters explore the development of the corporate strategy, security policy and standards, a stable information security process, and the security architecture. A final chapter considers the topic of increasing user awareness of security issues through training and education initiatives. Annotation ©2004 Book News, Inc., Portland, OR

Product Details
Table of Contents

Product Details

ISBN-13:	9781580537025
Publisher:	Artech House, Incorporated
Publication date:	03/31/2004
Series:	Artech House Technology Management Library
Edition description:	New Edition
Pages:	284
Product dimensions:	7.00(w) x 10.00(h) x 0.69(d)

	Preface	xiii
	Acknowledgments	xvii
1	The need for a proactive approach	1
1.1	Introduction	1
1.2	The reality of the modern enterprise	3
1.3	Evolution of organizational structures	4
1.4	Evolution of technical infrastructure	5
1.5	Limitations of policy-driven decision making	7
1.6	Education and awareness	9
1.6.1	Management awareness	9
1.6.2	The technology trap	10
1.6.3	Awareness of end users	10
1.7	Operational issues	11
1.7.1	Complexity	11
1.7.2	Scalability	13
1.8	New challenges	14
1.8.1	Trust	14
1.8.2	Privacy	16
1.9	Introducing The (not so) Secure Bank	17
1.10	Summary	19
	References	20
2	Management techniques	23
2.1	Knowledge and experience	23
2.2	Information relating to security incidents and vulnerabilities	25
2.3	Risk analysis and risk management	27
2.4	Strategy and planning	30
2.5	Policy and standards	32
2.6	Processes and procedures	34
2.7	Methodologies and frameworks	36
2.8	Awareness and training	38
2.9	Audits	40
2.10	Contracts	41
2.11	Outsourcing	42
2.12	Summary	43
	References	44
3	Technical tools	47
3.1	Overview	47
3.2	Classification of security tools	48
3.3	Host-oriented tools	49
3.3.1	Security layers	49
3.3.2	The native operating system security subsystem	50
3.3.3	Authentication and authorization	51
3.3.4	System integrity	52
3.3.5	System access control	56
3.3.6	System security monitoring	58
3.3.7	Data confidentiality and integrity	60
3.4	Network-oriented tools	62
3.4.1	Network authentication and authorization	62
3.4.2	Network integrity	65
3.4.3	Network access control	68
3.4.4	Network security monitoring	71
3.4.5	Data confidentiality and integrity	72
3.5	Supporting infrastructure	74
3.5.1	PKI	74
3.5.2	Smart cards and cryptographic modules	76
3.5.3	Authentication devices	79
3.6	Summary	80
	References	81
4	A proactive approach: Overview	85
4.1	Introduction	85
4.2	The consolidation period and strategic-planning cycles	86
4.3	Deciding on a personal strategy	87
4.4	The consolidation period	89
4.4.1	Planning	89
4.4.2	Establishing contact with stakeholders	90
4.4.3	Identifying major issues	91
4.4.4	Classifying issues	92
4.4.5	Implementing short-term solutions	95
4.4.6	Identifying quick wins	98
4.4.7	Implementing initial management-control mechanisms	99
4.5	The strategic-planning cycle	100
4.5.1	Overview	100
4.5.2	Definition of a strategy	101
4.5.3	Production of a strategic plan	102
4.5.4	Execution of the strategic plan	102
4.5.5	Monitoring for further improvement	104
4.6	The core deliverables	105
4.7	Summary	106
	References	107
5	The information-security strategy	109
5.1	The need for a strategy	109
5.2	Planning	110
5.3	Analysis of the current situation	111
5.4	Identification of business strategy requirements	114
5.5	Identification of legal and regulatory requirements	117
5.6	Identification of requirements due to external trends	119
5.7	Definition of the target situation	122
5.8	Definition and prioritization of strategic initiatives	123
5.9	Distribution of the draft strategy	126
5.10	Agreement and publication of final strategy	127
5.11	Summary	128
	References	129
6	Policy and standards	131
6.1	Some introductory remarks on documentation	131
6.2	Designing the documentation set	132
6.3	Policy	135
6.3.1	The purpose of policy statements	135
6.3.2	Identifying required policy statements	136
6.3.3	Design and implementation	137
6.3.4	The Secure Bank--Policy statements	139
6.4	Establishing a control framework	140
6.5	Standards	143
6.5.1	Types of standards	143
6.5.2	External standards	144
6.5.3	Internal standards	147
6.5.4	Agreement and distribution of standards	148
6.6	Guidelines and working papers	150
6.7	Summary	150
	References	151
7	Process design and implementation	155
7.1	Requirements for stable processes	155
7.2	Why processes fail to deliver	156
7.2.1	Productivity issues	156
7.2.2	Adaptability issues	157
7.2.3	Acceptance issues	158
7.3	Process improvement	159
7.3.1	Methods for process improvement	159
7.3.2	Improving productivity	161
7.3.3	Improving adaptability	165
7.3.4	Improving acceptance	166
7.4	The Secure Bank: Improving the authorization and access-control procedure	168
7.4.1	Planning	168
7.4.2	The current process	168
7.4.3	Identifying the target situation	171
7.4.4	Planning incremental improvements	172
7.4.5	Implementing improvements	174
7.5	Continuous improvement	176
7.6	Summary	177
	References	178
8	Building an IT security architecture	181
8.1	Evolution of enterprise IT infrastructure	181
8.2	Problems associated with system-focused approaches	182
8.3	A three-phased approach	184
8.4	The design phase	185
8.4.1	Planning	185
8.4.2	Agreeing on basic design principles	186
8.4.3	Modeling the IT infrastructure	187
8.4.4	Risk analysis	192
8.4.5	Identifying logical components	194
8.4.6	Obtaining signoff of the concept	198
8.5	The implementation phase	198
8.5.1	Planning considerations	198
8.5.2	Production of a phased implementation plan	200
8.5.3	Preparing proposals	202
8.5.4	Selection of commercial packages	203
8.5.5	Testing and integration	205
8.5.6	SLAs and support contracts	206
8.5.7	Technical training	208
8.6	Administration and maintenance phase	208
8.6.1	Routine administration and maintenance	209
8.6.2	Managing vulnerabilities	209
8.6.3	Managing incidents	210
8.6.4	Managing risk using risk indicators	212
8.7	Summary	213
	References	213
9	Creating a security-minded culture	215
9.1	Introduction	215
9.2	Techniques for introducing cultural change	217
9.3	Internal marketing and sales	219
9.4	Support and feedback	221
9.5	Security-awareness training	222
9.5.1	The security-awareness program	222
9.5.2	Planning considerations	223
9.5.3	Defining the objectives	224
9.5.4	Identifying the audience	224
9.5.5	Identifying the message	227
9.5.6	Developing the material	228
9.5.7	Defining tracking and follow-up procedures	231
9.5.8	Delivering the pilot phase	231
9.6	Security skills training	232
9.6.1	General remarks	232
9.6.2	The information-security team	233
9.6.3	Other staff	236
9.7	Involvement initiatives	237
9.8	Summary	238
	References	239
Appendix	Fast risk analysis	241
A.1	Introduction	241
A.2	The method	241
A.3	A worked example	243
A.4	Comments	243
	About the author	249
	Index	251

From the B&N Reads Blog

Page 1 of

Temporarily Out of Stock Online

Overview

Product Details

Table of Contents

Related Subjects

Customer Reviews