Strategic Information Security
The new emphasis on physical security resulting from the terrorist threat has forced many information security professionals to struggle to maintain their organization's focus on protecting information assets. In order to command attention, they need to emphasize the broader role of information...
Đã lưu trong:
| Tác giả chính: | |
|---|---|
| Định dạng: | Sách |
| Ngôn ngữ: | English |
| Được phát hành: |
CRC Press
2009
|
| Truy cập trực tuyến: | http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1325 |
| Các nhãn: |
Thêm thẻ
Không có thẻ, Là người đầu tiên thẻ bản ghi này!
|
| Thư viện lưu trữ: | Thư viện Trường Đại học Đà Lạt |
|---|
| id |
oai:scholar.dlu.edu.vn:DLU123456789-1325 |
|---|---|
| record_format |
dspace |
| institution |
Thư viện Trường Đại học Đà Lạt |
| collection |
Thư viện số |
| language |
English |
| description |
The new emphasis on physical security resulting from the terrorist threat has forced many information security professionals to struggle to maintain their organization's focus on protecting information assets. In order to command attention, they need to emphasize the broader role of information security in the strategy of their companies. Until now, however, most books about strategy and planning have focused on the production side of the business, rather than operations.
Strategic Information Security integrates the importance of sound security policy with the strategic goals of an organization. It provides IT professionals and management with insight into the issues surrounding the goals of protecting valuable information assets. This text reiterates that an effective information security program relies on more than policies or hardware and software, instead it hinges on having a mindset that security is a core part of the business and not just an afterthought.
Armed with the content contained in this book, security specialists can redirect the discussion of security towards the terms and concepts that management understands. This increases the likelihood of obtaining the funding and managerial support that is needed to build and maintain airtight security programs. |
| format |
Book |
| author |
Wylder, John |
| spellingShingle |
Wylder, John Strategic Information Security |
| author_facet |
Wylder, John |
| author_sort |
Wylder, John |
| title |
Strategic Information Security |
| title_short |
Strategic Information Security |
| title_full |
Strategic Information Security |
| title_fullStr |
Strategic Information Security |
| title_full_unstemmed |
Strategic Information Security |
| title_sort |
strategic information security |
| publisher |
CRC Press |
| publishDate |
2009 |
| url |
http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1325 |
| _version_ |
1757655758489518080 |
| spelling |
oai:scholar.dlu.edu.vn:DLU123456789-13252009-11-27T08:12:47Z Strategic Information Security Wylder, John The new emphasis on physical security resulting from the terrorist threat has forced many information security professionals to struggle to maintain their organization's focus on protecting information assets. In order to command attention, they need to emphasize the broader role of information security in the strategy of their companies. Until now, however, most books about strategy and planning have focused on the production side of the business, rather than operations. Strategic Information Security integrates the importance of sound security policy with the strategic goals of an organization. It provides IT professionals and management with insight into the issues surrounding the goals of protecting valuable information assets. This text reiterates that an effective information security program relies on more than policies or hardware and software, instead it hinges on having a mindset that security is a core part of the business and not just an afterthought. Armed with the content contained in this book, security specialists can redirect the discussion of security towards the terms and concepts that management understands. This increases the likelihood of obtaining the funding and managerial support that is needed to build and maintain airtight security programs. Introduction to Strategic Information Security * What Does It Mean to Be Strategic? * Information Security Defined * The Security Professional's View of Information Security * The Business View of Information Security * Changes Affecting Business and Risk Management * Strategic Security * Strategic Security or Security Strategy? * Monitoring and Measurement * Moving Forward ORGANIZATIONAL ISSUES The Life Cycles of Security Managers * Introduction * The Information Security Manager's Responsibilities * The Evolution of Data Security to Information Security * The Repository Concept * Changing Job Requirements * Business Life Cycles and the Evolution of an Information * Security Program * The Introductory Phase * The Early Growth Phase * The Rapid Growth Phase * The Maturity Phase * Skill Changes over Time * Conclusion Chief Security Officer or Chief Information Security Officer * Introduction * Organizational Issues * Justifying the Importance and Role of Security in Business * Risk Management Issues Affecting Organizational Models * Chief Information Security Officer (CISO) Role Defined * The Chief Security Officer (CSO) Role Defined * Organizational Models and Issues * Organization Structure and Reporting Models * Choosing the Right Organization Model RISK MANAGEMENT TOPICS Information Security and Risk Management * Introduction * The Information Technology View of Threats, Vulnerabilities, and Risks * Business View of Threats, Vulnerabilities, and Risks * The Economists' Approach to Understanding Risk * Total Risk * Technology Risk * Information Risk * Information Risk Formula * Protection Mechanisms and Risk Reduction * Matching Protection Mechanisms to Risks * The Risk Protection Matrix * Conclusion Establishing Information Ownership * Centralized Information Security * Local Administrators vs. Information Owners * Transferring Ownership * Operations Orientation of Information Ownership * Information Ownership in Larger Organizations * Information as an Asset * Decentralized vs. Centralized Information Security Controls * Ownership and Information Flow * Information Ownership Hierarchy * Functional Owners of Information * Income Statement Information Owners * Information Value * Statement of Condition Information Owners * Conclusion The Network as the Enterprise Database * Introduction * A Historical View of Data and Data Management * Management Information Systems (MIS) * Executive Information Systems (EIS) * The Evolving Network * The Network as the Database * Conclusion Risk Reduction Strategies * Introduction * Information Technology Risks * Evaluating the Alternatives Improving Security from the Bottom Up: Moving Toward a New Way of Enforcing Security Policy * Encouraging Personal Accountability for Corporate Information * Security Policy * Background * The Problem * The Role of the Chief Information Security Officer (CISO) in * Improving Security * Centralized Management vs. Decentralized Management * Security Policy and Enforcement Alternatives * Policy Compliance and the Human Resources Department * Personal Accountability * Conclusion Authentication Models and Strategies * Introduction to Authentication * Authentication Defined * Authentication Choices * Public Key Infrastructure * Administration and Authentication: Management Issues * Identity Theft * Risks and Threats Associated with Authentication Schemes * Other Strategic Issues Regarding Authentication Systems * Conclusion INFORMATION SECURITY PRINCIPLES AND PRACTICES Single Sign-On Security * Overview * The Authentication Dilemma * The Many Definitions of Single Sign-On * Risks Associated with Single Sign-On * Single Sign-On Alternative: A More In-Depth Review * User Provisioning * Authentication and Single Sign-On Crisis Management: A Strategic Viewpoint * Introduction * Crisis Defined * Benefits from a Formal Crisis Management Process * Escalation and Notification * Organizational Issues and Structures for Dealing with Crisis Management * Strategies for Managing through a Crisis * Creating a Formalized Response for Crisis Management * Conclusion Business Continuity Planning * Introduction * Types of Outages and Disasters Outages * Planning for a Disaster * Roles and Responsibilities * Plan Alternatives and Decision Criteria * Risk Mitigation vs. Risk Elimination * Preparation: Writing the Plan * Testing and Auditing the Plan * Issues for Executive Management * Conclusion Security Monitoring: Advanced Security Management * Introduction * Monitoring vs. Auditing * Activity Monitoring and Audit Trails * How Security Information Management Systems Work * Other Security Information Monitoring Sources * Privacy and Security Monitoring * Reactions to Security Monitoring Information * Problems with Security Monitoring * Senior Management Issues and Security Monitoring Auditing and Testing a Strategic Control Process * Introduction: The Role of Auditing and Testing * Auditing and Security Management * Security Audits * Information Protection * Audit Logs and Audit Trails * Security Testing and Analysis * Application Controls and Strategic Security Goals * Reporting of Security Problems and the Role of the Auditor * Auditing, Testing, and Strategic Security Outsourcing Security: Strategic Management Issues * Information Security Operations and Security Management * Management Issues Regarding the Outsourcing Decision * Outsourced Security Alternatives * Return on Investment (ROI) with Outsourced Services * Contract Issues for Security Outsourcing * Integration of Outsourcing with Internal Operational * Functions * Risks Associated with Outsourcing Security Functions * Business Continuity Planning and Security Outsourcing * Strategic Management Issues with Outsourced Security Final Thoughts on Strategic Security * Executive Management and Security Management * The Future of Information Security and the Challenges Ahead Appendix Helpful Internet Resources 2009-11-27T08:12:47Z 2009-11-27T08:12:47Z 2003 Book http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1325 en application/octet-stream CRC Press |