Information Security Cost Management
While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner. Information Security Cost Management offers a pragmatic approach to implementing inf...
Đã lưu trong:
| Những tác giả chính: | , |
|---|---|
| Định dạng: | Sách |
| Ngôn ngữ: | English |
| Được phát hành: |
CRC Press
2009
|
| Truy cập trực tuyến: | http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1593 |
| Các nhãn: |
Thêm thẻ
Không có thẻ, Là người đầu tiên thẻ bản ghi này!
|
| Thư viện lưu trữ: | Thư viện Trường Đại học Đà Lạt |
|---|
| id |
oai:scholar.dlu.edu.vn:DLU123456789-1593 |
|---|---|
| record_format |
dspace |
| institution |
Thư viện Trường Đại học Đà Lạt |
| collection |
Thư viện số |
| language |
English |
| description |
While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.
Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available.
Organized into five sections, the book-
· Focuses on setting the right road map so that you can be most effective in your information security implementations
· Discusses cost-effective staffing, the single biggest expense to the security organization
· Presents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectively
· Identifies high-risk areas, focusing limited resources on the most imminent and severe threats
· Describes how to manage the key access controls when faced with manual user management, how to automate user management tasks in a cost effective manner, and how to deal with security breaches
Demonstrating strategies to maximize a limited security budget without compromising the quality of risk management initiatives, Information Security Cost Management helps you save your organization time and money. It provides the tools required to implement policies, processes, and training that are crucial to the success of a company's security. |
| format |
Book |
| author |
Bazavan, Ioana Lim, Ian |
| spellingShingle |
Bazavan, Ioana Lim, Ian Information Security Cost Management |
| author_facet |
Bazavan, Ioana Lim, Ian |
| author_sort |
Bazavan, Ioana |
| title |
Information Security Cost Management |
| title_short |
Information Security Cost Management |
| title_full |
Information Security Cost Management |
| title_fullStr |
Information Security Cost Management |
| title_full_unstemmed |
Information Security Cost Management |
| title_sort |
information security cost management |
| publisher |
CRC Press |
| publishDate |
2009 |
| url |
http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1593 |
| _version_ |
1757678320977182720 |
| spelling |
oai:scholar.dlu.edu.vn:DLU123456789-15932009-12-04T02:15:19Z Information Security Cost Management Bazavan, Ioana Lim, Ian While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner. Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available. Organized into five sections, the book- · Focuses on setting the right road map so that you can be most effective in your information security implementations · Discusses cost-effective staffing, the single biggest expense to the security organization · Presents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectively · Identifies high-risk areas, focusing limited resources on the most imminent and severe threats · Describes how to manage the key access controls when faced with manual user management, how to automate user management tasks in a cost effective manner, and how to deal with security breaches Demonstrating strategies to maximize a limited security budget without compromising the quality of risk management initiatives, Information Security Cost Management helps you save your organization time and money. It provides the tools required to implement policies, processes, and training that are crucial to the success of a company's security. SECTION 1: SECURITY STRATEGY-THINKING PRACTICALLY Goals and Filters You Cannot Secure Everything. What Is Information Security? The Three Pragmatic Filters. Filter One: Focus on High-Risk Areas. Eye on the Ball. References Building Your Strategy Creating a Risk-Based Security Strategy. Creating and Showing Value High-Impact Initiatives. Taking the Next Steps. Reference SECTION 2: SECURITY ORGANIZATION DESIGN- COST-EFFECTIVE STAFFING The Right People for the Right Jobs Introduction. The Essentials of a Security Organization. Security Functions. Security Roles. Start at the Top-CISO. Supporting the CISO-Security Management. Technical Heavyweights-Security Architect and Security Engineers. Process Excellence-Security Analysts and Security Specialists. Operational Maturity-the Key to Successful Security. Looking at the Bigger Picture-Positioning Information Security. What about Physical Security? Sourcing Solutions Reducing Costs for Routine Tasks. Insourcing versus Outsourcing. Onshoring versus Offshoring. Common Considerations SECTION 3: SECURITY MANAGEMENT-EFFECTIVELY ENFORCING YOUR STRATEGY Policies, Standards, and Procedures Introduction. Terminology Primer. Organizational Tips. Managing Exceptions. A Question of Authority Training and Awareness Introduction. Determine Your Key Messages and Target Audiences. Create an Awareness Road Map. Keep it Creative, Simple, and Loud Maximize Channels of Communication. Use Positive Reinforcement Be Opportunistic. Make Awareness Everyone's Responsibility Cost-Effective Audit Management Introduction. Step 1-Set Expectations. Step 2-Prepare Your Workspace. Step 3-Document, Document, Document. Winning "Comfort" Points Reporting Your Value Introduction. How to Make Reports Relevant. How to Make Reports Consistent. How to Make Reports Comprehensible SECTION 4: SECURITY TECHNOLOGIES-ESTABLISHING A SOUND FOUNDATION Risk Assessment Introduction: The Truth about Risk Assessments. Strategy for Conducting Annual Internal. Risk Assessments. Tactical Perspective for Security Assessment. Remediation Strategy Security Design Review Introduction. The Analysis Phase. The Requirements Phase. Define Information Protection Requirements. The Design Phase. The Build and Test Phases. The Deployment Phase. The Postproduction Phase. Exploit Protection What Is Exploit Protection? Security Incidents and the Business. Loss of Information Assets. Disruptions to the Business. Anatomy of Security Threats. Outsider Threat. Insider Threats. Automated Attacks. Cost Management and Exploit ProtectionExploit Protection and Security Operations. References SECTION 5: SECURITY OPERATIONS-MAINTAINING SECURITY EFFICIENTLY Identity and Access Management Introduction. The Big Picture. Key Control Points. Implementation Problems and Pitfalls. Making User Management Operational in its Current State. Getting Off to the Right Start-Approvals. Keeping it Clean-Terminations. Managing the User's Life Cycle-Transfers. Mitigating Control-User Recertification. Monitor Solutions. What about Nonuser Accounts? Summary Cost-Effective Incident Response Introduction. The Price of Not Planning. Start with Objectives. Assembling the CSIRT. The Big Picture. The Frontline. Initial Response Team (IRT)-the Primary Experts. Executive Incident Team (EIT)-the Decision Makers. Responders-the Recovery Experts. Investigators-the Root Cause Analysts. Postmortem of an Incident. Recap of the Incident Response Process. 2009-12-04T02:15:19Z 2009-12-04T02:15:19Z 2006 Book http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1593 en application/rar CRC Press |