+612 9045 4394
 
CHECKOUT
A Practical Guide to Managing Information Security : Artech House Technology Management Library - Steve Purser

A Practical Guide to Managing Information Security

Artech House Technology Management Library

Hardcover

Published: 31st March 2004
Ships: 7 to 10 business days
7 to 10 business days
RRP $262.99
$181.75
31%
OFF
or 4 easy payments of $45.44 with Learn more

This groundbreaking book helps you master the management of information security, concentrating on the proactive recognition and resolution of the practical issues of developing and implementing IT security for the enterprise. Drawing upon the authors' wealth of valuable experience in high-risk commercial environments, the work focuses on the need to align the information security process as a whole with the requirements of the modern enterprise, which involves empowering business managers to manage information security-related risk. Throughout, the book places emphasis on the use of simple, pragmatic risk management as a tool for decision-making. The first book to cover the strategic issues of IT security, it helps you to: understand the difference between more theoretical treatments of information security and operational reality; learn how information security risk can be measured and subsequently managed; define and execute an information security strategy design and implement a security architecture; and ensure that limited resources are used optimally.

Prefacep. xiii
Acknowledgmentsp. xvii
The need for a proactive approachp. 1
Introductionp. 1
The reality of the modern enterprisep. 3
Evolution of organizational structuresp. 4
Evolution of technical infrastructurep. 5
Limitations of policy-driven decision makingp. 7
Education and awarenessp. 9
Management awarenessp. 9
The technology trapp. 10
Awareness of end usersp. 10
Operational issuesp. 11
Complexityp. 11
Scalabilityp. 13
New challengesp. 14
Trustp. 14
Privacyp. 16
Introducing The (not so) Secure Bankp. 17
Summaryp. 19
Referencesp. 20
Management techniquesp. 23
Knowledge and experiencep. 23
Information relating to security incidents and vulnerabilitiesp. 25
Risk analysis and risk managementp. 27
Strategy and planningp. 30
Policy and standardsp. 32
Processes and proceduresp. 34
Methodologies and frameworksp. 36
Awareness and trainingp. 38
Auditsp. 40
Contractsp. 41
Outsourcingp. 42
Summaryp. 43
Referencesp. 44
Technical toolsp. 47
Overviewp. 47
Classification of security toolsp. 48
Host-oriented toolsp. 49
Security layersp. 49
The native operating system security subsystemp. 50
Authentication and authorizationp. 51
System integrityp. 52
System access controlp. 56
System security monitoringp. 58
Data confidentiality and integrityp. 60
Network-oriented toolsp. 62
Network authentication and authorizationp. 62
Network integrityp. 65
Network access controlp. 68
Network security monitoringp. 71
Data confidentiality and integrityp. 72
Supporting infrastructurep. 74
PKIp. 74
Smart cards and cryptographic modulesp. 76
Authentication devicesp. 79
Summaryp. 80
Referencesp. 81
A proactive approach: Overviewp. 85
Introductionp. 85
The consolidation period and strategic-planning cyclesp. 86
Deciding on a personal strategyp. 87
The consolidation periodp. 89
Planningp. 89
Establishing contact with stakeholdersp. 90
Identifying major issuesp. 91
Classifying issuesp. 92
Implementing short-term solutionsp. 95
Identifying quick winsp. 98
Implementing initial management-control mechanismsp. 99
The strategic-planning cyclep. 100
Overviewp. 100
Definition of a strategyp. 101
Production of a strategic planp. 102
Execution of the strategic planp. 102
Monitoring for further improvementp. 104
The core deliverablesp. 105
Summaryp. 106
Referencesp. 107
The information-security strategyp. 109
The need for a strategyp. 109
Planningp. 110
Analysis of the current situationp. 111
Identification of business strategy requirementsp. 114
Identification of legal and regulatory requirementsp. 117
Identification of requirements due to external trendsp. 119
Definition of the target situationp. 122
Definition and prioritization of strategic initiativesp. 123
Distribution of the draft strategyp. 126
Agreement and publication of final strategyp. 127
Summaryp. 128
Referencesp. 129
Policy and standardsp. 131
Some introductory remarks on documentationp. 131
Designing the documentation setp. 132
Policyp. 135
The purpose of policy statementsp. 135
Identifying required policy statementsp. 136
Design and implementationp. 137
The Secure Bank--Policy statementsp. 139
Establishing a control frameworkp. 140
Standardsp. 143
Types of standardsp. 143
External standardsp. 144
Internal standardsp. 147
Agreement and distribution of standardsp. 148
Guidelines and working papersp. 150
Summaryp. 150
Referencesp. 151
Process design and implementationp. 155
Requirements for stable processesp. 155
Why processes fail to deliverp. 156
Productivity issuesp. 156
Adaptability issuesp. 157
Acceptance issuesp. 158
Process improvementp. 159
Methods for process improvementp. 159
Improving productivityp. 161
Improving adaptabilityp. 165
Improving acceptancep. 166
The Secure Bank: Improving the authorization and access-control procedurep. 168
Planningp. 168
The current processp. 168
Identifying the target situationp. 171
Planning incremental improvementsp. 172
Implementing improvementsp. 174
Continuous improvementp. 176
Summaryp. 177
Referencesp. 178
Building an IT security architecturep. 181
Evolution of enterprise IT infrastructurep. 181
Problems associated with system-focused approachesp. 182
A three-phased approachp. 184
The design phasep. 185
Planningp. 185
Agreeing on basic design principlesp. 186
Modeling the IT infrastructurep. 187
Risk analysisp. 192
Identifying logical componentsp. 194
Obtaining signoff of the conceptp. 198
The implementation phasep. 198
Planning considerationsp. 198
Production of a phased implementation planp. 200
Preparing proposalsp. 202
Selection of commercial packagesp. 203
Testing and integrationp. 205
SLAs and support contractsp. 206
Technical trainingp. 208
Administration and maintenance phasep. 208
Routine administration and maintenancep. 209
Managing vulnerabilitiesp. 209
Managing incidentsp. 210
Managing risk using risk indicatorsp. 212
Summaryp. 213
Referencesp. 213
Creating a security-minded culturep. 215
Introductionp. 215
Techniques for introducing cultural changep. 217
Internal marketing and salesp. 219
Support and feedbackp. 221
Security-awareness trainingp. 222
The security-awareness programp. 222
Planning considerationsp. 223
Defining the objectivesp. 224
Identifying the audiencep. 224
Identifying the messagep. 227
Developing the materialp. 228
Defining tracking and follow-up proceduresp. 231
Delivering the pilot phasep. 231
Security skills trainingp. 232
General remarksp. 232
The information-security teamp. 233
Other staffp. 236
Involvement initiativesp. 237
Summaryp. 238
Referencesp. 239
Fast risk analysisp. 241
Introductionp. 241
The methodp. 241
A worked examplep. 243
Commentsp. 243
About the authorp. 249
Indexp. 251
Table of Contents provided by Ingram. All Rights Reserved.

ISBN: 9781580537025
ISBN-10: 1580537022
Series: Artech House Technology Management Library
Audience: Tertiary; University or College
Format: Hardcover
Language: English
Number Of Pages: 284
Published: 31st March 2004
Publisher: Artech House Publishers
Country of Publication: US
Dimensions (cm): 25.4 x 17.8  x 1.7
Weight (kg): 0.71