Information Assurance

Managing Organizational IT Security Risks

By: Joseph Boyce, Daniel Jennings

Write A Review

Paperback | 1 June 2002

At a Glance

Paperback
288 Pages

Dimensions(cm)
25.4 x 17.78 x 1.91

Paperback

$206.99

or 4 interest-free payments of $51.75 with

Ships in 10 to 15 business days

Written by two INFOSEC experts, this book provides a systematic and practical approach for establishing, managing and operating a comprehensive Information Assurance program. It is designed to provide ISSO managers, security managers, and INFOSEC professionals with an understanding of the essential issues required to develop and apply a targeted information security posture to both public and private corporations and government run agencies.

There is a growing concern among all corporations and within the security industry to come up with new approaches to measure an organization's information security risks and posture. Information Assurance explains and defines the theories and processes that will help a company protect its proprietary information including:

* The need to assess the current level of risk.
* The need to determine what can impact the risk.
* The need to determine how risk can be reduced.

The authors lay out a detailed strategy for defining information security, establishing IA goals, providing training for security awareness, and conducting airtight incident response to system compromise. Such topics as defense in depth, configuration management, IA legal issues, and the importance of establishing an IT baseline are covered in-depth from an organizational and managerial decision-making perspective.

Experience-based theory provided in a logical and comprehensive manner.
Management focused coverage includes establishing an IT security posture, implementing organizational awareness and training, and understanding the dynamics of new technologies.
Numerous real-world examples provide a baseline for assessment and comparison.

Industry Reviews

Information security experts with the Department of Defense, authors Joseph Boyce and Dan Jennings outline the steps needed to develop an information assurance plan to protect an organization' knowledge and information. Though the authors' backgrounds are in government, the book is as applicable to protecting the proprietary corporate information as it is to safeguarding classified government data. Perhaps the best resource in the book is the wealth of references cited, leading the reader to a trove of additional information. It is a high-level overview of the necessary elements of an effective information-assurance plan and strategy, written in such a way that it can be used to explain the fundamentals to management. - Security Management

Shipping

	Standard Shipping	Express Shipping
Metro postcodes:	$9.99	$14.95
Regional postcodes:	$9.99	$14.95
Rural postcodes:	$9.99	$14.95

Orders over $79.00 qualify for free shipping.

How to return your order

At Booktopia, we offer hassle-free returns in accordance with our returns policy. If you wish to return an item, please get in touch with Booktopia Customer Care.

Additional postage charges may be applicable.

Defective items

If there is a problem with any of the items received for your order then the Booktopia Customer Care team is ready to assist you.

For more info please visit our Help Centre.

You Can Find This Book In

Non-Fiction Computing & I.T.Computer Networking & Communications Network Security Computer Security Privacy & Data Protection Data Encryption Business & Management Business Mathematics & Systems Computer Science Business Strategy

Foreword	p. xi
Preface	p. xv
Acknowledgments	p. xxi
The Organizational IA Program: The Practical and Conceptual Foundation	p. 1
IA and the Organization: The Challenges	p. 3
Chapter Objectives	p. 3
The Meaning and Significance of IA	p. 3
The Rights of Organizations	p. 3
The Contribution of Information and Information Technology (IT) to Achieving the Rights of Organizations	p. 5
The Emergence of New Challenges	p. 6
Summary	p. 11
References	p. 11
Basic Security Concepts, Principles, and Strategy	p. 13
Chapter Objectives	p. 13
Basic Security Concepts and Principles	p. 13
Basic Security Strategy	p. 30
Summary	p. 35
References	p. 35
Defining the Organization's Current IA Posture	p. 37
Determining the Organization's IA Baseline	p. 39
Chapter Objectives	p. 39
Information Assurance Elements	p. 39
Summary	p. 52
References	p. 52
Determining IT Security Priorities	p. 53
Chapter Objectives	p. 53
Identifying Your Security Protection Priorities	p. 53
Measuring the Accomplishment of Organizational IA Needs	p. 64
Summary	p. 65
References	p. 65
The Organization's IA Posture	p. 67
Chapter Objectives	p. 67
Introduction	p. 67
The Process for Determining Organizational IA Posture	p. 70
Summary	p. 82
References	p. 83
Establishing and Managing an IA Defense in Depth Strategy Within an Organization	p. 85
Layer 1: IA Policies	p. 87
Chapter Objectives	p. 87
The Concept of Policy	p. 87
The Intent and Significance of IA Policies	p. 88
The Mechanics of Developing, Communicating, and Enforcing IA Policies	p. 90
Summary	p. 93
References	p. 93
Layer 2: IA Management	p. 95
Chapter Objectives	p. 95
Establishing an IA Management Program	p. 95
Managing IA	p. 107
Summary	p. 110
References	p. 110
Layer 3: IA Architecture	p. 113
Chapter Objectives	p. 113
The Objectives of the IA Architecture	p. 113
Knowledge Required to Design the IA Architecture	p. 114
The Design of the Organization's IA Architecture	p. 125
Allocation of Security Services and Security Mechanisms	p. 136
The Implementation of the Organization's IA Architecture	p. 142
Summary	p. 143
References	p. 143
Layer 4: Operational Security Administration	p. 145
Chapter Objectives	p. 145
Administering Information Systems Security	p. 145
Summary	p. 151
References	p. 152
Layer 5: Configuration Management	p. 153
Chapter Objectives	p. 153
The Necessity of Managing Changes to the IA Baseline	p. 153
Configuration Management: An Approach for Managing IA Baseline Changes	p. 154
Summary	p. 161
References	p. 162
Layer 6: Life-Cycle Security	p. 163
Chapter Objectives	p. 163
Security Throughout the System Life Cycle	p. 163
Summary	p. 170
Reference	p. 170
Layer 7: Contingency Planning	p. 171
Chapter Objectives	p. 171
Planning for the Worst	p. 171
Summary	p. 174
Reference	p. 174
Layer 8: IA Education, Training, and Awareness	p. 175
Chapter Objectives	p. 175
The Importance of IA Education, Training, and Awareness	p. 175
Implementation of Organizational IA Education, Training, and Awareness	p. 176
Summary	p. 179
References	p. 179
Layer 9: IA Policy Compliance Oversight	p. 181
Chapter Objective	p. 181
The Necessity of IA Policy Compliance Oversight	p. 181
The Implementers of IA Policy Compliance Oversight	p. 181
Mechanisms of IA Policy Compliance Oversight	p. 182
Summary	p. 187
References	p. 188
Layer 10: IA Incident Response	p. 189
Chapter Objectives	p. 189
Reacting and Responding to IA Incidents	p. 189
Summary	p. 195
References	p. 196
Layer 11: IA Reporting	p. 197
Chapter Objectives	p. 197
The Definition of Formal IA Reporting	p. 197
The Development of an IA Reporting Structure and Process	p. 197
Summary	p. 200
References	p. 200
Appendices	p. 201
Listing of IA Threats	p. 203
Threat Category	p. 203
Definitions	p. 207
Reference	p. 208
Listing of Threat Statuses	p. 209
Listing of Major Sources of Vulnerability Information	p. 211
General Sources of Vulnerability Information	p. 211
Vendor-Specific Security Information	p. 211
Vendor-Specific Security Patches	p. 212
IA Policy Web Sites	p. 213
IA Policy Basic Structure and Major Policy Subjects	p. 215
Basic Structure	p. 215
Major Policy Subjects	p. 215
Sample IA Manager Appointment Letter	p. 221
Sample Outline for IA Master Plan	p. 223
Things to Do to Improve Organizational IA Posture	p. 225
Life-Cycle Management	p. 225
Password and Access Controls	p. 225
System Auditing and Monitoring	p. 226
Security Operations/Management	p. 226
Configuration Management	p. 227
Contingency Planning	p. 227
Incident Response and Handling	p. 227
Information Assurance Self-Inspection Checklist	p. 229
Sample Outline for a Disaster Recovery Plan (DRP)	p. 251
References	p. 252
Sample Threat Response Matrix	p. 253
About the Authors	p. 255
Index	p. 257
Table of Contents provided by Syndetics. All Rights Reserved.

Information Assurance

Managing Organizational IT Security Risks

At a Glance

Paperback

Industry Reviews

Shipping

How to return your order

Defective items

You Can Find This Book In

More in Business Strategy

Playing to Win, Expanded with Bonus HBR Articles

How Strategy Really Works

Principles

Life and Work

Xero For Dummies

5th edition

Shoe Dog

A Memoir by the Creator of NIKE

The Culture Code

The Secrets of Highly Successful Groups

Good Strategy/Bad Strategy

The difference and why it matters

Ego is the Enemy

The Fight to Master Our Greatest Opponent

The Art of Gathering

How We Meet and Why It Matters

The Infinite Game

From the bestselling author of Start With Why

Start With Why

How Great Leaders Inspire Everyone to Take Action

The 10X Rule

The Only Difference Between Success and Failure

Measure What Matters

The Simple Idea that Drives 10x Growth

What Philosophy Can Teach You About Being a Better Leader

Traction

Get a Grip on Your Business

How to Build a Billion-Dollar Business

On Purpose. For Profit. With Passion.

Good to Great

Why Some Companies Make the Leap... And Others Don't

Zero to One

Notes on Start Ups, or How to Build the Future

Raising Brows

My Story of Building a Billion-Dollar Beauty Empire

The Happy Index

A People-First Approach to Leadership

The AI-Driven Leader

Harnessing AI to Make Faster, Smarter Decisions

How Big Things Get Done

The Surprising Factors Behind Every Successful Project, from Home Renovations to Space Exploration

Black Box Thinking

Growth Mindset and the Secrets of High Performance

Blue Ocean Strategy, Expanded Edition

How to Create Uncontested Market Space and Make the Competition Irrelevant

The Obstacle is the Way

The Ancient Art of Turning Adversity to Advantage

This product is categorised by