- Table View
- List View
Information Security Cost Management
by Ian Lim Ioana V. BazavanWhile information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real
Information Security Education Across the Curriculum: 9th IFIP WG 11.8 World Conference, WISE 9, Hamburg, Germany, May 26-28, 2015, Proceedings (IFIP Advances in Information and Communication Technology #453)
by Matt Bishop Natalia Miloslavskaya Marianthi TheocharidouThis book constitutes the refereed proceedings of the 9th IFIP WG 11.8 World Conference on Security Education, WISE 9, held in Hamburg, Germany, in May 2015. The 11 revised papers presented together with 2 invited papers were carefully reviewed and selected from 20 submissions. They are organized in topical sections on innovative methods, software security education, tools and applications for teaching, and syllabus design.
Information Security Fundamentals
by Thomas R. PeltierDeveloping an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise's effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals w
Information Security Governance Simplified: From the Boardroom to the Keyboard
by Todd FitzgeraldSecurity practitioners must be able to build a cost-effective security program while at the same time meet the requirements of government regulations. This book lays out these regulations in simple terms and explains how to use the control frameworks to build an effective information security program and governance structure. It discusses how organizations can best ensure that the information is protected and examines all positions from the board of directors to the end user, delineating the role each plays in protecting the security of the organization.
Information Security Governance: Framework and Toolset for CISOs and Decision Makers
by Andrej VolchkovThis book presents a framework to model the main activities of information security management and governance. The same model can be used for any security sub-domain such as cybersecurity, data protection, access rights management, business continuity, etc.
Information Security Management Handbook, Volume 2
by Harold F. Tipton Micki KrauseA compilation of the fundamental knowledge, skills, techniques, and tools require by all security professionals, Information Security Handbook, Sixth Edition sets the standard on which all IT security programs and certifications are based. Considered the gold-standard reference of Information Security, Volume 2 includes coverage of each domain of t
Information Security Management Handbook, Volume 3 ((ISC)2 Press)
by Harold F. Tipton Micki KrauseEvery year, in response to new technologies and new laws in different countries and regions, there are changes to the fundamental knowledge, skills, techniques, and tools required by all IT security professionals. In step with the lightning-quick, increasingly fast pace of change in the technology field, the Information Security Management Handbook
Information Security Management Handbook, Volume 4
by Harold F. Tipton Micki KrauseEvery year, in response to advancements in technology and new laws in different countries and regions, there are many changes and updates to the body of knowledge required of IT security professionals. Updated annually to keep up with the increasingly fast pace of change in the field, the Information Security Management Handbook is the single most
Information Security Management Handbook, Volume 5
by Harold F. Tipton Micki Krause NozakiUpdated annually to keep up with the increasingly fast pace of change in the field, the Information Security Management Handbook is the single most comprehensive and up-to-date resource on information security (IS) and assurance. Facilitating the up-to-date understanding required of all IS professionals, the Information Security Management Handbook
Information Security Management Handbook, Volume 6
by Harold F. Tipton Cissp Micki Krause NozakiUpdated annually, the Information Security Management Handbook, Sixth Edition, Volume 6 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay
Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement
by CISM, W. BrotbySpectacular security failures continue to dominate the headlines despite huge increases in security budgets and ever-more draconian regulations. The 20/20 hindsight of audits is no longer an effective solution to security weaknesses, and the necessity for real-time strategic metrics has never been more critical. Information Security Management Metr
Information Security Management: Concepts and Practice
by Bel G. RaggadInformation security cannot be effectively managed unless secure methods and standards are integrated into all phases of the information security life cycle. And, although the international community has been aggressively engaged in developing security standards for network and information security worldwide, there are few textbooks available that
Information Security Planning: A Practical Approach
by Susan LinckeThis book demonstrates how information security requires a deep understanding of an organization's assets, threats and processes, combined with the technology that can best protect organizational security. It provides step-by-step guidance on how to analyze business processes from a security perspective, while also introducing security concepts and techniques to develop the requirements and design for security technologies. This interdisciplinary book is intended for business and technology audiences, at student or experienced levels.Organizations must first understand the particular threats that an organization may be prone to, including different types of security attacks, social engineering, and fraud incidents, as well as addressing applicable regulation and security standards. This international edition covers Payment Card Industry Data Security Standard (PCI DSS), American security regulation, and European GDPR. Developing a risk profile helps to estimate the potential costs that an organization may be prone to, including how much should be spent on security controls.Security planning then includes designing information security, as well as network and physical security, incident response and metrics. Business continuity considers how a business may respond to the loss of IT service. Optional areas that may be applicable include data privacy, cloud security, zero trust, secure software requirements and lifecycle, governance, introductory forensics, and ethics.This book targets professionals in business, IT, security, software development or risk. This text enables computer science, information technology, or business students to implement a case study for an industry of their choosing..
Information Security Policies and Procedures: A Practitioner's Reference, Second Edition
by Thomas R. PeltierInformation Security Policies and Procedures: A Practitioner‘s Reference, Second Edition illustrates how policies and procedures support the efficient running of an organization. This book is divided into two parts, an overview of security policies and procedures, and an information security reference guide. This volume points out how securi
Information Security Policies, Procedures, and Standards: A Practitioner's Reference
by Douglas J. LandollInformation Security Policies, Procedures, and Standards: A Practitioner's Reference gives you a blueprint on how to develop effective information security policies and procedures. It uses standards such as NIST 800-53, ISO 27001, and COBIT, and regulations such as HIPAA and PCI DSS as the foundation for the content. Highlighting key terminology, policy development concepts and methods, and suggested document structures, it includes examples, checklists, sample policies and procedures, guidelines, and a synopsis of the applicable standards. The author explains how and why procedures are developed and implemented rather than simply provide information and examples. This is an important distinction because no two organizations are exactly alike; therefore, no two sets of policies and procedures are going to be exactly alike. This approach provides the foundation and understanding you need to write effective policies, procedures, and standards clearly and concisely. Developing policies and procedures may seem to be an overwhelming task. However, by relying on the material presented in this book, adopting the policy development techniques, and examining the examples, the task will not seem so daunting. You can use the discussion material to help sell the concepts, which may be the most difficult aspect of the process. Once you have completed a policy or two, you will have the courage to take on even more tasks. Additionally, the skills you acquire will assist you in other areas of your professional and private life, such as expressing an idea clearly and concisely or creating a project plan.
Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management
by Thomas R. PeltierBy definition, information security exists to protect your organization's valuable information resources. But too often information security efforts are viewed as thwarting business objectives. An effective information security program preserves your information assets and helps you meet business objectives. Information Security Policies, Procedure
Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0
by Barry L. WilliamsAlthough compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control. Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will help readers elicit management opinions on information security and document the formal and informal procedures currently in place. Topics covered include:Entity-level policies and procedures, Access-control policies and procedures, Change control and change management, System information integrity and monitoring, System services acquisition and protection, Informational asset management, Continuity of operations. The book supplies you with the tools to use the full range of compliance standards as guides for writing policies that meet the security needs of your organization. Detailing a methodology to facilitate the elicitation process, it asks pointed questions to help you obtain the information needed to write relevant policies. More importantly, this methodology can help you identify the weaknesses and vulnerabilities that exist in your organization. A valuable resource for policy writers who must meet multiple compliance standards, this guidebook is also available in eBook format. The eBook version includes hyperlinks beside each statement that explain what the various standards say about each topic and provide time-saving guidance in determining what your policy should include.
Information Security Risk Analysis
by Thomas R. PeltierSuccessful security professionals have had to modify the process of responding to new threats in the high-profile, ultra-connected business environment. But just because a threat exists does not mean that your organization is at risk. This is what risk assessment is all about. Information Security Risk Analysis, Third Edition demonstrates how to id
Information Security and Employee Behaviour: How to Reduce Risk Through Employee Education, Training and Awareness
by Angus McIlwraithResearch suggests that between 60-75% of all information security incidents are the result of a lack of knowledge and/or understanding amongst an organization's own staff. And yet the great majority of money spent protecting systems is focused on creating technical defences against external threats. Angus McIlwraith's book explains how corporate culture affects perceptions of risk and information security, and how this in turn affects employee behaviour. He then provides a pragmatic approach for educating and training employees in information security and explains how different metrics can be used to assess awareness and behaviour. Information security awareness will always be an ongoing struggle against complacency, problems associated with new systems and technology, and the challenge of other more glamorous and often short term priorities. Information Security and Employee Behaviour will help you develop the capability and culture that will enable your organization to avoid or reduce the impact of unwanted security breaches.
Information Security and Employee Behaviour: How to Reduce Risk Through Employee Education, Training and Awareness
by Angus McIlwraithResearch conducted over many years suggests that between 60 and 85 per cent of all information security incidents are the result of a lack of knowledge and/or understanding amongst an organisation's own people. And yet the great majority of money spent protecting systems is focused on creating technical defences against often exaggerated external threats. Angus McIlwraith's book explains how corporate culture affects perceptions of risk and information security, and how this in turn affects employee behaviour. He then provides a pragmatic approach for educating and training employees in information security and explains how different metrics can be used to assess awareness and behaviour. Information security awareness will always be an ongoing struggle against complacency, problems associated with new systems and technology, and the challenge of other more glamorous and often short-term priorities. Information Security and Employee Behaviour will help you develop the capability and culture that will enable your organisation to avoid or reduce the impact of unwanted security breaches. This second edition has been thoroughly updated throughout, incorporating other areas like anthropology and other non-technical disciplines which are making an impact on recent developments. It also explores the technology used to deliver communication, education and awareness, particularly in the areas of online delivery and recent developments such as ‘gamification’, as well as the ways in which the research, tools, techniques and methodologies relating to the measurement and change of organisational culture have matured.
Information Security and Privacy: 21st Australasian Conference, ACISP 2016, Melbourne, VIC, Australia, July 4-6, 2016, Proceedings, Part I (Lecture Notes in Computer Science #9722)
by Joseph K. Liu Ron SteinfeldThe two-volume set LNCS 9722 and LNCS 9723 constitutes the refereed proceedings of the 21st Australasian Conference on Information Security and Privacy, ACISP 2016, held in Melbourne, VIC, Australia, in July 2016. The 52 revised full and 8 short papers presented together with 6 invited papers in this double volume were carefully revised and selected from 176 submissions. The papers of Part I (LNCS 9722) are organized in topical sections on National Security Infrastructure; Social Network Security; Bitcoin Security; Statistical Privacy; Network Security; Smart City Security; Digital Forensics; Lightweight Security; Secure Batch Processing; Pseudo Random/One-Way Function; Cloud Storage Security; Password/QR Code Security; and Functional Encryption and Attribute-Based Cryptosystem. Part II (LNCS 9723) comprises topics such as Signature and Key Management; Public Key and Identity-Based Encryption; Searchable Encryption; Broadcast Encryption; Mathematical Primitives; Symmetric Cipher; Public Key and Identity-Based Encryption; Biometric Security; Digital Forensics; National Security Infrastructure; Mobile Security; Network Security; and Pseudo Random/One-Way Function.
Information Security in Healthcare: Managing Risk (HIMSS Book Series)
by Terrell W. HerzigInformation Security in Healthcare is an essential guide for implementing a comprehensive information security management program in the modern healthcare environment. Combining the experience and insights of top healthcare IT managers and information security professionals, this book offers detailed coverage of myriad
Information Security: Opportunities and Limitations
by Thomas LiedtkeThis book explains the most important technical terms and contents and assigns them to the corresponding areas. It also includes seemingly peripheral areas that play a role in information security. For instance, the topic complexes of functional Safety and Privacy are examined in terms of their similarities and differences. The book presents currently used attack patterns and how to protect against them. Protection must be implemented on both a technical level (e.g., through the use of cryptography) and on an organizational and personnel level (e.g., through appropriate management systems and awareness training). How can one determine how secure data is? How can relevant threats be identified that need protection? How do risk analyses proceed?
Information Security: Policy, Processes, and Practices (Advances In Management Information Systems Ser. #42)
by Richard Baskerville Seymour Goodman Detmar W. StraubInformation security is everyone's concern. The way we live is underwritten by information system infrastructures, most notably the Internet. The functioning of our business organizations, the management of our supply chains, and the operation of our governments depend on the secure flow of information. In an organizational environment information security is a never-ending process of protecting information and the systems that produce it.This volume in the "Advances in Management Information Systems" series covers the managerial landscape of information security. It deals with how organizations and nations organize their information security policies and efforts. The book covers how to strategize and implement security with a special focus on emerging technologies. It highlights the wealth of security technologies, and also indicates that the problem is not a lack of technology but rather its intelligent application.
Information Services Design: A Design Science Approach for Sustainable Knowledge (Routledge Studies in Organization and Systems)
by Fons WijnhovenInformation services are economic and organizational activities for informing people. Because informing is changing rapidly under the influence of internet-technologies, this book presents in Chapter 1 fundamental notions of information and knowledge, based on philosopher C.W. Churchman’s inquiring systems. This results in the identification of three product-oriented design theory aspects: content, use value and revenue. Chapter 2 describes how one can cope with these aspects by presenting process-oriented design theory. Both design theory insights are applied in chapters on information services challenges, their business concepts and processes, their architectures and exploitation. The final chapter discusses three case studies that integrate the insights from previous chapters, and it discusses some ideas for future research. This book gives students a coherent start to the topic of information services from a design science perspective, with a balance between technical and managerial aspects. Therefore, this book is useful for modern curricula of management, communication science and information systems. Because of its design science approach, it also explains design science principles. The book also serves professionals and academics in search of a foundational understanding of informing as a science and management practice.