|
|
|
|
| LEADER |
11410nam a22005293i 4500 |
| 001 |
EBC6351343 |
| 003 |
MiAaPQ |
| 005 |
20210318061024.0 |
| 006 |
m o d | |
| 007 |
cr cnu|||||||| |
| 008 |
210318s2018 xx o ||||0 eng d |
| 020 |
|
|
|a 9781337671545
|q (electronic bk.)
|
| 020 |
|
|
|z 9781337405713
|
| 035 |
|
|
|a (MiAaPQ)EBC6351343
|
| 035 |
|
|
|a (Au-PeEL)EBL6351343
|
| 035 |
|
|
|a (OCoLC)1202455503
|
| 040 |
|
|
|a MiAaPQ
|b eng
|e rda
|e pn
|c MiAaPQ
|d MiAaPQ
|
| 050 |
|
4 |
|a TK5105.59
|b .W458 2019
|
| 082 |
0 |
|
|a 658.478
|
| 100 |
1 |
|
|a Whitman, Michael.
|
| 245 |
1 |
0 |
|a Management of Information Security.
|
| 250 |
|
|
|a 6th ed.
|
| 264 |
|
1 |
|a Mason, OH :
|b Cengage,
|c 2018.
|
| 264 |
|
4 |
|c ©2019.
|
| 300 |
|
|
|a 1 online resource (754 pages)
|
| 336 |
|
|
|a text
|b txt
|2 rdacontent
|
| 337 |
|
|
|a computer
|b c
|2 rdamedia
|
| 338 |
|
|
|a online resource
|b cr
|2 rdacarrier
|
| 505 |
0 |
|
|a Cover -- Title -- Statement -- Copyright -- Brief Contents -- Table of Contents -- Preface -- Chapter 1: Introduction to the Management of Information Security -- Introduction to Security -- CNSS Security Model -- The Value of Information and the C.I.A. Triad -- Key Concepts of Information Security: Threats and Attacks -- The 12 Categories of Threats -- Management and Leadership -- Behavioral Types of Leaders -- Management Characteristics -- Governance -- Solving Problems -- Principles of Information Security Management -- Planning -- Policy -- Programs -- Protection -- People -- Projects -- Additional Reading -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Chapter 2: Compliance: Law and Ethics -- Introduction to Law and Ethics -- Ethics in InfoSec -- Ethics and Education -- Deterring Unethical and Illegal Behavior -- Professional Organizations and Their Codes of Conduct -- Association for Computing Machinery (ACM) -- International Information Systems Security Certification Consortium, Inc. (ISC)² -- SANS -- Information Systems Audit and Control Association (ISACA) -- Information Systems Security Association (ISSA) -- Information Security and Law -- Types of Law -- Relevant U.S. Laws -- International Laws and Legal Bodies -- State and Local Regulations -- Standards Versus Law -- Policy Versus Law -- Organizational Liability and the Management of Digital Forensics -- Key Law Enforcement Agencies -- Managing Digital Forensics -- Additional Reading -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Chapter 3: Governance and Strategic Planning for Security -- The Role of Planning -- Precursors to Planning -- Strategic Planning -- Creating a Strategic Plan -- Planning Levels.
|
| 505 |
8 |
|
|a Planning and the CISO -- Information Security Governance -- The ITGI Approach to Information Security Governance -- NCSP Industry Framework for Information Security Governance -- CERT Governing for Enterprise Security Implementation -- ISO/IEC 27014:2013 Governance of Information Security -- Security Convergence -- Planning for Information Security Implementation -- Implementing the Security Program using the SecSDLC -- Additional Reading -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Chapter 4: Information Security Policy -- Why Policy? -- Policy, Standards, and Practices -- Enterprise Information Security Policy -- Integrating an Organization's Mission and Objectives into the EISP -- EISP Elements -- Example EISP Elements -- Issue-Specific Security Policy -- Elements of the ISSP -- Implementing the ISSP -- System-Specific Security Policy -- Managerial Guidance SysSPs -- Technical Specification SysSPs -- Guidelines for Effective Policy Development and Implementation -- Developing Information Security Policy -- Policy Distribution -- Policy Reading -- Policy Comprehension -- Policy Compliance -- Policy Enforcement -- Policy Development and Implementation Using the SDLC -- Software Support for Policy Administration -- Other Approaches to Information Security Policy Development -- SP 800-18, Rev. 1: Guide for Developing Security Plans for Federal Information Systems -- A Final Note on Policy -- Additional Reading -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Chapter 5: Developing the Security Program -- Organizing for Security -- Security in Large Organizations -- Security in Medium-Sized Organizations -- Security in Small Organizations.
|
| 505 |
8 |
|
|a Placing Information Security Within an Organization -- Components of the Security Program -- Staffing the Security Function -- Information Security Professional Credentials -- Entering the Information Security Profession -- Implementing Security Education, Training, and Awareness (SETA) Programs -- Security Education -- Security Training -- Security Awareness -- Project Management in Information Security -- Projects Versus Processes -- Organizational Support for Project Management -- PMBOK Knowledge Areas -- Project Management Tools -- Additional Reading -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Chapter 6: Risk Management: Assessing Risk -- Introduction to the Management of Risk in Information Security -- Knowing Yourself and Knowing the Enemy -- The Information Security Risk Management Framework -- Roles of Communities of Interest in Managing Risk -- Executive Governance and Support -- Framework Design -- Framework Implementation -- Framework Monitoring and Review -- Continuous Improvement -- The Risk Management Process -- RM Process Preparation-Establishing the Context -- Risk Assessment: Risk Identification -- Risk Assessment: Risk Analysis -- Risk Evaluation -- Risk Treatment/Risk Control -- Process Communications, Monitoring, and Review -- Additional Reading -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Chapter 7: Risk Management: Treating Risk -- Introduction to Risk Treatment -- Risk Treatment Strategies -- Managing Risk -- Feasibility and Cost-benefit Analysis -- Other Methods of Establishing Feasibility -- Alternatives to Feasibility Analysis -- Recommended Alternative Risk Treatment Practices -- Alternative Risk Management Methodologies -- The OCTAVE Methods.
|
| 505 |
8 |
|
|a Microsoft Risk Management Approach -- FAIR -- ISO Standards for InfoSec Risk Management -- NIST Risk Management Framework (RMF) -- Other Methods -- Selecting the Best Risk Management Model -- Additional Reading -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Chapter 8: Security Management Models -- Introduction to Blueprints, Frameworks, and Security Models -- Security Management Models -- The ISO 27000 Series -- NIST Security Publications -- Control Objectives for Information and Related Technology -- Committee of Sponsoring Organizations -- Information Technology Infrastructure Library -- Information Security Governance Framework -- Security Architecture Models -- TCSEC and the Trusted Computing Base -- Information Technology System Evaluation Criteria -- The Common Criteria -- Access Control Models -- Categories of Access Controls -- Other Forms of Access Control -- Academic Access Control Models -- Bell-LaPadula Confidentiality Model -- Biba Integrity Model -- Clark-Wilson Integrity Model -- Graham-Denning Access Control Model -- Harrison-Ruzzo-Ullman Model -- Brewer-Nash Model (Chinese Wall) -- Additional Reading -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Chapter 9: Security Management Practices -- Introduction to Security Practices -- Security Employment Practices -- Hiring -- Contracts and Employment -- Security Expectations in the Performance Evaluation -- Termination Issues -- Personnel Security Practices -- Security of Personnel and Personal Data -- Security Considerations for Temporary Employees, Consultants, and Other Workers -- Information Security Performance Measurement -- InfoSec Performance Management -- Building the Performance Measurement Program.
|
| 505 |
8 |
|
|a Specifying InfoSec Measurements -- Collecting InfoSec Measurements -- Implementing InfoSec Performance Measurement -- Reporting InfoSec Performance Measurements -- Benchmarking -- Standards of Due Care/Due Diligence -- Recommended Security Practices -- Selecting Recommended Practices -- Limitations to Benchmarking and Recommended Practices -- Baselining -- Support for Benchmarks and Baselines -- ISO Certification -- Additional Reading -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Chapter 10: Planning for Contingencies -- Introduction to Contingency Planning -- Fundamentals of Contingency Planning -- Components of Contingency Planning -- Business Impact Analysis -- Contingency Planning Policies -- Incident Response -- Getting Started -- Incident Response Policy -- Incident Response Planning -- Detecting Incidents -- Reacting to Incidents -- Recovering from Incidents -- Disaster Recovery -- The Disaster Recovery Process -- Disaster Recovery Policy -- Disaster Classification -- Planning to Recover -- Responding to the Disaster -- Simple Disaster Recovery Plan -- Business Continuity -- Business Continuity Policy -- Continuity Strategies -- Timing and Sequence of CP Elements -- Crisis Management -- Business Resumption -- Testing Contingency Plans -- Final Thoughts on CP -- Additional Reading -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Chapter 11: Security Maintenance -- Introduction to Security Maintenance -- Security Management Maintenance Models -- NIST SP 800-100, Information Security Handbook: A Guide for Managers -- The Security Maintenance Model -- Additional Reading -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions.
|
| 505 |
8 |
|
|a Ethical Decision Making.
|
| 526 |
0 |
|
|a BA118 - Diploma In Office Management & Technology
|z Syllabus Programme
|
| 588 |
|
|
|a Description based on publisher supplied metadata and other sources.
|
| 590 |
|
|
|a Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2021. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.
|
| 650 |
|
0 |
|a Computer networks-Security measures-Management..
|
| 650 |
|
0 |
|a Information technology-Security measures..
|
| 650 |
|
0 |
|a Computer security-Management..
|
| 650 |
|
0 |
|a Computer security.
|
| 655 |
|
4 |
|a Electronic books.
|
| 700 |
1 |
|
|a Mattord, Herbert.
|
| 776 |
0 |
8 |
|i Print version:
|a Whitman, Michael
|t Management of Information Security
|d Mason, OH : Cengage,c2018
|z 9781337405713
|
| 797 |
2 |
|
|a ProQuest (Firm)
|
| 856 |
4 |
0 |
|u https://ezaccess.library.uitm.edu.my/login?url=https://ebookcentral.proquest.com/lib/uitm-ebooks/detail.action?docID=6351343
|z View fulltext via EzAccess
|
| 966 |
0 |
|
|a 2021
|b ProQuest Ebook Central
|c UiTM Library
|d Intan Nurul 'Ain Mohd Firdaus Kozako
|e Faculty of Business and Management
|f ProQuest
|