Cover Image

Management of Information Security.

Bibliographic Details
Main Author: Whitman, Michael.
Other Authors: Mattord, Herbert.
Format: eBook
Language:English
Published: Mason, OH : Cengage, 2018.
Edition:6th ed.
Subjects:
Computer networks-Security measures-Management..
Information technology-Security measures..
Computer security-Management..
Computer security.
Electronic books.
Online Access:View fulltext via EzAccess
Table of Contents:
  • Cover
  • Title
  • Statement
  • Copyright
  • Brief Contents
  • Table of Contents
  • Preface
  • Chapter 1: Introduction to the Management of Information Security
  • Introduction to Security
  • CNSS Security Model
  • The Value of Information and the C.I.A. Triad
  • Key Concepts of Information Security: Threats and Attacks
  • The 12 Categories of Threats
  • Management and Leadership
  • Behavioral Types of Leaders
  • Management Characteristics
  • Governance
  • Solving Problems
  • Principles of Information Security Management
  • Planning
  • Policy
  • Programs
  • Protection
  • People
  • Projects
  • Additional Reading
  • Chapter Summary
  • Review Questions
  • Exercises
  • Closing Case
  • Discussion Questions
  • Ethical Decision Making
  • Endnotes
  • Chapter 2: Compliance: Law and Ethics
  • Introduction to Law and Ethics
  • Ethics in InfoSec
  • Ethics and Education
  • Deterring Unethical and Illegal Behavior
  • Professional Organizations and Their Codes of Conduct
  • Association for Computing Machinery (ACM)
  • International Information Systems Security Certification Consortium, Inc. (ISC)²
  • SANS
  • Information Systems Audit and Control Association (ISACA)
  • Information Systems Security Association (ISSA)
  • Information Security and Law
  • Types of Law
  • Relevant U.S. Laws
  • International Laws and Legal Bodies
  • State and Local Regulations
  • Standards Versus Law
  • Policy Versus Law
  • Organizational Liability and the Management of Digital Forensics
  • Key Law Enforcement Agencies
  • Managing Digital Forensics
  • Additional Reading
  • Chapter Summary
  • Review Questions
  • Exercises
  • Closing Case
  • Discussion Questions
  • Ethical Decision Making
  • Endnotes
  • Chapter 3: Governance and Strategic Planning for Security
  • The Role of Planning
  • Precursors to Planning
  • Strategic Planning
  • Creating a Strategic Plan
  • Planning Levels.
  • Planning and the CISO
  • Information Security Governance
  • The ITGI Approach to Information Security Governance
  • NCSP Industry Framework for Information Security Governance
  • CERT Governing for Enterprise Security Implementation
  • ISO/IEC 27014:2013 Governance of Information Security
  • Security Convergence
  • Planning for Information Security Implementation
  • Implementing the Security Program using the SecSDLC
  • Additional Reading
  • Chapter Summary
  • Review Questions
  • Exercises
  • Closing Case
  • Discussion Questions
  • Ethical Decision Making
  • Endnotes
  • Chapter 4: Information Security Policy
  • Why Policy?
  • Policy, Standards, and Practices
  • Enterprise Information Security Policy
  • Integrating an Organization's Mission and Objectives into the EISP
  • EISP Elements
  • Example EISP Elements
  • Issue-Specific Security Policy
  • Elements of the ISSP
  • Implementing the ISSP
  • System-Specific Security Policy
  • Managerial Guidance SysSPs
  • Technical Specification SysSPs
  • Guidelines for Effective Policy Development and Implementation
  • Developing Information Security Policy
  • Policy Distribution
  • Policy Reading
  • Policy Comprehension
  • Policy Compliance
  • Policy Enforcement
  • Policy Development and Implementation Using the SDLC
  • Software Support for Policy Administration
  • Other Approaches to Information Security Policy Development
  • SP 800-18, Rev. 1: Guide for Developing Security Plans for Federal Information Systems
  • A Final Note on Policy
  • Additional Reading
  • Chapter Summary
  • Review Questions
  • Exercises
  • Closing Case
  • Discussion Questions
  • Ethical Decision Making
  • Endnotes
  • Chapter 5: Developing the Security Program
  • Organizing for Security
  • Security in Large Organizations
  • Security in Medium-Sized Organizations
  • Security in Small Organizations.
  • Placing Information Security Within an Organization
  • Components of the Security Program
  • Staffing the Security Function
  • Information Security Professional Credentials
  • Entering the Information Security Profession
  • Implementing Security Education, Training, and Awareness (SETA) Programs
  • Security Education
  • Security Training
  • Security Awareness
  • Project Management in Information Security
  • Projects Versus Processes
  • Organizational Support for Project Management
  • PMBOK Knowledge Areas
  • Project Management Tools
  • Additional Reading
  • Chapter Summary
  • Review Questions
  • Exercises
  • Closing Case
  • Discussion Questions
  • Ethical Decision Making
  • Endnotes
  • Chapter 6: Risk Management: Assessing Risk
  • Introduction to the Management of Risk in Information Security
  • Knowing Yourself and Knowing the Enemy
  • The Information Security Risk Management Framework
  • Roles of Communities of Interest in Managing Risk
  • Executive Governance and Support
  • Framework Design
  • Framework Implementation
  • Framework Monitoring and Review
  • Continuous Improvement
  • The Risk Management Process
  • RM Process Preparation-Establishing the Context
  • Risk Assessment: Risk Identification
  • Risk Assessment: Risk Analysis
  • Risk Evaluation
  • Risk Treatment/Risk Control
  • Process Communications, Monitoring, and Review
  • Additional Reading
  • Chapter Summary
  • Review Questions
  • Exercises
  • Closing Case
  • Discussion Questions
  • Ethical Decision Making
  • Endnotes
  • Chapter 7: Risk Management: Treating Risk
  • Introduction to Risk Treatment
  • Risk Treatment Strategies
  • Managing Risk
  • Feasibility and Cost-benefit Analysis
  • Other Methods of Establishing Feasibility
  • Alternatives to Feasibility Analysis
  • Recommended Alternative Risk Treatment Practices
  • Alternative Risk Management Methodologies
  • The OCTAVE Methods.
  • Microsoft Risk Management Approach
  • FAIR
  • ISO Standards for InfoSec Risk Management
  • NIST Risk Management Framework (RMF)
  • Other Methods
  • Selecting the Best Risk Management Model
  • Additional Reading
  • Chapter Summary
  • Review Questions
  • Exercises
  • Closing Case
  • Discussion Questions
  • Ethical Decision Making
  • Endnotes
  • Chapter 8: Security Management Models
  • Introduction to Blueprints, Frameworks, and Security Models
  • Security Management Models
  • The ISO 27000 Series
  • NIST Security Publications
  • Control Objectives for Information and Related Technology
  • Committee of Sponsoring Organizations
  • Information Technology Infrastructure Library
  • Information Security Governance Framework
  • Security Architecture Models
  • TCSEC and the Trusted Computing Base
  • Information Technology System Evaluation Criteria
  • The Common Criteria
  • Access Control Models
  • Categories of Access Controls
  • Other Forms of Access Control
  • Academic Access Control Models
  • Bell-LaPadula Confidentiality Model
  • Biba Integrity Model
  • Clark-Wilson Integrity Model
  • Graham-Denning Access Control Model
  • Harrison-Ruzzo-Ullman Model
  • Brewer-Nash Model (Chinese Wall)
  • Additional Reading
  • Chapter Summary
  • Review Questions
  • Exercises
  • Closing Case
  • Discussion Questions
  • Ethical Decision Making
  • Endnotes
  • Chapter 9: Security Management Practices
  • Introduction to Security Practices
  • Security Employment Practices
  • Hiring
  • Contracts and Employment
  • Security Expectations in the Performance Evaluation
  • Termination Issues
  • Personnel Security Practices
  • Security of Personnel and Personal Data
  • Security Considerations for Temporary Employees, Consultants, and Other Workers
  • Information Security Performance Measurement
  • InfoSec Performance Management
  • Building the Performance Measurement Program.
  • Specifying InfoSec Measurements
  • Collecting InfoSec Measurements
  • Implementing InfoSec Performance Measurement
  • Reporting InfoSec Performance Measurements
  • Benchmarking
  • Standards of Due Care/Due Diligence
  • Recommended Security Practices
  • Selecting Recommended Practices
  • Limitations to Benchmarking and Recommended Practices
  • Baselining
  • Support for Benchmarks and Baselines
  • ISO Certification
  • Additional Reading
  • Chapter Summary
  • Review Questions
  • Exercises
  • Closing Case
  • Discussion Questions
  • Ethical Decision Making
  • Endnotes
  • Chapter 10: Planning for Contingencies
  • Introduction to Contingency Planning
  • Fundamentals of Contingency Planning
  • Components of Contingency Planning
  • Business Impact Analysis
  • Contingency Planning Policies
  • Incident Response
  • Getting Started
  • Incident Response Policy
  • Incident Response Planning
  • Detecting Incidents
  • Reacting to Incidents
  • Recovering from Incidents
  • Disaster Recovery
  • The Disaster Recovery Process
  • Disaster Recovery Policy
  • Disaster Classification
  • Planning to Recover
  • Responding to the Disaster
  • Simple Disaster Recovery Plan
  • Business Continuity
  • Business Continuity Policy
  • Continuity Strategies
  • Timing and Sequence of CP Elements
  • Crisis Management
  • Business Resumption
  • Testing Contingency Plans
  • Final Thoughts on CP
  • Additional Reading
  • Chapter Summary
  • Review Questions
  • Exercises
  • Closing Case
  • Discussion Questions
  • Ethical Decision Making
  • Endnotes
  • Chapter 11: Security Maintenance
  • Introduction to Security Maintenance
  • Security Management Maintenance Models
  • NIST SP 800-100, Information Security Handbook: A Guide for Managers
  • The Security Maintenance Model
  • Additional Reading
  • Chapter Summary
  • Review Questions
  • Exercises
  • Closing Case
  • Discussion Questions.
  • Ethical Decision Making.

Similar Items