To effectively assess and implement security in information technology (IT) systems, it is vital that a structured, information-centric process is followed. This text encompasses several chapters that define an information-based process and the various elements and activities that make up that methodology. This text also contains a variety of charts you can employ to help assess and implement security in your IT systems. It will be easier for you to make use of the information herein if there is an overview of the entire process. I have included it here.

Previous standards and methodologies to define security requirements have all had one fatal flaw—they were technology-based models. Technology-based models ...

Get Assessing and Managing Security Risk in IT Systems now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.