Book description
What do information security and the art of war have in common? The answer, this book argues, is a great deal. Although the authors have an expert technical knowledge of information security, they strongly believe that technical and procedural measures cannot offer a solution on their own.
Table of contents
- Copyright
- Preface
- About the Authors
- Introduction
-
1. Information Security Auditing and Strategy
- To do or not to do?
- On monetary contemplations
-
The fundamentals
- 1. Information security assessment is an act of corporate or organisational politics
- 2. Information security assessment is always shaped by political, administrative, technical and human ‘terrain’
- 3. Information security assessment must shape information security systems of its target
- 4. Information security assessment is never complete
- 5. Information security assessment must be a part of a continuous process
- 6. Information security assessment should maintain a proper balance between tempo and depth
- 7. Information security assessment must always exceed its perceived scope
- 8. Information security assessment always targets corporate or organisational ISMS
- 9. Information security assessment should aspire to establish the roots of all discovered vulnerabilities, weaknesses and gaps
- 10. Information security assessment should aspire to discover strategic problems through tactical means
- 11. Information security assessment must be endorsed, controlled and debriefed at the top
- 12. Information security assessment should be understood and appreciated at the bottom
- 13. Information security assessment must produce transferrable results
- 14. Information security assessment must decrease the friction of the auditee
- 15. Information security assessment should promote security awareness and initiative
- 16. Information security assessment always operates with probabilities
- 17. Information security assessment is mainly a proactive countermeasure
- 18. Information security assessment must be impartial
- 19. Information security assessment must be dissociated from the checked system
- 20. Information security assessment results must be strictly confidential
- On aggressive defence
- On counteroffensive
- On the conditions of success
- 2. Security Auditing, Governance, Policies and Compliance
- 3. Security Assessments Classification
- 4. Advanced Pre-Assessment Planning
- 5. Security Audit Strategies and Tactics
- 6. Synthetic Evaluation of Risks
- 7. Presenting the Outcome and Follow-Up Acts
- 8. Reviewing Security Assessment Failures and Auditor Management Strategies
- Bibliography
- ITG Resources
Product information
- Title: Assessing Information Security: Strategies, tactics, logic and framework
- Author(s):
- Release date: February 2010
- Publisher(s): IT Governance Publishing
- ISBN: 9781849280358
You might also like
book
Assessing Information Security: Strategies, tactics, logic and framework
Build a strategic response to cyber attacks The activities of the cyber criminal are both deliberate …
book
Infosec Strategies and Best Practices
Advance your career as an information security professional by turning theory into robust solutions to secure …
book
Designing a HIPAA-Compliant Security Operations Center: A Guide to Detecting and Responding to Healthcare Breaches and Events
Develop a comprehensive plan for building a HIPAA-compliant security operations center, designed to detect and respond …
book
The Basics of IT Audit
The Basics of IT Audit: Purposes, Processes, and Practical Information provides you with a thorough, yet …