In This Chapter

Courting key concepts in information security management

Understanding the issues that concern security professionals

Learning the language of information security management

A fool with a tool is still a fool. The owner of a technology business once told this to his employees. Information technology and information security cannot succeed on tools alone but require business processes that manage their use.

This chapter is modeled after five of the ten categories in the Common Body of Knowledge (CBK) in the CISSP (Certified Information Systems Security Professional) certification. The five categories in this chapter are security management centric. The other five categories of the CISSP CBK are covered in Chapter 5.

For a deeper dive into the CISSP common body of knowledge, pick up a copy of CISSP For Dummies, 4th Edition.

It would be unwise to think of the topics in this chapter as strictly management based, just as much as it would be to consider the topics in Chapter 5 as strictly technology based. Management and technology are ...