O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Information Security Governance Simplified

Book Description

Security practitioners must be able to build cost-effective security programs while also complying with government regulations. Information Security Governance Simplified: From the Boardroom to the Keyboard lays out these regulations in simple terms and explains how to use control frameworks to build an air-tight information security (IS) program and governance structure.

Defining the leadership skills required by IS officers, the book examines the pros and cons of different reporting structures and highlights the various control frameworks available. It details the functions of the security department and considers the control areas, including physical, network, application, business continuity/disaster recover, and identity management.

Todd Fitzgerald explains how to establish a solid foundation for building your security program and shares time-tested insights about what works and what doesn’t when building an IS program. Highlighting security considerations for managerial, technical, and operational controls, it provides helpful tips for selling your program to management. It also includes tools to help you create a workable IS charter and your own IS policies. Based on proven experience rather than theory, the book gives you the tools and real-world insight needed to secure your information while ensuring compliance with government regulations.

Table of Contents

  1. Front Cover (1/2)
  2. Front Cover (2/2)
  3. Contents (1/2)
  4. Contents (2/2)
  5. Foreword
  6. Acknowledgments
  7. Introduction
  8. About the Author
  9. Chapter 1: Getting Information Security Right : Top to Bottom (1/2)
  10. Chapter 1: Getting Information Security Right : Top to Bottom (2/2)
  11. Chapter 2: Developing Information Security Strategy (1/6)
  12. Chapter 2: Developing Information Security Strategy (2/6)
  13. Chapter 2: Developing Information Security Strategy (3/6)
  14. Chapter 2: Developing Information Security Strategy (4/6)
  15. Chapter 2: Developing Information Security Strategy (5/6)
  16. Chapter 2: Developing Information Security Strategy (6/6)
  17. Chapter 3: Defining the Security Management Organization (1/8)
  18. Chapter 3: Defining the Security Management Organization (2/8)
  19. Chapter 3: Defining the Security Management Organization (3/8)
  20. Chapter 3: Defining the Security Management Organization (4/8)
  21. Chapter 3: Defining the Security Management Organization (5/8)
  22. Chapter 3: Defining the Security Management Organization (6/8)
  23. Chapter 3: Defining the Security Management Organization (7/8)
  24. Chapter 3: Defining the Security Management Organization (8/8)
  25. Chapter 4: Interacting with the C-Suite (1/9)
  26. Chapter 4: Interacting with the C-Suite (2/9)
  27. Chapter 4: Interacting with the C-Suite (3/9)
  28. Chapter 4: Interacting with the C-Suite (4/9)
  29. Chapter 4: Interacting with the C-Suite (5/9)
  30. Chapter 4: Interacting with the C-Suite (6/9)
  31. Chapter 4: Interacting with the C-Suite (7/9)
  32. Chapter 4: Interacting with the C-Suite (8/9)
  33. Chapter 4: Interacting with the C-Suite (9/9)
  34. Chapter 5: Managing Risk to an Acceptable Level (1/4)
  35. Chapter 5: Managing Risk to an Acceptable Level (2/4)
  36. Chapter 5: Managing Risk to an Acceptable Level (3/4)
  37. Chapter 5: Managing Risk to an Acceptable Level (4/4)
  38. Chapter 6: Creating Effective Information Security Policies (1/5)
  39. Chapter 6: Creating Effective Information Security Policies (2/5)
  40. Chapter 6: Creating Effective Information Security Policies (3/5)
  41. Chapter 6: Creating Effective Information Security Policies (4/5)
  42. Chapter 6: Creating Effective Information Security Policies (5/5)
  43. Chapter 7: Security Compliance Using Control Frameworks (1/5)
  44. Chapter 7: Security Compliance Using Control Frameworks (2/5)
  45. Chapter 7: Security Compliance Using Control Frameworks (3/5)
  46. Chapter 7: Security Compliance Using Control Frameworks (4/5)
  47. Chapter 7: Security Compliance Using Control Frameworks (5/5)
  48. Chapter 8: Managerial Controls : Practical Security Considerations (1/6)
  49. Chapter 8: Managerial Controls : Practical Security Considerations (2/6)
  50. Chapter 8: Managerial Controls : Practical Security Considerations (3/6)
  51. Chapter 8: Managerial Controls : Practical Security Considerations (4/6)
  52. Chapter 8: Managerial Controls : Practical Security Considerations (5/6)
  53. Chapter 8: Managerial Controls : Practical Security Considerations (6/6)
  54. Chapter 9: Technical Controls : Practical Security Considerations (1/6)
  55. Chapter 9: Technical Controls : Practical Security Considerations (2/6)
  56. Chapter 9: Technical Controls : Practical Security Considerations (3/6)
  57. Chapter 9: Technical Controls : Practical Security Considerations (4/6)
  58. Chapter 9: Technical Controls : Practical Security Considerations (5/6)
  59. Chapter 9: Technical Controls : Practical Security Considerations (6/6)
  60. Chapter 10: Operational Controls : Practical Security Considerations (1/8)
  61. Chapter 10: Operational Controls : Practical Security Considerations (2/8)
  62. Chapter 10: Operational Controls : Practical Security Considerations (3/8)
  63. Chapter 10: Operational Controls : Practical Security Considerations (4/8)
  64. Chapter 10: Operational Controls : Practical Security Considerations (5/8)
  65. Chapter 10: Operational Controls : Practical Security Considerations (6/8)
  66. Chapter 10: Operational Controls : Practical Security Considerations (7/8)
  67. Chapter 10: Operational Controls : Practical Security Considerations (8/8)
  68. Chapter 11: The Auditors Have Arrived, Now What? (1/6)
  69. Chapter 11: The Auditors Have Arrived, Now What? (2/6)
  70. Chapter 11: The Auditors Have Arrived, Now What? (3/6)
  71. Chapter 11: The Auditors Have Arrived, Now What? (4/6)
  72. Chapter 11: The Auditors Have Arrived, Now What? (5/6)
  73. Chapter 11: The Auditors Have Arrived, Now What? (6/6)
  74. Chapter 12: Effective Security Communications (1/7)
  75. Chapter 12: Effective Security Communications (2/7)
  76. Chapter 12: Effective Security Communications (3/7)
  77. Chapter 12: Effective Security Communications (4/7)
  78. Chapter 12: Effective Security Communications (5/7)
  79. Chapter 12: Effective Security Communications (6/7)
  80. Chapter 12: Effective Security Communications (7/7)
  81. Chapter 13: The Law and Information Security (1/4)
  82. Chapter 13: The Law and Information Security (2/4)
  83. Chapter 13: The Law and Information Security (3/4)
  84. Chapter 13: The Law and Information Security (4/4)
  85. Chapter 14: Learning from Information Security Incidents (1/4)
  86. Chapter 14: Learning from Information Security Incidents (2/4)
  87. Chapter 14: Learning from Information Security Incidents (3/4)
  88. Chapter 14: Learning from Information Security Incidents (4/4)
  89. Chapter 15: 17 Ways to Dismantle Information Security Governance Efforts (1/3)
  90. Chapter 15: 17 Ways to Dismantle Information Security Governance Efforts (2/3)
  91. Chapter 15: 17 Ways to Dismantle Information Security Governance Efforts (3/3)
  92. Back Cover