Information Security Management Principles, 3rd Edition

Information Security Management Principles, 3rd Edition

by Andy Taylor, David Alexander, Amanda Finch, David Sutton
Released January 2020
Publisher(s): BCS, The Chartered Institute for IT
ISBN: 9781780175201

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

In today’s technology-driven environment there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts.

Table of contents

  1. Front Cover
  2. Half-Title Page
  3. BCS, THE CHARTERED INSTITUTE FOR IT
  4. Title Page
  5. Copyright Page
  6. Contents
  7. Figures and tables
  8. Authors
  9. Acknowledgements
  10. Abbreviations
  11. Preface
  12. 1. Information Security Principles
    1. Concepts and definitions
    2. The need for, and benefits of, information security
    3. Sample questions
  13. 2. Information Risk
    1. Threats to, and vulnerabilities of, information systems
    2. Risk management
    3. Sample questions
    4. References and further reading
  14. 3. Information Security Framework
    1. Organisation and responsibilities
    2. Organisational policy, standards and procedures
    3. Information security governance
    4. Information assurance programme implementation
    5. Security incident management
    6. Legal framework
    7. Security standards and procedures
    8. Sample questions
    9. References
  15. 4. Security Life Cycles
    1. The information life cycle
    2. Testing, audit and review
    3. Systems development and support
    4. Sample questions
    5. Reference
  16. 5. Procedural and People Security Controls
    1. General controls
    2. People security
    3. User access controls
    4. Training and awareness
    5. Sample questions
  17. 6.Technical Security Controls
    1. Technical security
    2. Protection from malicious software
    3. Networks and communications
    4. Operational technology
    5. External services
    6. Cloud computing
    7. IT infrastructure
    8. Sample questions
  18. 7. Physical and Environmental Security
    1. Physical security
    2. Different uses of controls
    3. Sample questions
  19. 8. Disaster Recovery and Business Continuity Management
    1. Relationship between DR/BCP, risk assessment and impact analysis
    2. Resilience and redundancy
    3. Approaches to writing plans and implementing plans
    4. The need for documentation, maintenance and testing
    5. Need for links to managed service provision and outsourcing
    6. Need for secure off-site storage of vital material
    7. Need to involve personnel, suppliers and IT systems providers
    8. Relationship with security incident management
    9. Compliance with standards
    10. Sample questions
  20. 9. Other Technical Aspects
    1. Investigations and forensics
    2. Role of cryptography
    3. Threat intelligence
    4. Conclusion
    5. Sample questions
    6. References and further reading
  21. Appendix A
  22. Activity solution pointers
  23. Sample question answers
  24. Glossary
  25. Index
  26. Back Cover

Product information

  • Title: Information Security Management Principles, 3rd Edition
  • Author(s): Andy Taylor, David Alexander, Amanda Finch, David Sutton
  • Release date: January 2020
  • Publisher(s): BCS, The Chartered Institute for IT
  • ISBN: 9781780175201