book

Information Security Management Principles, 3rd Edition

by Andy Taylor, David Alexander, Amanda Finch, David Sutton

January 2020

Intermediate to advanced

268 pages

9h 22m

English

BCS, The Chartered Institute for IT

Read now

Unlock full access

Concepts and definitionsThe need for, and benefits of, information securitySample questions
Threats to, and vulnerabilities of, information systemsRisk managementSample questionsReferences and further reading
Organisation and responsibilitiesOrganisational policy, standards and proceduresInformation security governanceInformation assurance programme implementationSecurity incident managementLegal frameworkSecurity standards and proceduresSample questionsReferences
The information life cycleTesting, audit and reviewSystems development and supportSample questionsReference
General controlsPeople securityUser access controlsTraining and awarenessSample questions
Technical securityProtection from malicious softwareNetworks and communicationsOperational technologyExternal servicesCloud computingIT infrastructureSample questions
Physical securityDifferent uses of controlsSample questions
Relationship between DR/BCP, risk assessment and impact analysisResilience and redundancyApproaches to writing plans and implementing plansThe need for documentation, maintenance and testingNeed for links to managed service provision and outsourcingNeed for secure off-site storage of vital materialNeed to involve personnel, suppliers and IT systems providersRelationship with security incident managementCompliance with standardsSample questions
Investigations and forensicsRole of cryptographyThreat intelligenceConclusionSample questionsReferences and further reading

Overview

In today’s technology-driven environment there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Information Assurance Handbook: Effective Computer Security and Risk Management Strategies

Corey Schou, Steven Hernandez

Security Program and Policies: Principles and Practices, Second Edition

Sari Greene

Information Security Policies, Procedures, and Standards

Douglas J. Landoll

Security Policies and Implementation Issues, 3rd Edition

Robert Johnson, Chuck Easttom

Publisher Resources

ISBN: 9781780175201