book

Information Security Management Principles, 3rd Edition

by Andy Taylor, David Alexander, Amanda Finch, David Sutton

January 2020

Intermediate to advanced

268 pages

9h 22m

English

BCS, The Chartered Institute for IT

Read now

Unlock full access

Contents

Concepts and definitionsThe need for, and benefits of, information securitySample questions
Threats to, and vulnerabilities of, information systemsRisk managementSample questionsReferences and further reading
Organisation and responsibilitiesOrganisational policy, standards and proceduresInformation security governanceInformation assurance programme implementationSecurity incident managementLegal frameworkSecurity standards and proceduresSample questionsReferences
The information life cycleTesting, audit and reviewSystems development and supportSample questionsReference
General controlsPeople securityUser access controlsTraining and awarenessSample questions
Technical securityProtection from malicious softwareNetworks and communicationsOperational technologyExternal servicesCloud computingIT infrastructureSample questions
Physical securityDifferent uses of controlsSample questions
Relationship between DR/BCP, risk assessment and impact analysisResilience and redundancyApproaches to writing plans and implementing plansThe need for documentation, maintenance and testingNeed for links to managed service provision and outsourcingNeed for secure off-site storage of vital materialNeed to involve personnel, suppliers and IT systems providersRelationship with security incident managementCompliance with standardsSample questions
Investigations and forensicsRole of cryptographyThreat intelligenceConclusionSample questionsReferences and further reading

Content preview from Information Security Management Principles, 3rd Edition

CONTENTS

Figures and tables

Acknowledgements

1. INFORMATION SECURITY PRINCIPLES

Concepts and definitions

The need for, and benefits of, information security

Sample questions

2. INFORMATION RISK

Threats to, and vulnerabilities of, information systems

Risk management

Sample questions

References and further reading

3. INFORMATION SECURITY FRAMEWORK

Organisation and responsibilities

Organisational policy, standards and procedures

Information security governance

Information assurance programme implementation

Security incident management

Legal framework

Security standards and procedures

Sample questions

4. SECURITY LIFE CYCLES

The information life cycle

Testing, audit and review

Systems development and support ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

You might also like

Information Assurance Handbook: Effective Computer Security and Risk Management Strategies

Information Assurance Handbook: Effective Computer Security and Risk Management Strategies

Corey Schou, Steven Hernandez

Security Program and Policies: Principles and Practices, Second Edition

Security Program and Policies: Principles and Practices, Second Edition

Sari Greene

Information Security Policies, Procedures, and Standards

Information Security Policies, Procedures, and Standards

Douglas J. Landoll

Security Policies and Implementation Issues, 3rd Edition

Security Policies and Implementation Issues, 3rd Edition

Robert Johnson, Chuck Easttom

Publisher Resources

ISBN: 9781780175201