book

Information Security Management Principles, 3rd Edition

by Andy Taylor, David Alexander, Amanda Finch, David Sutton

January 2020

Intermediate to advanced

268 pages

9h 22m

English

BCS, The Chartered Institute for IT

Read now

Unlock full access

Concepts and definitionsThe need for, and benefits of, information securitySample questions
Threats to, and vulnerabilities of, information systemsRisk managementSample questionsReferences and further reading
Organisation and responsibilitiesOrganisational policy, standards and proceduresInformation security governanceInformation assurance programme implementationSecurity incident managementLegal frameworkSecurity standards and proceduresSample questionsReferences
The information life cycleTesting, audit and reviewSystems development and supportSample questionsReference
General controlsPeople securityUser access controlsTraining and awarenessSample questions
Technical securityProtection from malicious softwareNetworks and communicationsOperational technologyExternal servicesCloud computingIT infrastructureSample questions
Physical securityDifferent uses of controlsSample questions
Relationship between DR/BCP, risk assessment and impact analysisResilience and redundancyApproaches to writing plans and implementing plansThe need for documentation, maintenance and testingNeed for links to managed service provision and outsourcingNeed for secure off-site storage of vital materialNeed to involve personnel, suppliers and IT systems providersRelationship with security incident managementCompliance with standardsSample questions
Investigations and forensicsRole of cryptographyThreat intelligenceConclusionSample questionsReferences and further reading

Content preview from Information Security Management Principles, 3rd Edition

9 OTHER TECHNICAL ASPECTS

In this chapter you will gain an understanding of the important aspects of incident investigation and how the forensic evidence may be preserved. You will learn about the basic concepts of and uses for cryptography, and threat intelligence and its role in a modern organisation’s defences.

INVESTIGATIONS AND FORENSICS

It has already been mentioned that, even in organisations with very effective governance, there will be occasions on which it is necessary to investigate activity and use forensic techniques to discover and preserve evidence for later use. Part of incident management is about the ability to identify answers to the questions: who, why, what, when, where and how? Some of this has been described previously ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Information Assurance Handbook: Effective Computer Security and Risk Management Strategies

Publisher Resources

ISBN: 9781780175201

Information Security Management Principles, 3rd Edition

by Andy Taylor, David Alexander, Amanda Finch, David Sutton

9 OTHER TECHNICAL ASPECTS

INVESTIGATIONS AND FORENSICS

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Information Assurance Handbook: Effective Computer Security and Risk Management Strategies

Security Program and Policies: Principles and Practices, Second Edition

Information Security Policies, Procedures, and Standards

Security Policies and Implementation Issues, 3rd Edition

Publisher Resources

INVESTIGATIONS AND FORENSICS

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Information Assurance Handbook: Effective Computer Security and Risk Management Strategies

Security Program and Policies: Principles and Practices, Second Edition

Information Security Policies, Procedures, and Standards

Security Policies and Implementation Issues, 3rd Edition

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.