Information security : design, implementation, measurement, and compliance /: design, implementation, measurement, and compliance. (©2007)
- Record Type:
- Book
- Title:
- Information security : design, implementation, measurement, and compliance /: design, implementation, measurement, and compliance. (©2007)
- Main Title:
- Information security : design, implementation, measurement, and compliance
- Further Information:
- Note: Timothy P. Layton.
- Other Names:
- Layton, Timothy P
- Contents:
- EVALUATING AND MEASURING AN INFORMATION SECURITY PROGRAM; ; INFORMATION SECURITY RISK ASSESSMENT MODEL (ISRAM™); . Background; . Linkage; . Risk Assessment Types; . Relationship to Other Models and Standards; . Terminology; . Risk Assessment Relationship; . Information Security Risk Assessment Model (ISRAM); . References; GLOBAL INFORMATION SECURITY ASSESSMENT METHODOLOGY (GISAM™); . GISAM and ISRAM Relationship; . GISAM Design Criteria; . General Assessment Types; . GISAM Components; . References; DEVELOPING AN INFORMATION SECURITY EVALUATION (ISE™) PROCESS; . The Culmination of ISRAM and GISAM; . Business Process; A SECURITY BASELINE; . KRI Security Baseline Controls; . Security Baseline; . Information Security Policy Document; . Management Commitment to Information Security; . Allocation of Information Security Responsibilities; . Independent Review of Information Security; . Identification of Risks Related to External Parties; . Inventory of Assets; . Classification Guidelines; . Screening; . Information Security Awareness, Education, and Training; . Removal of Access Rights; . Physical Security Perimeter; . Protecting Against External and Environmental Threats; . Secure Disposal or Reuse of Equipment; . Documented Operating Procedures; . Change Management; . Segregation of Duties; . System Acceptance; . Controls against Malicious Code; . Management of Removable Media; . Information Handling Procedures; . Physical Media in Transit; . Electronic Commerce; . Access ControlEVALUATING AND MEASURING AN INFORMATION SECURITY PROGRAM; ; INFORMATION SECURITY RISK ASSESSMENT MODEL (ISRAM™); . Background; . Linkage; . Risk Assessment Types; . Relationship to Other Models and Standards; . Terminology; . Risk Assessment Relationship; . Information Security Risk Assessment Model (ISRAM); . References; GLOBAL INFORMATION SECURITY ASSESSMENT METHODOLOGY (GISAM™); . GISAM and ISRAM Relationship; . GISAM Design Criteria; . General Assessment Types; . GISAM Components; . References; DEVELOPING AN INFORMATION SECURITY EVALUATION (ISE™) PROCESS; . The Culmination of ISRAM and GISAM; . Business Process; A SECURITY BASELINE; . KRI Security Baseline Controls; . Security Baseline; . Information Security Policy Document; . Management Commitment to Information Security; . Allocation of Information Security Responsibilities; . Independent Review of Information Security; . Identification of Risks Related to External Parties; . Inventory of Assets; . Classification Guidelines; . Screening; . Information Security Awareness, Education, and Training; . Removal of Access Rights; . Physical Security Perimeter; . Protecting Against External and Environmental Threats; . Secure Disposal or Reuse of Equipment; . Documented Operating Procedures; . Change Management; . Segregation of Duties; . System Acceptance; . Controls against Malicious Code; . Management of Removable Media; . Information Handling Procedures; . Physical Media in Transit; . Electronic Commerce; . Access Control Policy; . User Registration; . Segregation in Networks; . Teleworking; . Security Requirements Analysis and Specification; . Policy on the Use of Cryptographic Controls; . Protection of System Test Data; . Control of Technical Vulnerabilities; . Reporting Information Security Events; . Including Information Security in the Business Continuity Process; . Identification of Applicable Legislation; . Data Protection and Privacy of Personal Information; . Technical Compliance Checking; . References; BACKGROUND OF THE ISO/IEC 17799 STANDARD; . History of the Standard; . Internals of the Standard; . Guidance for Use; . High-Level Objectives; . ISO/IEC Defined; . References; ISO/IEC 17799:2005 GAP ANALYSIS; . Overview; . Guidance for Use; . General Changes; . Security Policy; . Organization of Information Security; . Asset Management; . Human Resources Security; . Physical and Environmental Security; . Communications and Operations Management; . Access Control; . Information Systems Acquisition, Development, and Maintenance; . Information Security Incident Management; . Business Continuity Management; . Compliance; . References; ; ANALYSIS OF ISO/IEC 17799:2005 (27002) CONTROLS; ; SECURITY POLICY; . Information Security Policy; . Summary; . References; ORGANIZATION OF INFORMATION SECURITY; . Internal Organization; . External Parties; . Summary; . References; ASSET MANAGEMENT; . Responsibility for Assets; . Information Classification; . Summary; . References; HUMAN RESOURCES SECURITY; . Prior to Employment; . During Employment; . Termination or Change of Employment; . Summary; . References; PHYSICAL AND ENVIRONMENTAL SECURITY; . Secure Areas; . Equipment Security; . Summary; . References; COMMUNICATIONS AND OPERATIONS MANAGEMENT; . Operational Procedures and Responsibilities; . Third-Party Service Delivery Management; . System Planning and Acceptance; . Protection against Malicious and Mobile Code; . Backup; . Network Security Management; . Media Handling; . Exchange of Information; . Electronic Commerce Services; . Monitoring; . Summary; . References; ACCESS CONTROL; . Business Requirements for Access Control; . User Access Management; . User Responsibilities; . Network Access Control; . Operating System Access Control; . Application and Information Access Control; . Mobile Computing and Teleworking; . Summary; . References; INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT, AND MAINTENANCE; . Security Requirements of Information Systems; . Correct Processing in Applications; . Cryptographic Controls; . Security of System Files; . Security in Development and Support Processes; . Technical Vulnerability Management; . Summary; . References; INFORMATION SECURITY INCIDENT MANAGEMENT; . Reporting Information Security Events and Weaknesses; . Management of Information Security Incidents and Improvements; . Summary; . References; BUSINESS CONTINUITY MANAGEMENT; . Information Security Aspects of Business Continuity Management; . Summary; . References; COMPLIANCE; . Compliance with Legal Requirements; . Compliance with Security Policies and Standards, and Technical Compliance; . Information Systems Audit Considerations; . Summary; . References; APPENDIX A: ISO STANDARDS CITED IN ISO/IEC 17799:2005; APPENDIX B: GENERAL REFERENCES; INDEX … (more)
- Publisher Details:
- Boca Raton : Auerbach Publications
- Publication Date:
- 2007
- Copyright Date:
- 2007
- Extent:
- 1 online resource (222 pages)
- Subjects:
- 658.4/78
Business -- Data processing -- Security measures
Business enterprises -- Computer networks -- Security measures
Data protection
Computer security
Risk assessment
Confidential business information
Protection de l'information (Informatique)
Protection de l'information (Informatique) -- Normes
Sécurité informatique
BUSINESS & ECONOMICS -- Workplace Culture
BUSINESS & ECONOMICS -- Corporate Governance
BUSINESS & ECONOMICS -- Leadership
BUSINESS & ECONOMICS -- Organizational Development
Business -- Data processing -- Security measures
Business enterprises -- Computer networks -- Security measures
Computer security
Confidential business information
Data protection
Risk assessment
Computerbeveiliging
Databescherming
Informatietechnologie
Electronic books - Languages:
- English
- ISBNs:
- 9781420013412
1420013416 - Related ISBNs:
- 0849370876
9780849370878 - Notes:
- Note: Includes bibliographical references (pages 211-212) and index.
Note: Print version record. - Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.163373
- Ingest File:
- 01_013.xml