Information security cost management. (©2007)
- Record Type:
- Book
- Title:
- Information security cost management. (©2007)
- Main Title:
- Information security cost management
- Further Information:
- Note: Ioana V. Bazavan, Ian Lim.
- Other Names:
- Bazavan, Ioana V
Lim, Ian - Contents:
- SECTION 1: SECURITY STRATEGY-THINKING PRACTICALLY; Goals and Filters; You Cannot Secure Everything. What Is Information Security? The Three Pragmatic Filters. Filter One: Focus on High-Risk Areas. Eye on the Ball. References; Building Your Strategy; Creating a Risk-Based Security Strategy. Creating and Showing Value; High-Impact Initiatives. Taking the Next Steps. Reference; SECTION 2: SECURITY ORGANIZATION DESIGN-; COST-EFFECTIVE STAFFING; The Right People for the Right Jobs; Introduction. The Essentials of a Security Organization. Security Functions. Security Roles. Start at the Top-CISO. Supporting the CISO-Security Management. Technical Heavyweights-Security Architect and Security Engineers. Process Excellence-Security Analysts and Security Specialists. Operational Maturity-the Key to Successful Security. Looking at the Bigger Picture-Positioning; Information Security. What about Physical Security?; Sourcing Solutions; Reducing Costs for Routine Tasks. Insourcing versus Outsourcing. Onshoring versus Offshoring. Common Considerations; SECTION 3: SECURITY MANAGEMENT-EFFECTIVELY ENFORCING YOUR STRATEGY; Policies, Standards, and Procedures; Introduction. Terminology Primer. Organizational Tips. Managing Exceptions. A Question of Authority; Training and Awareness; Introduction. Determine Your Key Messages and Target Audiences. Create an Awareness Road Map. Keep it Creative, Simple, and Loud; Maximize Channels of Communication. Use Positive Reinforcement; Be Opportunistic.SECTION 1: SECURITY STRATEGY-THINKING PRACTICALLY; Goals and Filters; You Cannot Secure Everything. What Is Information Security? The Three Pragmatic Filters. Filter One: Focus on High-Risk Areas. Eye on the Ball. References; Building Your Strategy; Creating a Risk-Based Security Strategy. Creating and Showing Value; High-Impact Initiatives. Taking the Next Steps. Reference; SECTION 2: SECURITY ORGANIZATION DESIGN-; COST-EFFECTIVE STAFFING; The Right People for the Right Jobs; Introduction. The Essentials of a Security Organization. Security Functions. Security Roles. Start at the Top-CISO. Supporting the CISO-Security Management. Technical Heavyweights-Security Architect and Security Engineers. Process Excellence-Security Analysts and Security Specialists. Operational Maturity-the Key to Successful Security. Looking at the Bigger Picture-Positioning; Information Security. What about Physical Security?; Sourcing Solutions; Reducing Costs for Routine Tasks. Insourcing versus Outsourcing. Onshoring versus Offshoring. Common Considerations; SECTION 3: SECURITY MANAGEMENT-EFFECTIVELY ENFORCING YOUR STRATEGY; Policies, Standards, and Procedures; Introduction. Terminology Primer. Organizational Tips. Managing Exceptions. A Question of Authority; Training and Awareness; Introduction. Determine Your Key Messages and Target Audiences. Create an Awareness Road Map. Keep it Creative, Simple, and Loud; Maximize Channels of Communication. Use Positive Reinforcement; Be Opportunistic. Make Awareness Everyone's Responsibility; Cost-Effective Audit Management; Introduction. Step 1-Set Expectations. Step 2-Prepare Your Workspace. Step 3-Document, Document, Document. Winning "Comfort" Points; Reporting Your Value; Introduction. How to Make Reports Relevant. How to Make Reports Consistent. How to Make Reports Comprehensible; SECTION 4: SECURITY TECHNOLOGIES-ESTABLISHING A SOUND FOUNDATION; Risk Assessment; Introduction: The Truth about Risk Assessments. Strategy for Conducting Annual Internal. Risk Assessments. Tactical Perspective for Security Assessment. Remediation Strategy; Security Design Review; Introduction. The Analysis Phase. The Requirements Phase. Define Information Protection Requirements. The Design Phase. The Build and Test Phases. The Deployment Phase. The Postproduction Phase; Exploit Protection; What Is Exploit Protection? Security Incidents and the Business. Loss of Information Assets. Disruptions to the Business. Anatomy of Security Threats. Outsider Threat. Insider Threats. Automated Attacks. Cost Management and Exploit ProtectionExploit Protection and Security Operations. References; SECTION 5: SECURITY OPERATIONS-MAINTAINING; SECURITY EFFICIENTLY; Identity and Access Management; Introduction. The Big Picture. Key Control Points. Implementation Problems and Pitfalls. Making User Management Operational in its Current State. Getting Off to the Right Start-Approvals. Keeping it Clean-Terminations. Managing the User's Life Cycle-Transfers. Mitigating Control-User Recertification. Monitor Solutions. What about Nonuser Accounts? Summary; Cost-Effective Incident Response; Introduction. The Price of Not Planning. Start with Objectives. Assembling the CSIRT. The Big Picture. The Frontline. Initial Response Team (IRT)-the Primary Experts. Executive Incident Team (EIT)-the Decision Makers. Responders-the Recovery Experts. Investigators-the Root Cause Analysts. Postmortem of an Incident. Recap of the Incident Response Process. … (more)
- Publisher Details:
- Boca Raton, Fla : Auerbach
- Publication Date:
- 2007
- Copyright Date:
- 2007
- Extent:
- 1 online resource (xix, 255 pages), illustrations
- Subjects:
- 005.8068
Computer security -- Management
Computer security -- Economic aspects
Computer security -- Costs
COMPUTERS -- Internet -- Security
COMPUTERS -- Networking -- Security
COMPUTERS -- Security -- General
Risicoanalyse
Bedrijfsleiding
Strategische planning
Controlesystemen
Electronic books
Electronic book collection - Languages:
- English
- ISBNs:
- 0849392756
9780849392757
9781420013832
1420013831 - Notes:
- Note: Includes bibliographical references and index.
- Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.167357
- Ingest File:
- 01_014.xml