Strategic information security. (©2004)
- Record Type:
- Book
- Title:
- Strategic information security. (©2004)
- Main Title:
- Strategic information security
- Further Information:
- Note: John Wylder.
- Other Names:
- Wylder, John
- Contents:
- Introduction to Strategic Information Security; What Does It Mean to Be Strategic?; Information Security Defined; The Security Professional's View of Information Security; The Business View of Information Security; Changes Affecting Business and Risk Management; Strategic Security; Strategic Security or Security Strategy?; Monitoring and Measurement; Moving Forward; ; ORGANIZATIONAL ISSUES; The Life Cycles of Security Managers; Introduction; The Information Security Manager's Responsibilities; The Evolution of Data Security to Information Security; The Repository Concept; Changing Job Requirements; Business Life Cycles and the Evolution of an Information; Security Program; The Introductory Phase; The Early Growth Phase; The Rapid Growth Phase; The Maturity Phase; Skill Changes over Time; Conclusion; ; Chief Security Officer or Chief Information Security Officer; Introduction; Organizational Issues ; Justifying the Importance and Role of Security in Business; Risk Management Issues Affecting Organizational Models; Chief Information Security Officer (CISO) Role Defined; The Chief Security Officer (CSO) Role Defined; Organizational Models and Issues; Organization Structure and Reporting Models; Choosing the Right Organization Model; ; RISK MANAGEMENT TOPICS; Information Security and Risk Management; Introduction; The Information Technology View of Threats, Vulnerabilities; and Risks; Business View of Threats, Vulnerabilities, and Risks; The Economists' Approach to UnderstandingIntroduction to Strategic Information Security; What Does It Mean to Be Strategic?; Information Security Defined; The Security Professional's View of Information Security; The Business View of Information Security; Changes Affecting Business and Risk Management; Strategic Security; Strategic Security or Security Strategy?; Monitoring and Measurement; Moving Forward; ; ORGANIZATIONAL ISSUES; The Life Cycles of Security Managers; Introduction; The Information Security Manager's Responsibilities; The Evolution of Data Security to Information Security; The Repository Concept; Changing Job Requirements; Business Life Cycles and the Evolution of an Information; Security Program; The Introductory Phase; The Early Growth Phase; The Rapid Growth Phase; The Maturity Phase; Skill Changes over Time; Conclusion; ; Chief Security Officer or Chief Information Security Officer; Introduction; Organizational Issues ; Justifying the Importance and Role of Security in Business; Risk Management Issues Affecting Organizational Models; Chief Information Security Officer (CISO) Role Defined; The Chief Security Officer (CSO) Role Defined; Organizational Models and Issues; Organization Structure and Reporting Models; Choosing the Right Organization Model; ; RISK MANAGEMENT TOPICS; Information Security and Risk Management; Introduction; The Information Technology View of Threats, Vulnerabilities; and Risks; Business View of Threats, Vulnerabilities, and Risks; The Economists' Approach to Understanding Risk; Total Risk; Technology Risk; Information Risk; Information Risk Formula; Protection Mechanisms and Risk Reduction; Matching Protection Mechanisms to Risks; The Risk Protection Matrix; Conclusion; ; Establishing Information Ownership; Establishing Information Ownership; Centralized Information Security; Local Administrators vs. Information Owners; Transferring Ownership; Operations Orientation of Information Ownership; Information Ownership in Larger Organizations; Information as an Asset; Decentralized vs. Centralized Information Security Controls; Ownership and Information Flow; Information Ownership Hierarchy; Functional Owners of Information; Income Statement Information Owners; Information Value; Statement of Condition Information Owners; Conclusion; ; The Network as the Enterprise Database; Introduction; A Historical View of Data and Data Management; Management Information Systems (MIS); Executive Information Systems (EIS); The Evolving Network; The Network as the Database; Conclusion; ; Risk Reduction Strategies; Introduction; Information Technology Risks; Evaluating the Alternatives; ; Improving Security from the Bottom Up: Moving Toward; a New Way of Enforcing Security Policy; Encouraging Personal Accountability for Corporate Information; Security Policy; Background; The Problem; The Role of the Chief Information Security Officer (CISO) in; Improving Security; Centralized Management vs. Decentralized Management; Security Policy and Enforcement Alternatives; Policy Compliance and the Human Resources Department; Personal Accountability; Conclusion; ; Authentication Models and Strategies; Introduction to Authentication; Authentication Defined; Authentication Choices; Public Key Infrastructure; Administration and Authentication: Management Issues; Identity Theft; Risks and Threats Associated with Authentication Schemes; Other Strategic Issues Regarding Authentication Systems; Conclusion; ; INFORMATION SECURITY PRINCIPLES AND; PRACTICES; Single Sign-On Security; Overview; The Authentication Dilemma; The Many Definitions of Single Sign-On; Risks Associated with Single Sign-On; Single Sign-On Alternative: A More In-Depth Review; User Provisioning; Authentication and Single Sign-On; ; Crisis Management: A Strategic Viewpoint; Introduction; Crisis Defined; Benefits from a Formal Crisis Management Process; Escalation and Notification; Organizational Issues and Structures for Dealing with Crisis; Management; Strategies for Managing through a Crisis; Creating a Formalized Response for Crisis Management; Conclusion; ; Business Continuity Planning; Introduction; Types of Outages and Disasters Outages; Planning for a Disaster; Roles and Responsibilities; Plan Alternatives and Decision Criteria; Risk Mitigation vs. Risk Elimination; Preparation: Writing the Plan; Testing and Auditing the Plan; Issues for Executive Management; Conclusion; ; Security Monitoring: Advanced Security Management; Introduction; Monitoring vs. Auditing; Activity Monitoring and Audit Trails; How Security Information Management Systems Work; Other Security Information Monitoring Sources; Privacy and Security Monitoring; Reactions to Security Monitoring Information; Problems with Security Monitoring; Senior Management Issues and Security Monitoring; ; Auditing and Testing a Strategic Control Process; Introduction: The Role of Auditing and Testing; Auditing and Security Management; Security Audits; Information Protection; Audit Logs and Audit Trails; Security Testing and Analysis; Application Controls and Strategic Security Goals; Reporting of Security Problems and the Role of the Auditor; Auditing, Testing, and Strategic Security; ; Outsourcing Security: Strategic Management Issues; Information Security Operations and Security Management; Management Issues Regarding the Outsourcing Decision; Outsourced Security Alternatives; Return on Investment (ROI) with Outsourced Services; Contract Issues for Security Outsourcing; Integration of Outsourcing with Internal Operational; Functions; Risks Associated with Outsourcing Security Functions; Business Continuity Planning and Security Outsourcing; Strategic Management Issues with Outsourced Security; ; Final Thoughts on Strategic Security; Executive Management and Security Management; The Future of Information Security and the Challenges Ahead; ; Appendix Helpful Internet Resources; … (more)
- Publisher Details:
- Boca Raton, Fl : Auerbach Publications
- Publication Date:
- 2004
- Copyright Date:
- 2004
- Extent:
- 1 online resource (xii, 228 pages)
- Subjects:
- 005.8
Computer networks -- Security measures
COMPUTERS -- Internet -- Security
COMPUTERS -- Networking -- Security
COMPUTERS -- Security -- General
Computer networks -- Security measures
Electronic books - Languages:
- English
- ISBNs:
- 0203497082
9780203497081
9780849320415
0849320410 - Related ISBNs:
- 0849320410
- Notes:
- Note: Includes bibliographical references and index.
- Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.167689
- Ingest File:
- 01_089.xml