Management of Information Security

Michael Whitman, Ph.D., CISM, CISSP is a Professor of Information Systems and Security in the CSIS Department at Kennesaw State University, where he is also Director of the KSU Center for Information Security Education and the coordinator for the Bachelor of Science in Information Security and Assurance. Dr. Whitman is an active researcher in Information Security and Ethical Computing. He is the recipient of the 2012 Colloquium for Information Systems Security Education Award for Educator Leadership. Dr. Whitman currently teaches graduate and undergraduate courses in Information Security and Data Communications. He has published articles in the industry's top journals and co-authors a number of books in the field, published by Course Technology. Herbert Mattord, M.B.A., CISM, CISSP completed 24 years of IT industry experience before joining the faculty at Kennesaw State University in 2002. He was the Manager of Corporate Information Technology Security at Georgia-Pacific Corporation, where much of the practical knowledge found in this textbook was acquired. He is currently on the Faculty at Kennesaw State University where he teaches undergraduate courses in Information Security, Data Communications, and Local Area Networks, and he is the co-author of several books published by Course Technology and an active researcher in information security management topics.

1. Introduction to Management of Information Security. 2. Planning for Security. 3. Planning for Contingencies. 4. Information Security Policy. 5. Developing the Security Program. 6. Security Management Models. 7. Security Management Practices. 8. Risk Management: Identifying and Assessing Risk. 9. Risk Management: Controlling Risk. 10. Protection Mechanisms. 11. Personnel and Security. 12. Law and Ethics. Appendix A. NIST SP 800-26, Security Self-Assessment Guide for Information. Technology Systems and ISO 27002 Questionnaire. Appendix B. Risk Management Models.