A Practical Guide to Security Assessments - Sudhanshu Kairab

A Practical Guide to Security Assessments

Buch | Hardcover
514 Seiten
2004
Auerbach (Verlag)
978-0-8493-1706-4 (ISBN)
149,60 inkl. MwSt
Taking a process-focused approach, this book presents a methodology, an understanding of business goals and processes and how security measures are aligned with business risks, for conducting assessments. It emphasizes that resulting security recommendations should be cost-effective and commensurate with the security risk.
The modern dependence upon information technology and the corresponding information security regulations and requirements force companies to evaluate the security of their core business processes, mission critical data, and supporting IT environment. Combine this with a slowdown in IT spending resulting in justifications of every purchase, and security professionals are forced to scramble to find comprehensive and effective ways to assess their environment in order to discover and prioritize vulnerabilities, and to develop cost-effective solutions that show benefit to the business.

A Practical Guide to Security Assessments is a process-focused approach that presents a structured methodology for conducting assessments. The key element of the methodology is an understanding of business goals and processes, and how security measures are aligned with business risks. The guide also emphasizes that resulting security recommendations should be cost-effective and commensurate with the security risk. The methodology described serves as a foundation for building and maintaining an information security program.

In addition to the methodology, the book includes an Appendix that contains questionnaires that can be modified and used to conduct security assessments.

This guide is for security professionals who can immediately apply the methodology on the job, and also benefits management who can use the methodology to better understand information security and identify areas for improvement.

Kairab, Sudhanshu

Introduction. Evolution of information security. Information security program and how security assessments fit in. Planning. Initial Information gathering. Business process evaluation. Technology evaluation. Risk analysis and final presentation. Information security standards. Information security legislation. Appendix-Security questionnaires/checklists.

Erscheint lt. Verlag 29.9.2004
Zusatzinfo 6 Tables, black and white; 36 Illustrations, black and white
Verlagsort London
Sprache englisch
Maße 156 x 234 mm
Gewicht 1120 g
Themenwelt Informatik Theorie / Studium Kryptologie
Mathematik / Informatik Mathematik Finanz- / Wirtschaftsmathematik
ISBN-10 0-8493-1706-1 / 0849317061
ISBN-13 978-0-8493-1706-4 / 9780849317064
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich