The Executive MBA in Information Security
Crc Press Inc (Verlag)
978-1-4398-1007-1 (ISBN)
According to the Brookings Institute, an organization’s information and other intangible assets account for over 80 percent of its market value. As the primary sponsors and implementers of information security programs, it is essential for those in key leadership positions to possess a solid understanding of the constantly evolving fundamental concepts of information security management. Developing this knowledge and keeping it current however, requires the time and energy that busy executives like you simply don’t have.
Supplying a complete overview of key concepts, The Executive MBA in Information Security provides the tools needed to ensure your organization has an effective and up-to-date information security management program in place. This one-stop resource provides a ready-to use security framework you can use to develop workable programs and includes proven tips for avoiding common pitfalls—so you can get it right the first time.
Allowing for quick and easy reference, this time-saving manual provides those in key leadership positions with a lucid understanding of:
The difference between information security and IT security
Corporate governance and how it relates to information security
Steps and processes involved in hiring the right information security staff
The different functional areas related to information security
Roles and responsibilities of the chief information security officer (CISO)
Presenting difficult concepts in a straightforward manner, this concise guide allows you to get up to speed, quickly and easily, on what it takes to develop a rock-solid information security management program that is as flexible as it is secure.
Hampton, Florida, USA
Information Security Management Overview. What is Information Security? Responsibilities. Organization. Functions. Ideal Traits of an Information Security Professional. Certification Requirements. Recruiting. Screening. Interviewing. Reference Checks. Retention. Trust and Loyalty. Why is Information Security Important? Information Security Concepts. Interrelationship between Regulations, Policies, Standards, Procedures, and Guidelines. Regulations. Sarbanes-Oxley Act of 2002. The Gramm-Leach-Bliley Act (GLBA). The Health Insurance Portability and Accountability Act (HIPAA). Federal Financial Institutions Examination Council (FFIEC). Payment Card Industry (PCI) Data Security Standard (DSS). Common Elements of Compliance. Security Controls. Industry Best Practice Guidelines. Information Security for Executives Page 2. Standards. Measurement Techniques. Control Objectives for Information and Related Technology (COBIT). ISO 27002 Overview. Capability Maturity Model (CMM). Generally Accepted Information Security Principles (GAISP). Common Pitfalls to an Effective Information Security Program. Overconfidence. Optimism. Anchoring. The Status Quo Bias. Mental Accounting. The Herding Instinct. False Consensus. Defense in Depth. Risk Management. Step 1 - System Characterization. Step 2 - Threat Identification Human Threats. Environmental Threats. Software/Hardware Threats. Regulatory Threats. Emerging Threats. Threat Source References. Step 3 - Vulnerability Identification and Categorization. Step 4 - Control Analysis. Step 5 - Likelihood Rating. Step 6 - Impact Rating - Pre-mitigation Traceability Matrix Development. Loss of Confidentiality, Integrity, Availability Risk Mitigated, Residual Risk, and Adjusted Impact Rating. Step 7 - Risk Determination Impact Rating - Post Mitigation Effort Matrix. Step 8 – Recommendations. Technical Evaluation Plan (TEP). Methodology Overview. Port Scanning. SNMP Scanning. Enumeration and Banner Grabbing. Wireless Enumeration. Vulnerability Scanning. Information Security for Executives Page 3. Host Evaluation. Network Device Analysis. Password Compliance Testing. Application-Specific Scanning. Network Sniffing. The Role of CVE in the TEP. Executive Summary. Background. Summary.
| Erscheint lt. Verlag | 15.10.2009 |
|---|---|
| Zusatzinfo | 29 Tables, black and white; 25 Illustrations, black and white |
| Verlagsort | Bosa Roca |
| Sprache | englisch |
| Maße | 156 x 234 mm |
| Gewicht | 612 g |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Mathematik / Informatik ► Informatik ► Theorie / Studium | |
| Recht / Steuern ► Privatrecht / Bürgerliches Recht ► IT-Recht | |
| Wirtschaft ► Betriebswirtschaft / Management ► Unternehmensführung / Management | |
| ISBN-10 | 1-4398-1007-9 / 1439810079 |
| ISBN-13 | 978-1-4398-1007-1 / 9781439810071 |
| Zustand | Neuware |
| Haben Sie eine Frage zum Produkt? |
aus dem Bereich
