The Executive MBA in Information Security - Jr. Trinckes  John J.

The Executive MBA in Information Security

Buch | Hardcover
352 Seiten
2009
Crc Press Inc (Verlag)
978-1-4398-1007-1 (ISBN)
159,95 inkl. MwSt
Supplying a complete overview of the concepts executives need to know, this book provides the tools needed to ensure your organization has an effective information security management program in place. It also includes a ready-to use security framework for developing workable programs and supplies proven tips for avoiding common pitfalls.
According to the Brookings Institute, an organization’s information and other intangible assets account for over 80 percent of its market value. As the primary sponsors and implementers of information security programs, it is essential for those in key leadership positions to possess a solid understanding of the constantly evolving fundamental concepts of information security management. Developing this knowledge and keeping it current however, requires the time and energy that busy executives like you simply don’t have.

Supplying a complete overview of key concepts, The Executive MBA in Information Security provides the tools needed to ensure your organization has an effective and up-to-date information security management program in place. This one-stop resource provides a ready-to use security framework you can use to develop workable programs and includes proven tips for avoiding common pitfalls—so you can get it right the first time.

Allowing for quick and easy reference, this time-saving manual provides those in key leadership positions with a lucid understanding of:






The difference between information security and IT security



Corporate governance and how it relates to information security



Steps and processes involved in hiring the right information security staff



The different functional areas related to information security



Roles and responsibilities of the chief information security officer (CISO)

Presenting difficult concepts in a straightforward manner, this concise guide allows you to get up to speed, quickly and easily, on what it takes to develop a rock-solid information security management program that is as flexible as it is secure.

Hampton, Florida, USA

Information Security Management Overview. What is Information Security? Responsibilities. Organization. Functions. Ideal Traits of an Information Security Professional. Certification Requirements. Recruiting. Screening. Interviewing. Reference Checks. Retention. Trust and Loyalty. Why is Information Security Important? Information Security Concepts. Interrelationship between Regulations, Policies, Standards, Procedures, and Guidelines. Regulations. Sarbanes-Oxley Act of 2002. The Gramm-Leach-Bliley Act (GLBA). The Health Insurance Portability and Accountability Act (HIPAA). Federal Financial Institutions Examination Council (FFIEC). Payment Card Industry (PCI) Data Security Standard (DSS). Common Elements of Compliance. Security Controls. Industry Best Practice Guidelines. Information Security for Executives Page 2. Standards. Measurement Techniques. Control Objectives for Information and Related Technology (COBIT). ISO 27002 Overview. Capability Maturity Model (CMM). Generally Accepted Information Security Principles (GAISP). Common Pitfalls to an Effective Information Security Program. Overconfidence. Optimism. Anchoring. The Status Quo Bias. Mental Accounting. The Herding Instinct. False Consensus. Defense in Depth. Risk Management. Step 1 - System Characterization. Step 2 - Threat Identification Human Threats. Environmental Threats. Software/Hardware Threats. Regulatory Threats. Emerging Threats. Threat Source References. Step 3 - Vulnerability Identification and Categorization. Step 4 - Control Analysis. Step 5 - Likelihood Rating. Step 6 - Impact Rating - Pre-mitigation Traceability Matrix Development. Loss of Confidentiality, Integrity, Availability Risk Mitigated, Residual Risk, and Adjusted Impact Rating. Step 7 - Risk Determination Impact Rating - Post Mitigation Effort Matrix. Step 8 – Recommendations. Technical Evaluation Plan (TEP). Methodology Overview. Port Scanning. SNMP Scanning. Enumeration and Banner Grabbing. Wireless Enumeration. Vulnerability Scanning. Information Security for Executives Page 3. Host Evaluation. Network Device Analysis. Password Compliance Testing. Application-Specific Scanning. Network Sniffing. The Role of CVE in the TEP. Executive Summary. Background. Summary.

Erscheint lt. Verlag 15.10.2009
Zusatzinfo 29 Tables, black and white; 25 Illustrations, black and white
Verlagsort Bosa Roca
Sprache englisch
Maße 156 x 234 mm
Gewicht 612 g
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Mathematik / Informatik Informatik Theorie / Studium
Recht / Steuern Privatrecht / Bürgerliches Recht IT-Recht
Wirtschaft Betriebswirtschaft / Management Unternehmensführung / Management
ISBN-10 1-4398-1007-9 / 1439810079
ISBN-13 978-1-4398-1007-1 / 9781439810071
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
34,99
Management der Informationssicherheit und Vorbereitung auf die …

von Michael Brenner; Nils gentschen Felde; Wolfgang Hommel

Buch (2024)
Carl Hanser (Verlag)
69,99

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00