Information Security Breaches
IT Governance Publishing (Verlag)
978-1-84928-027-3 (ISBN)
- Titel erscheint in neuer Auflage
- Artikel merken
Widen the horizon of your Information Security Knowledge! Although breaches of information security are not a new phenomenon, the methods used to perpetrate such breaches have changed considerably over the years. Leaking information to non-authorised people has always been an issue but, in the computer age, the speed and effectiveness with which breaches of information security can occur, and the amount of harm potentially caused are disturbing. Typically, also, they favour the perpetrator, not the victim. The process outlined This pocket guide outlines a process and its elements for the treatment of severe breaches, and places them in the context of the associated ISO27001 controls. It provides input for decision making and breach classification, and case studies where the reader can check out how other companies were affected and what they did, or did not do, upon becoming the victim of a breach. Intended to serve two purposes...Firstly, this title provides a general discussion of what information security breaches are, how they can be treated, and what ISO27001 offers in that respect, illustrated with details of real-life information security incidents.
It aims to serve as a facilitator to widen the horizon of the reader seeking knowledge, or as an introduction for those who are just starting to think about information security. Secondly, it will form a first line of defence for the reader who is the victim of an incident and is looking for guidance and direction. Here, it will help the reader by identifying, discussing and evaluating treatment options and, through the case studies, it will reduce the tension of the situation readers may find themselves in once a breach occurs. The audience This guide is aimed at CSOs, CISOs, IT Security Managers, CIOs and, last but not least, CEOs. It particularly addresses personnel in non-IT roles, in an effort to make this unwieldy subject more comprehensible to those who, in a worst-case scenario, will be on the receiving end of requests for six- or seven-figure excess budgets to cope with severe incidents.
Michael Krausz studied physics, computer science and law at the University of Technology in Vienna, and at Vienna and Webster universities. In order to combine his two main hobbies, namely investigations and computers, he has, over the last 20 years, become an accomplished professional investigator and IT expert. Since the beginning of his career, he has investigated over a hundred cases of information security breaches, usually connected with varying degrees of white- collar crime. He has delivered over 5,000 hours of professional and academic training, and has provided services in 11 countries to date.
Introduction Chapter 1: What constitutes a breach? Chapter 2: Treatment using ISO27001 Assess the damage Past or future? Initiate an investigation, secure all evidence Evaluate evidence Draft the report Final decision Follow up with tenacity Review How ISO27001 supports the treatment of breaches Chapter 3: Case studies Case study 1 - small company On the importance of assuring availability Case study 2 - small company On data integrity - why you should use Word templates correctly Case study 3 - medium-sized company The missing contracts Case study 4 - large company Data theft - who wants my data? ITG Resources
| Erscheint lt. Verlag | 10.12.2009 |
|---|---|
| Verlagsort | Ely |
| Sprache | englisch |
| Maße | 95 x 165 mm |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Recht / Steuern ► Privatrecht / Bürgerliches Recht ► IT-Recht | |
| ISBN-10 | 1-84928-027-4 / 1849280274 |
| ISBN-13 | 978-1-84928-027-3 / 9781849280273 |
| Zustand | Neuware |
| Haben Sie eine Frage zum Produkt? |
aus dem Bereich
