Linked e-resources
Details
Table of Contents
At a Glance; Contents; About the Author; About the Technical Reviewers; Acknowledgments; Introduction; Chapter 1: Evolution of a Profession; What's in a Name?; The Language of Security; CIA; Confidentiality; Integrity; Availability; Non-Repudiation; Threats and Vulnerabilities; Risk and Consequence; Glossary of Useful Terms; Chapter 2: Threats and Vulnerabilities; Threats; Hiding in Plain Sight; How Does Tor Work?; The Deep Web; Malware as a Service; Criminal Motivations and Capabilities; Physical Threats; Vulnerabilities; Technical Vulnerabilities; Non-Technical Vulnerabilities
Physical VulnerabilitiesProcess Vulnerabilities; People Vulnerabilities; People Can Be Compromised; Chapter 3: The Information Security Manager; Information Security Job Roles; Training, Experience, and Professionalism; Career Planning with Professional and Academic Certifications; Getting Started in Security Management; The Information Security Manager's Responsibilities; The Information Security Management System; Chapter 4: Organizational Security; Security in Organizational Structures; Where Does Security Fit?; License to Operate: Get Your Guys Certified
Encourage a Culture of Security AwarenessWorking with Specialist Groups; Working with Standards and Regulations; Working with Risk Management; Risk Identification; Risk Analysis; Qualitative Assessments; Quantitative Analysis; Risk Treatment; Risk Monitoring; Business Continuity Management and Disaster Planning; Working with Enterprise Architecture; Working with Facilities Management; Conclusion; Chapter 5: Information Security Implementation; Integration with Risk Management; The Language of Risk; Use Existing Frameworks; Secure Development; Security Architecture Awareness
Security RequirementsOrganizational Interfaces; Post Implementation; Conclusion; Chapter 6: Standards, Frameworks, Guidelines, and Legislation; Why Do We Need Standards?; Legislation; Privacy; US-EU Safe Harbor and Privacy Shield; Employer and Employee Rights; Computer Fraud and Abuse Laws; US Computer Fraud and Abuse Act; UK Computer Misuse Act; Australia's Cybercrime Act; Records Retention; Intellectual Property and Copyright; The ISO/IEC 27000 Series of Standards; ISO/IEC 27001; Getting Certified; ISO/IEC 27002; ISO/IEC 27035; List of Published ISO/IEC 27000 Standards; Business Continuity
Risk Management StandardsCOBIT; Payment Card Industry Data Security Standard; Health Insurance Portability and Accountability Act; Conclusion; Chapter 7: Protection of Information; Information Classification; Business Impact Levels; Implementing Information Classification; Information Classification or Systems Classification?; Tactical Implementation; Strategic Implementation; Identification, Authentication, and Authorization; Access Control Models; System Privileges; Separation of Duties; Delegation of Privileges; Chapter 8: Protection of People; Human Vulnerabilities; Social Engineering
Physical VulnerabilitiesProcess Vulnerabilities; People Vulnerabilities; People Can Be Compromised; Chapter 3: The Information Security Manager; Information Security Job Roles; Training, Experience, and Professionalism; Career Planning with Professional and Academic Certifications; Getting Started in Security Management; The Information Security Manager's Responsibilities; The Information Security Management System; Chapter 4: Organizational Security; Security in Organizational Structures; Where Does Security Fit?; License to Operate: Get Your Guys Certified
Encourage a Culture of Security AwarenessWorking with Specialist Groups; Working with Standards and Regulations; Working with Risk Management; Risk Identification; Risk Analysis; Qualitative Assessments; Quantitative Analysis; Risk Treatment; Risk Monitoring; Business Continuity Management and Disaster Planning; Working with Enterprise Architecture; Working with Facilities Management; Conclusion; Chapter 5: Information Security Implementation; Integration with Risk Management; The Language of Risk; Use Existing Frameworks; Secure Development; Security Architecture Awareness
Security RequirementsOrganizational Interfaces; Post Implementation; Conclusion; Chapter 6: Standards, Frameworks, Guidelines, and Legislation; Why Do We Need Standards?; Legislation; Privacy; US-EU Safe Harbor and Privacy Shield; Employer and Employee Rights; Computer Fraud and Abuse Laws; US Computer Fraud and Abuse Act; UK Computer Misuse Act; Australia's Cybercrime Act; Records Retention; Intellectual Property and Copyright; The ISO/IEC 27000 Series of Standards; ISO/IEC 27001; Getting Certified; ISO/IEC 27002; ISO/IEC 27035; List of Published ISO/IEC 27000 Standards; Business Continuity
Risk Management StandardsCOBIT; Payment Card Industry Data Security Standard; Health Insurance Portability and Accountability Act; Conclusion; Chapter 7: Protection of Information; Information Classification; Business Impact Levels; Implementing Information Classification; Information Classification or Systems Classification?; Tactical Implementation; Strategic Implementation; Identification, Authentication, and Authorization; Access Control Models; System Privileges; Separation of Duties; Delegation of Privileges; Chapter 8: Protection of People; Human Vulnerabilities; Social Engineering