Read more
Zusatztext ? a comprehensive overview of security topics related to the management and development of secure systems. This rich collection of literature reviews matches every stage of security management! implementation! and deployment. ? The extensive breakdown of risk analysis and threat assessment will be of particular interest to practitioners with background in this area? one of the most comprehensive works to date on the topic! and includes lengthy examples of how to determine and manage the risks associated with a new development project. The book describes most! if not all! security paradigms that are in practice today in terms of analyzing the goals of a project and establishing priorities. ? a valuable resource for anyone conducting research in the field of information security as well as for experienced managers seeking to concentrate on security in future endeavors. Summing Up: Highly recommended.- T.D. Richardson! South University! in CHOICE! November 2010! Vol. 48 No. 03 Informationen zum Autor Bel G. Raggad Klappentext An authoritative and practical classroom resource, Information Security Management: Concepts and Practice provides a general overview of security auditing before examining the various elements of the information security life cycle. It explains the ISO 17799 standard and walks readers through the steps for conducting a nominal security audit that conforms to the standard. The text also provides detailed guidance for conducting an in-depth technical security audit leading to certification against the 27001 standard. Topics addressed include cyber security, security risk assessments, privacy rights, HIPAA, SOX, intrusion detection systems, security testing activities, cyber terrorism, and vulnerability assessments. Zusammenfassung Information security cannot be effectively managed unless secure methods and standards are integrated into all phases of the information security life cycle. This title provides an overview of security auditing and examines the various elements of the information security life cycle. Inhaltsverzeichnis INTRODUCTION. Introduction to Information Security Management. Introduction to Management Concepts. The Information Security Life Cycle. SECURITY PLAN. Security Plan. Security Policy. Business Continuity Planning. SECURITY ANALYSIS. Security Risk Management. Continual Security: Integrated Fault-Event Analysis and Response Framework (IFEAR). Active Security Assessment. System Availability. SECURITY DESIGN. Nominal Security Enhancement Design Based on ISO/IEC 27002. Technical Security Enhancement Based on ISO/IEC 27001. SECURITY IMPLEMENTATION. Security Solutions. The Common Criteria. SECURITY REVIEW. Security Review through Security Audit. Privacy Rights, Information Technology, and HIPAA. CONTINUAL SECURITY. The Sarbanes–Oxley Act and IT Compliance. Cyberterrorism and Homeland Security. INDEX. ...
