Information Security Fundamentals (2nd Ed.)
Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise?s effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and responsibilities, and common threats. It discusses the legal requirements that impact security policies, including Sarbanes-Oxley, HIPAA, and the Gramm-Leach-Bliley Act. Detailing physical security requirements and controls, this updated edition offers a sample physical security policy and includes a complete list of tasks and objectives that make up an effective information protection program.
Includes ten new chapters
Broadens its coverage of regulations to include FISMA, PCI compliance, and foreign requirements
Expands its coverage of compliance and governance issues
Adds discussions of ISO 27001, ITIL, COSO, COBIT, and other frameworks
Presents new information on mobile security issues
Reorganizes the contents around ISO 27002
The book discusses organization-wide policies, their documentation, and legal and business requirements. It explains policy format with a focus on global, topic-specific, and application-specific policies. Following a review of asset classification, it explores access control, the components of physical security, and the foundations and processes of risk analysis and risk management.The text concludes by describing business continuity planning, preventive controls, recovery strategies, and how to conduct a business impact analysis. Each chapter in the book h
Date de parution : 11-2013
15.6x23.4 cm
Date de parution : 06-2017
15.6x23.4 cm
Thèmes d’Information Security Fundamentals :
Mots-clés :
Information Security; Sensitive Information; Business Process; risk management; Information Security Policy; policy development; FISMA; cryptography; Information Assets; Information Security Function; Information Security Program; Information Classification Policy; Columnar Transposition; Intrusion Detection System; IR Team; Pre-FRAAP Meeting; Records Management Policy; Incident Declaration; Public Key Encryption; Information Security Coordination; Packet Filter Firewall; FEMA; Physical Access Controls; Federal Information Processing Standards; Information Security Responsibilities; Ceo’s Office; Substitution Ciphers; Atm Card