Muutke küpsiste eelistusi

E-raamat: Practical Information Security Management: A Complete Guide to Planning and Implementation

2.50/5 (4 hinnangut Goodreads-ist)
  • Formaat: PDF+DRM
  • Ilmumisaeg: 29-Nov-2016
  • Kirjastus: APress
  • Keel: eng
  • ISBN-13: 9781484216859
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 80,26 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Practical Information Security Management: A Complete Guide to Planning and ImplementationSuurem pilt
  • Formaat: PDF+DRM
  • Ilmumisaeg: 29-Nov-2016
  • Kirjastus: APress
  • Keel: eng
  • ISBN-13: 9781484216859
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Create appropriate, security-focused business propositions that consider the balance between cost, risk, and usability, while starting your journey to become an information security manager. Covering a wealth of information that explains exactly how the industry works today, this book focuses on how you can set up an effective information security practice, hire the right people, and strike the best balance between security controls, costs, and risks.

Practical Information Security Management provides a wealth of practical advice for anyone responsible for information security management in the workplace, focusing on the ‘how’ rather than the ‘what’. Together we’ll cut through the policies, regulations, and standards to expose the real inner workings of what makes a security management program effective, covering the full gamut of subject matter pertaining to security management: organizational structures, security architectures, technical controls, governance frameworks, and operational security.

This book was not written to help you pass your CISSP, CISM, or CISMP or become a PCI-DSS auditor. It won’t help you build an ISO 27001 or COBIT-compliant security management system, and it won’t help you become an ethical hacker or digital forensics investigator – there are many excellent books on the market that cover these subjects in detail. Instead, this is a practical book that offers years of real-world experience in helping you focus on the getting the job done.

 

What You Will Learn

  • Learn the practical aspects of being an effective information security manager

  • Strike the right balance between cost and risk

  • Take security policies and standards and make them work in reality

  • Leverage complex security functions, such as Digital Forensics, Incident Response and Security Architecture

Who This Book is For
This is a book for anyone who wants to make a difference in offering effective security management for their business. You might already be a security manager seeking insight into areas of the job that you’ve not looked at before, or you might be a techie or risk guy wanting to switch into this challenging new career. Whatever your career goals are, Practical Security Management has something to offer you.


Arvustused

The security professional author provides in about 235 pages a clear and concise textbook-style introduction to the field of information security management. students and other professionals will find basic information, in one location, in an easily read format. This work provides an excellent starting point for anyone wanting a rapid comprehensive overview of information security management. (Computing Reviews, June, 2017)

About the Author xv
About the Technical Reviewers xvii
Acknowledgments xix
Introduction xxi
Chapter 1 Evolution of a Profession
1(14)
What's in a Name?
3(2)
The Language of Security
5(1)
CIA
5(4)
Non-Repudiation
9(1)
Threats and Vulnerabilities
9(1)
Risk and Consequence
10(2)
Glossary of Useful Terms
12(3)
Chapter 2 Threats and Vulnerabilities
15(16)
Threats
16(1)
Hiding in Plain Sight
17(4)
Malware as a Service
21(3)
Physical Threats
24(1)
Vulnerabilities
25(1)
Technical Vulnerabilities
26(1)
Non-Technical Vulnerabilities
27(4)
Chapter 3 The Information Security Manager
31(12)
Information Security Job Roles
32(2)
Training, Experience, and Professionalism
34(1)
Career Planning with Professional and Academic Certifications
35(5)
Getting Started in Security Management
40(1)
The Information Security Manager's Responsibilities
40(2)
The Information Security Management System
42(1)
Chapter 4 Organizational Security
43(20)
Security in Organizational Structures
43(1)
Where Does Security Fit?
43(3)
License to Operate: Get Your Guys Certified
46(1)
Encourage a Culture of Security Awareness
47(3)
Working with Specialist Groups
50(1)
Working with Standards and Regulations
50(2)
Working with Risk Management
52(1)
Risk Identification
53(1)
Risk Analysis
54(2)
Risk Treatment
56(2)
Risk Monitoring
58(1)
Business Continuity Management and Disaster Planning
58(1)
Working with Enterprise Architecture
59(3)
Working with Facilities Management
62(1)
Conclusion
62(1)
Chapter 5 Information Security Implementation
63(8)
Integration with Risk Management
64(1)
The Language of Risk
64(1)
Use Existing Frameworks
65(1)
Secure Development
66(1)
Security Architecture Awareness
67(1)
Security Requirements
68(1)
Organizational Interfaces
69(1)
Post Implementation
70(1)
Conclusion
70(1)
Chapter 6 Standards, Frameworks, Guidelines, and Legislation
71(24)
Why Do We Need Standards?
72(1)
Legislation
73(2)
Privacy
75(1)
US-EU Safe Harbor and Privacy Shield
76(1)
Employer and Employee Rights
76(1)
Computer Fraud and Abuse Laws
77(2)
Records Retention
79(1)
Intellectual Property and Copyright
79(1)
The ISO/IEC 27000 Series of Standards
80(1)
ISO/IEC 27001
80(2)
ISO/IEC 27002
82(2)
ISO/IEC 27035
84(1)
List of Published ISO/IEC 27000 Standards
85(1)
Business Continuity
86(1)
Risk Management Standards
87(3)
COBIT
90(1)
Payment Card Industry Data Security Standard
91(1)
Health Insurance Portability and Accountability Act
92(1)
Conclusion
93(2)
Chapter 7 Protection of Information
95(18)
Information Classification
95(3)
Business Impact Levels
98(2)
Implementing Information Classification
100(3)
Strategic Implementation
103(1)
Identification, Authentication, and Authorization
104(1)
Access Control Models
104(4)
System Privileges
108(1)
Separation of Duties
109(1)
Delegation of Privileges
110(3)
Chapter 8 Protection of People
113(18)
Human Vulnerabilities
113(2)
Social Engineering
115(3)
Building a Security Culture
118(1)
Negligent Staff
119(3)
Shoulder Surfing and Eavesdropping
122(1)
Codes of Conduct
122(1)
Acceptable Use Policies
122(1)
Employment Contracts
123(1)
Personnel Security Life Cycle
124(2)
Recruitment
126(1)
Selection
126(2)
Performance and Succession
128(1)
Transition
129(1)
Conclusion
129(2)
Chapter 9 Protection of Premises
131(24)
What Is Physical Security?
131(1)
Physical Security in ISO/IEC 27001:2013
132(1)
Start with a Risk Assessment
133(1)
Threats and Vulnerabilities
134(4)
Complete the Risk Assessment
138(1)
Perimeter Design
139(2)
Barriers, Walls, and Fences
141(1)
Mailrooms and Loading Bays
142(2)
Security Guards and Dogs
144(1)
Crime Prevention through Environmental Design (CPTED)
144(1)
CCTV
145(1)
Lighting
146(1)
Administrative Security Controls
147(1)
Internal Building Security
147(1)
Reception Areas
147(1)
Access Control and Identity Management
148(1)
Intrusion Detection Systems
148(1)
Alarms and Sensors
149(1)
Clear Desk, Clear Screen
150(1)
Clear Desk Policy
151(1)
Security of Equipment
151(1)
Security Considerations when Relocating
152(1)
Conclusion
153(2)
Chapter 10 Protection of Systems
155(24)
Introducing Malware
155(1)
What Is Malware?
156(1)
Classifying Malware
156(7)
Active Content Attacks
163(1)
Content Injection Attacks
164(1)
Threat Vectors
164(1)
Technical Countermeasures
165(4)
Network Security
169(1)
What Are Firewalls?
170(1)
The Demilitarized Zone (DMZ)
171(1)
Network Encryption
172(3)
Wireless Networks
175(1)
Governance Over Network Management
176(3)
Chapter 11 Digital Evidence and Incident Response
179(14)
The Digital Forensic Process
180(1)
Forensic Acquisition
180(1)
Investigation and Analysis
181(1)
Reporting and Expert Witness Testimony
182(1)
ACPO Principles
182(2)
Forensic Readiness
184(1)
Planning
185(1)
Incident Response and Digital Investigations
186(1)
Preparation
186(2)
Detection and Analysis
188(1)
Containment and Recovery
189(1)
Post-Incident Activities
189(1)
Investigating a Malware Outbreak
190(1)
Getting Started
190(1)
Handling Malware
190(1)
Sandboxes
191(1)
Indicators of Compromise
191(1)
Reporting
191(2)
Chapter 12 Cloud Computing Security
193(12)
Cloud Computing 101
193(2)
Cloud Security
195(1)
ISO/IEC 27017:2015
196(1)
Cloud Security Challenges
196(2)
Cloud Security Architectures
198(2)
API Security: An Old Threat with New Targets
200(1)
Virtualization
201(1)
Application Virtualization
202(1)
Virtual Desktop Infrastructure
202(1)
References and More Reading
203(1)
The Cloud Security Alliance
203(1)
Amazon Web Services
203(1)
ISO/IEC 27017:2015
203(1)
NIST
204(1)
Australian Signals Directorate
204(1)
Chapter 13 Industrial Control Systems
205(8)
What Is an ICS?
205(1)
What's Changed in Regards to ICS Risks?
206(1)
ICS Architectures
207(2)
ICS Security
209(1)
Best Practices
210(3)
Chapter 14 Secure Systems Development
213(16)
Secure Development
214(1)
Microsoft Security Development Life Cycle
214(1)
Security Requirements Specification
215(2)
System and Product Assessment
217(1)
Secure Development Business Processes
218(1)
Change Control
218(1)
Acceptance Processes
218(1)
Managing Multiple Environments
219(1)
Working with Outsourcers
220(1)
Finding Covert Channels and Embedded Malware
221(1)
Security Patching Considerations
221(1)
Security Testing
222(1)
Testing Strategies
222(1)
Vulnerability and Penetration Testing
223(2)
Verification
225(1)
Auditing
225(1)
Log Analysis
226(1)
Intrusion Detection and Prevention
227(2)
Index 229
Tony Campbell has been in the IT industry for over 25 years with the majority of his career providing consultancy services to the UK government in security architecture and security management. Prior to moving to Perth in 2013, Tony was Chief Security Architect on a large UK Ministry of Defence programme and managed a team of enterprise security architects. Since moving to Australia, he has provided strategic security consultancy to a variety of local government agencies and authored ISO27001 security manuals. Tony now works for Kinetic IT, a successful Australian owned and operated IT managed services provider where he has developed IT security strategies for both WA and Victorian clients, and is highly regarded for his insights by customers and colleagues alike. He can be contacted at: tcampbell666@gmail.com.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97814842168592e.html
Märksõnad: