Muutke küpsiste eelistusi

E-raamat: Responsive Security: Be Ready to Be Secure

  • Formaat: 259 pages
  • Ilmumisaeg: 08-Sep-2017
  • Kirjastus: CRC Press Inc
  • Keel: eng
  • ISBN-13: 9781351381291
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 87,09 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Responsive Security: Be Ready to Be SecureSuurem pilt
  • Formaat: 259 pages
  • Ilmumisaeg: 08-Sep-2017
  • Kirjastus: CRC Press Inc
  • Keel: eng
  • ISBN-13: 9781351381291
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Responsive Security: Be Ready to Be Secure explores the challenges, issues, and dilemmas of managing information security risk, and introduces an approach for addressing concerns from both a practitioner and organizational management standpoint. Utilizing a research study generated from nearly a decade of action research and real-time experience, this book introduces the issues and dilemmas that fueled the study, discusses its key findings, and provides practical methods for managing information security risks. It presents the principles and methods of the responsive security approach, developed from the findings of the study, and details the research that led to the development of the approach.





Demonstrates the viability and practicality of the approach in todays information security risk environment Demystifies information security risk management in practice, and reveals the limitations and inadequacies of current approaches Provides comprehensive coverage of the issues and challenges faced in managing information security risks today

The author reviews existing literature that synthesizes current knowledge, supports the need for, and highlights the significance of the responsive security approach. He also highlights the concepts, strategies, and programs commonly used to achieve information security in organizations.







Responsive Security: Be Ready to Be Secure

examines the theories and knowledge in current literature, as well as the practices, related issues, and dilemmas experienced during the study. It discusses the reflexive analysis and interpretation involved in the final research cycles, and validates and refines the concepts, framework, and methodology of a responsive security approach for managing information security risk in a constantly changing risk environment.
List of Figures
ix
List of Tables
xi
List of Abbreviations
xiii
Preface xvii
Acknowledgments xix
Author xxi
1 Introduction
1(14)
1.1 Background and Motivations
1(6)
1.1.1 Business, Technology, and Risk Development
2(2)
1.1.2 Common Knowledge, Standards, and Practices
4(2)
1.1.3 Profession, Organizational Role, and Function
6(1)
1.2 Purpose
7(1)
1.3 Questions
8(1)
1.4 Research Methodology
8(1)
1.5 Organization of Subsequent
Chapters
9(6)
Endnotes
10(5)
2 Knowledge, Issues, and Dilemmas
15(52)
2.1 Introduction
15(1)
2.2 Information Security
15(3)
2.3 Principles and Approaches
18(23)
2.3.1 Security: As Strong as the Weakest Link
19(1)
2.3.2 Defense in Depth
19(1)
2.3.2.1 Use of Security Technology
20(2)
2.3.2.2 Baseline Security
22(3)
2.3.3 No Perfect Security
25(1)
2.3.4 Information Security Is Information Risk Management
26(1)
2.3.4.1 Risk, Risk Assessment, and Risk Management
27(6)
2.3.4.2 Problems of Risk-Based Approach
33(5)
2.3.5 A Circular Problem
38(1)
2.3.6 IT Security Governance
39(2)
2.4 Information Security Risk Management Strategy
41(3)
2.4.1 Protect-Detect-React (PDR)
42(1)
2.4.2 Detect-React-Protect (DRP)
42(2)
2.4.3 Need for Strategic Thinking
44(1)
2.5 Information Security Program
44(11)
2.5.1 Organization and People
45(1)
2.5.2 Risk Assessment and Management
46(1)
2.5.3 Policies
46(3)
2.5.4 Communication
49(1)
2.5.5 Developments
49(1)
2.5.6 Operational Security
50(1)
2.5.7 Performance Measurements
51(4)
2.6 Responding to Change
55(2)
2.7 Current Research and Social Perspectives
57(2)
2.8 Conclusion
59(8)
Endnotes
61(6)
3 Practice, Issues, and Dilemmas
67(66)
3.1 Information Risk Management (IRM) Practices
67(26)
3.1.1 Organization and Management Commitments
68(1)
3.1.1.1 Stakeholder Support for IRM Program
69(2)
3.1.2 Culture of Compliance and Control-Oriented Risk Management
71(1)
3.1.3 Theory of Action and Theory in Use
72(4)
3.1.4 Risk of Habituation
76(1)
3.1.5 Information Risk Management Organization
77(1)
3.1.5.1 Systems of Knowledge Power
78(3)
3.1.6 Responding to Security Incidents
81(1)
3.1.6.1 Incident 1 SNMP Vulnerability
81(1)
3.1.6.2 Incident 2 SPAM Mail
82(1)
3.1.7 Uncertainties in Information Security Risk Analysis and Management
83(5)
3.1.8 Causal Analysis of Information Security Systems
88(4)
3.1.9 Summary of Issues and Dilemmas
92(1)
3.2 Social-Technical Approach
93(40)
3.2.1 Model A Approach
94(1)
3.2.1.1 Addressing Theories of Actions of IRMs and Other Managers
95(2)
3.2.1.2 Addressing Auditors' Theories of Actions
97(4)
3.2.1.3 Competency and Trust
101(3)
3.2.1.4 Five-Level Action Map (FLAM)
104(1)
3.2.1.5 Combining Social and Technical Aspects of Information Security Risk Management Systems
105(2)
3.2.1.6 Communicating Information Security Risk Status
107(3)
3.2.1.7 Limitations of New IRM Systems
110(1)
3.2.1.8 Learning through Model A Approach
111(2)
3.2.2 Model B Approach
113(1)
3.2.2.1 IRM Organization Model
113(3)
3.2.2.2 Learning through the Model B Approach
116(1)
3.2.2.3 Learning from SQL Slammer, Blaster, and SARS Incidents
117(6)
3.2.2.4 Business Continuity and Disaster Recovery Planning
123(1)
3.2.3 Summary of Issues and Dilemmas and Research Outcome
124(2)
Endnotes
126(7)
4 Responsive Security
133(48)
4.1 Piezoelectric Metaphor
133(4)
4.2 BETA's Approach to Emerging Risks and Attacks
137(6)
4.3 Learning from Tsunami Incident
143(2)
4.4 Revealing Uncertainties and Making Risks Visible
145(3)
4.5 Responsive, Reactive, and Proactive Strategies
148(3)
4.6 Criticality Alignment
151(3)
4.7 Testing Responsive Approach at GAMMA
154(2)
4.8 Learning from Antinny Worm Case Study
156(4)
4.9 Refining Responsive Approach
160(12)
4.9.1 Risk Forecasting
160(3)
4.9.2 Scenario Planning and Development
163(6)
4.9.3 Responsiveness Requirements and Action Strategies
169(1)
4.9.3.1 Information Security Policies
169(2)
4.9.3.2 Information Security Program
171(1)
4.9.3.3 Readiness Assurance
171(1)
4.10 Responsive Learning
172(9)
Endnotes
176(5)
5 Conclusions and Implications
181(14)
5.1 Summary and Results
181(3)
5.2 Conclusions about Each Research Question
184(4)
5.3 Implications for Theory
188(1)
5.4 Implications for Policy and Practice
189(3)
5.5 Suggestions for Further Research
192(3)
Endnotes
194(1)
Appendix A Action Research Cycles 195(4)
Appendix B Dialectic Model of Systems Inquiry (DMSI) 199(6)
Appendix C Framework for Information Risk Management 205(8)
References 213(18)
Index 231
Meng-Chow Kang, PhD, earned an MSc in information security from the Royal Holloway and Bedford New College, University of London, and completed his PhD program in information security risk management at the Southern Cross University in Australia. He co-founded the Regional Asia Information Security Exchange (RAISE) Forum (raiseforum.org) that serves as a platform for regional information sharing and contributes to international standards development in ISO and ITU-T. He has been contributing to the development and adoption of international standards relating to information security since 1998, served as the first chair for ISO/IEC JTC 1/SC 27/WG 4 on Security Controls and Services Standards development from 2006 to 2012, and his work has been recognized with numerous industry awards.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97813513812916e.html
Märksõnad: