Executive MBA in Information Security / Edition 1

Hardcover (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $43.64
Usually ships in 1-2 business days
(Save 43%)
Other sellers (Hardcover)
  • All (5) from $43.64   
  • New (1) from $68.82   
  • Used (4) from $43.64   


According to the Brookings Institute, an organization’s information and other intangible assets account for over 80 percent of its market value. As the primary sponsors and implementers of information security programs, it is essential for those in key leadership positions to possess a solid understanding of the constantly evolving fundamental concepts of information security management. Developing this knowledge and keeping it current however, requires the time and energy that busy executives like you simply don’t have.

Supplying a complete overview of key concepts, The Executive MBA in Information Security provides the tools needed to ensure your organization has an effective and up-to-date information security management program in place. This one-stop resource provides a ready-to use security framework you can use to develop workable programs and includes proven tips for avoiding common pitfalls—so you can get it right the first time.

Allowing for quick and easy reference, this time-saving manual provides those in key leadership positions with a lucid understanding of:

  • The difference between information security and IT security
  • Corporate governance and how it relates to information security
  • Steps and processes involved in hiring the right information security staff
  • The different functional areas related to information security
  • Roles and responsibilities of the chief information security officer (CISO)

Presenting difficult concepts in a straightforward manner, this concise guide allows you to get up to speed, quickly and easily, on what it takes to develop a rock-solid information security management program that is as flexible as it is secure.

Read More Show Less

Product Details

  • ISBN-13: 9781439810071
  • Publisher: Taylor & Francis
  • Publication date: 10/9/2009
  • Edition description: New Edition
  • Edition number: 1
  • Pages: 352
  • Product dimensions: 6.30 (w) x 9.30 (h) x 0.90 (d)

Meet the Author

John J. Trinckes Jr., CISSP, CISM, CEH, Senior Information Security Consultant, CastleGarde, Inc.
Read More Show Less

Table of Contents



The Author


Information Security Overview

Information Security Management

What Is Information Security?




Ideal Traits of an Information Security Professional

Certification Requirements




Reference Checks


Trust and Loyalty

Why Is Information Security Important?

Information Security Concepts

Laws of Security

Information Security Requirements

Interrelationship of Regulations, Policies, Standards, Procedures, and Guidelines


Sarbanes–Oxley Act

Gramm–Leach–Bliley Act

Health Insurance Portability and Accountability Act

Federal Financial Institutions Examination Council

Payment Card Industry (PCI) Data Security Standard

Common Elements of Compliance

Security Controls

Industry Best Practice Guidelines


Measurement Techniques

Control Objectives for Information and Related Technology


ISO 27002 Overview

Capability Maturity Model (CMM)

Generally Accepted Information Security Principles (GAISP)

Common Pitfalls of an Effective Information Security Program

Defense in Depth

Managing Risks

Risk Management

System Characterization

Threat Identification

Vulnerability Identification and


Control Analysis

Likelihood Rating

Impact Rating (Premitigation)

Risk Determination


Technical Evaluation Plan (TEP)

Methodology Overview

Role of Common Vulnerabilities and Exposures (CVE)

Executive Summary



Conflict Resolution

Test Plans

Physical Security

Access Control Systems and Methods

Discretionary Access Controls (DACs)

Mandatory Access Controls (MACs)

Nondiscretionary Access Controls

Administrative Access Controls

Physical Access Controls

Technical Access Controls

Logical Access Controls

Common Access Control Practices


Physical Security

Social Engineering




Passive Information Gathering

Active Information Gathering

Covert Testing

Clean Desk Policy

Dumpster Diving

Business Continuity Plans and Disaster Recovery

Business Continuity

Phase 1—Project Management and Initiation

Phase 2—Business Impact Analysis

Phase 3—Recovery Strategies

Phase 4—Plan, Design, and Develop

Phase 5—Testing, Maintenance, and

Awareness Training

Complications to Consider in BCP

Disaster Recovery


Facilities and Supplies




Event Stages

Disaster Recovery Testing

Business Continuity Planning and Disaster Recovery Training

Administrative Controls

Change Management

Request Phase

Process Phase

Release Phase

Change Management Steps

Computer Forensics

Computer Investigation Model

Incident Management

Reporting Information



Incident Details

Incident Handler

Actions to Date

Recommended Actions

Laws, Investigations, and Ethics




Operations Security

OPSEC Controls

Separation of Duties

Job Rotation

Least Privileges

Records Retention

Federal Rules of Civil Procedure

Security Awareness Training

A Cracker’s Story

Security Management Practices

Security Countermeasures

Service Providers, Service-Level Agreements, and Vendor


Vendor Relationship Policy

Service-Level Agreements

Vendor Reviews

Managing Security Risks in Vendor Relationships

Due Diligence: The First Tool

Key Contractual Protections: The Second Tool

Information Security Requirements Exhibit: The Third


Technical Controls

Host Security

System Hardening Checklist

Host Services

Other Host Security Controls

Malware Protection

Viruses, Worms, and Backdoors

DAT Signatures

Multimedia Devices

Network Security

Seven Layers of the OSI Model

Other Layers

Protocol Data Units

TCP/IP Model

Decimal, Binary, and Hexadecimal Compared

Network Addressing

Network Security Controls


Patch or Vulnerability Management

Application Controls

Application and System Development



Private Key Encryption (Symmetric Key Encryption)

Choosing a Symmetric Key Cryptography Method

Public Key Encryption (Asymmetric Key


Choosing an Asymmetric Key Cryptography Method

Digital Signature

One-Way Encryption

e-Mail Encryption

Choosing e-Mail Encryption

Internet Encryption

Choosing an Internet Security Method

Encrypting Hard Drives

Encryption Attacks

Multifactor Authentication

Perimeter Controls

Security Architecture

Internal Controls

External Controls

Telecommunications Security

Voice over IP Security

Virtual Private Network

Wireless Security

Web Filtering

Audit and Compliance

Audit and Compliance

Information Security Governance Metrics

Testing—Vulnerability Assessment

Appendix A: Information Security Policy

Appendix B: Technology Resource Policy

Appendix C: Log-on Warning Banner

Appendix D: Penetration Test Waiver

Appendix E: Tools

Appendix F: How to Report Internet Crime



Web References


Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)