×

Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

Information Assurance: Managing Organizational IT Security Risks / Edition 1
     

Information Assurance: Managing Organizational IT Security Risks / Edition 1

by Joseph Boyce, Daniel Jennings
 

ISBN-10: 0750673273

ISBN-13: 9780750673273

Pub. Date: 06/01/2002

Publisher: Elsevier Science

Written by two INFOSEC experts, this book provides a systematic and practical approach for establishing, managing and operating a comprehensive Information Assurance program. It is designed to provide ISSO managers, security managers, and INFOSEC professionals with an understanding of the essential issues required to develop and apply a targeted information

Overview

Written by two INFOSEC experts, this book provides a systematic and practical approach for establishing, managing and operating a comprehensive Information Assurance program. It is designed to provide ISSO managers, security managers, and INFOSEC professionals with an understanding of the essential issues required to develop and apply a targeted information security posture to both public and private corporations and government run agencies.

There is a growing concern among all corporations and within the security industry to come up with new approaches to measure an organization's information security risks and posture. Information Assurance explains and defines the theories and processes that will help a company protect its proprietary information including:

• The need to assess the current level of risk.
• The need to determine what can impact the risk.
• The need to determine how risk can be reduced.

The authors lay out a detailed strategy for defining information security, establishing IA goals, providing training for security awareness, and conducting airtight incident response to system compromise. Such topics as defense in depth, configuration management, IA legal issues, and the importance of establishing an IT baseline are covered in-depth from an organizational and managerial decision-making perspective.

• Experience-based theory provided in a logical and comprehensive manner.
• Management focused coverage includes establishing an IT security posture, implementing organizational awareness and training, and understanding the dynamics of new technologies.
• Numerous real-world examples provide a baseline for assessment and comparison.

Product Details

ISBN-13:
9780750673273
Publisher:
Elsevier Science
Publication date:
06/01/2002
Edition description:
New Edition
Pages:
282
Product dimensions:
0.59(w) x 7.00(h) x 10.00(d)

Table of Contents

Section I - The Organizational IA Program: The Practical and Conceptual Foundation
Ch. 1 IA and the Organization: The Challenges
Ch. 2 Basic Security Concepts, Principles, and Strategy
Section II - Defining the Organization's Current IA Posture
Ch. 3 Determining the Organization's IA Baseline
Ch. 4 Determining IT Security Priorities
Ch. 5 The Organization's IA Posture
III - Establishing and Managing an IA Defense In Depth Strategy within an Organization
Ch. 6 Layer 1: IA Policies
Ch. 7 Layer 2: IA Management
Ch. 8 Layer 3: IA Architecture
Ch. 9 Layer 4: Operational Security Administration;
Ch. 10 Layer 5: Configuration Management
Ch. 11 Layer 6: Life-Cycle Security
Ch. 12 Layer 7: Contingency Planning
Ch. 13 Layer 8: IA Education, Training, and Awareness
Ch. 14 Layer 9: IA Policy Compliance Oversight
Ch. 15 Layer 10: IA Incident Response
Ch. 16 Layer 11: IA Reporting
Appendix

Customer Reviews

Average Review:

Post to your social network

     

Most Helpful Customer Reviews

See all customer reviews