BN.com Gift Guide

Information Security Cost Management

Overview

While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.

Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book ...

See more details below
Other sellers (Hardcover)
  • All (12) from $4.99   
  • New (7) from $57.23   
  • Used (5) from $4.99   
Sending request ...

Overview

While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.

Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available.

Organized into five sections, the book-

  • Focuses on setting the right road map so that you can be most effective in your information security implementations
  • Discusses cost-effective staffing, the single biggest expense to the security organization
  • Presents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectively
  • Identifies high-risk areas, focusing limited resources on the most imminent and severe threats
  • Describes how to manage the key access controls when faced with manual user management, how to automate user management tasks in a cost effective manner, and how to deal with security breaches

Demonstrating strategies to maximize a limited security budget without compromising the quality of risk management initiatives, Information Security Cost Management helps you save your organization time and money. It provides the tools required to implement policies, processes, and training that are crucial to the success of a company's security.

Read More Show Less

Product Details

  • ISBN-13: 9780849392757
  • Publisher: Taylor & Francis
  • Publication date: 9/8/2006
  • Pages: 255
  • Product dimensions: 6.10 (w) x 9.20 (h) x 0.80 (d)

Table of Contents

SECTION 1: SECURITY STRATEGY-THINKING PRACTICALLY
Goals and Filters
You Cannot Secure Everything. What Is Information Security? The Three Pragmatic Filters. Filter One: Focus on High-Risk Areas. Eye on the Ball. References
Building Your Strategy
Creating a Risk-Based Security Strategy. Creating and Showing Value
High-Impact Initiatives. Taking the Next Steps. Reference
SECTION 2: SECURITY ORGANIZATION DESIGN-
COST-EFFECTIVE STAFFING
The Right People for the Right Jobs
Introduction. The Essentials of a Security Organization. Security Functions. Security Roles. Start at the Top-CISO. Supporting the CISO-Security Management. Technical Heavyweights-Security Architect and Security Engineers. Process Excellence-Security Analysts and Security Specialists. Operational Maturity-the Key to Successful Security. Looking at the Bigger Picture-Positioning
Information Security. What about Physical Security?
Sourcing Solutions
Reducing Costs for Routine Tasks. Insourcing versus Outsourcing. Onshoring versus Offshoring. Common Considerations
SECTION 3: SECURITY MANAGEMENT-EFFECTIVELY ENFORCING YOUR STRATEGY
Policies, Standards, and Procedures
Introduction. Terminology Primer. Organizational Tips. Managing Exceptions. A Question of Authority
Training and Awareness
Introduction. Determine Your Key Messages and Target Audiences. Create an Awareness Road Map. Keep it Creative, Simple, and Loud
Maximize Channels of Communication. Use Positive Reinforcement
Be Opportunistic. Make Awareness Everyone's Responsibility
Cost-Effective Audit Management
Introduction. Step 1-Set Expectations. Step 2-Prepare Your Workspace. Step 3-Document, Document, Document. Winning "Comfort" Points
Reporting Your Value
Introduction. How to Make Reports Relevant. How to Make Reports Consistent. How to Make Reports Comprehensible
SECTION 4: SECURITY TECHNOLOGIES-ESTABLISHING A SOUND FOUNDATION
Risk Assessment
Introduction: The Truth about Risk Assessments. Strategy for Conducting Annual Internal. Risk Assessments. Tactical Perspective for Security Assessment. Remediation Strategy
Security Design Review
Introduction. The Analysis Phase. The Requirements Phase. Define Information Protection Requirements. The Design Phase. The Build and Test Phases. The Deployment Phase. The Postproduction Phase.
Exploit Protection
What Is Exploit Protection? Security Incidents and the Business. Loss of Information Assets. Disruptions to the Business. Anatomy of Security Threats. Outsider Threat. Insider Threats. Automated Attacks. Cost Management and Exploit ProtectionExploit Protection and Security Operations. References
SECTION 5: SECURITY OPERATIONS-MAINTAINING
SECURITY EFFICIENTLY
Identity and Access Management
Introduction. The Big Picture. Key Control Points. Implementation Problems and Pitfalls. Making User Management Operational in its Current State. Getting Off to the Right Start-Approvals. Keeping it Clean-Terminations. Managing the User's Life Cycle-Transfers. Mitigating Control-User Recertification. Monitor Solutions. What about Nonuser Accounts? Summary
Cost-Effective Incident Response
Introduction. The Price of Not Planning. Start with Objectives. Assembling the CSIRT. The Big Picture. The Frontline. Initial Response Team (IRT)-the Primary Experts. Executive Incident Team (EIT)-the Decision Makers. Responders-the Recovery Experts. Investigators-the Root Cause Analysts. Postmortem of an Incident. Recap of the Incident Response Process.

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)