Information security-driven topic coverage is the basis for this updated book that will benefit readers in the information technology and business fields alike. Management of Information Security, provides an overview of information security from a management perspective, as well as a thorough understanding of the administration of information security. Written by two Certified Information Systems Security Professionals (CISSP), this book has the added credibility of incorporating the CISSP Common Body of Knowledge (CBK), especially in the area of information security management. The second edition has been updated to maintain the industry currency and academic relevance that made the previous edition so popular, and case studies and examples continue to populate the book, providing real-life applications for the topics covered.
Michael Whitman, Ph.D., CISM, CISSP is a Professor of Information Systems and Security in the CSIS Department at Kennesaw State University, where he is also Director of the KSU Center for Information Security Education and the coordinator for the Bachelor of Science in Information Security and Assurance. Dr. Whitman is an active researcher in Information Security and Ethical Computing. He currently teaches graduate and undergraduate courses in Information Security and Data Communications. He has published articles in the industry's top journals and co-authors a number of books in the field, published by Course Technology.
Herbert Mattord, M.B.A., CISM, CISSP completed 24 years of IT industry experience before joining the faculty at Kennesaw State University in 2002. He was the Manager of Corporate Information Technology Security at Georgia-Pacific Corporation, where much of the practical knowledge found in this textbook was acquired. He is currently on the Faculty at Kennesaw State University where he teaches undergraduate courses in Information Security, Data Communications, and Local Area Networks, and he is the co-author of several books published by Course Technology and an active researcher in information security management topics.
1. Introduction to the Management of Information Security 2. Planning for Security 3. Planning for Contingencies 4. Information Security Policy 5. Developing the Security Program 6. Security Management Models and Practices 7. Risk Management: Identifying and Assessing Risk 8. Risk Management: Controlling Risk 9. Protection Mechanisms 10. Personnel and Security 11. Law and Ethics 12. Information Security Project Management Appendix A: NIST SP 800-26, Security Self-Assessment Guide for Information Technology Systems, and ISO 17799:2005 Overview