A Practical Guide to Security Assessments / Edition 1

Hardcover (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $30.99
Usually ships in 1-2 business days
(Save 68%)
Other sellers (Hardcover)
  • All (7) from $30.99   
  • New (3) from $67.27   
  • Used (4) from $30.99   

Overview

This book is a detailed methodology of performing a security assessment. The book emphasizes the approach of first understanding the business and then the technology that supports it. It focuses on fundamental process areas of security and provides a methodology for security practitioners to uncover security weaknesses in other existing business processes. With the emphasis on the business driving security, this book presents a standard methodology for performing a security assessment as well as the reasons for doing it that way. It also provides checklists for process-oriented areas of information security to provide detailed guidance that can be used in performing a security assessment.

Read More Show Less

Product Details

  • ISBN-13: 9780849317064
  • Publisher: Taylor & Francis
  • Publication date: 11/1/2003
  • Edition description: New Edition
  • Edition number: 1
  • Pages: 520
  • Product dimensions: 6.40 (w) x 9.40 (h) x 1.30 (d)

Table of Contents

INTRODUCTION

EVOLUTION OF INFORMATION SECURITY
Distributed Systems
Business-to-Business (B2B) Relationships
Remote Access
Enterprise Resource Planning (ERP)
Information Security Today
Why Protect Information Assets
Growing Role of Internal Audit
Security Standards
Organizational Impacts
Security Certifications
Trends in Information Security

INFORMATION SECURITY PROGRAM AND HOW SECURITY ASSESSMENTS FIT IN
What is an Information Security Program
How Does a Security Assessment Fit In
Why Conduct a Security Assessment
Security Assessment Process
Executive Summary

PLANNING
Define Scope
Staffing
Kickoff Meeting
Develop Project Plan
Set Client Expectations
Executive Summary

INITIAL INFORMATION GATHERING
Gather Publicly Available Information
Gather Information from the Client
Analyze Gathered Information
Prepare Initial Question Sets
Develop and Document Template for Final Report
Executive Summary

BUSINESS PROCESS EVALUATION
General Review of Company and Key Business Processes
Finalize Question Sets for Process Reviews
Meet with Business Process Owners
Analyze Information Collected and Document Findings
Status Meeting with Client
Potential Concerns During This Phase
Executive Summary
TECHNOLOGY EVALUATION
General Review of Technology and Related Documentation
Develop Question Sets for Technology Reviews
Meet with Technology Owners and Conduct Detail Testing
Analyze Information Collected and Document Findings
Status Meeting with Client
Potential Concerns During this Phase
Executive Summary

RISK ANALYSIS AND FINAL PRESENTATION
Risk Analysis
Risk Score Calculation
Document Risks and Develop Recommendations for Draft Report
Discuss Draft Report with Client
Present Final Report to Management
Potential Concerns During this Phase
Executive Summary

INFORMATION SECURITY STANDARDS
International Standards Organization 17799 (ISO 17799)
Common Criteria (CC)
COBIT (Control Objectives for Information (Related) Technology)
ITIL (IT Infrastructure Library) Security Management
SAS (Statement on Auditing Standards) 70
AICPA SysTrust
AICPA WebTrust
RFC 2196 - Site Security Handbook
SANS (SysAdmin, Audit, Network, Security) / FBI Top 20 List
Vendor Best Practices

INFORMATION SECURITY LEGISLATION
Relevance to Security Assessments
HIPAA (Health Insurance Portability and Accountability Act)
GLB Act (Gramm-Leach-Bliley Act)
Sarbanes - Oxley Act
21 CFR Part 11
Safe Harbor
Federal Information Security Management Act
Other Legislative Action

APPENDIX - SECURITY QUESTIONNAIRES/ CHECKLISTS
Questionnaire Structure
Preliminary Checklist to Gather Information
Generic Questionnaire for Business Process Owners
Data Classification
Data Retention
Backup and Recovery
Externally Hosted Services
Physical Security
Employee Termination
Incident Handling
Business to Business (B2B)
Business to Consumer (B2C)
Change Management
User ID Administration
Managed Security
Media Handling
HIPAA Security

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)