Information security-driven topic coverage is the basis for this updated book that will benefit readers in the information technology and business fields alike. Management of Information Security, provides an overview of information security from a management perspective, as well as a thorough understanding of the administration of information security. Written by two Certified Information Systems Security Professionals (CISSP), this book has the added credibility of incorporating the CISSP Common Body of Knowledge (CBK), especially in the area of information security management. The second edition has been updated to maintain the industry currency and academic relevance that made the previous edition so popular, and case studies and examples continue to populate the book, providing real-life applications for the topics covered.
1. Introduction to the Management of Information Security 2. Planning for Security 3. Planning for Contingencies 4. Information Security Policy 5. Developing the Security Program 6. Security Management Models and Practices 7. Risk Management: Identifying and Assessing Risk 8. Risk Management: Controlling Risk 9. Protection Mechanisms 10. Personnel and Security 11. Law and Ethics 12. Information Security Project Management Appendix A: NIST SP 800-26, Security Self-Assessment Guide for Information Technology Systems, and ISO 17799:2005 Overview