Request It Save to My Lists Export Return to Browse Modify Search
     
Limit search to available items
Your search query has been changed... Tried: (online and library and catalogs and remote and access and stati) no results found... Tried: (online or library or catalogs or remote or access or stati)
32000 results found. Sorted by relevance .
Previous Record Next Record
  Permalink    
Book Cover
Book
Author Whitman, Michael E., 1964- author

Title Management of information security / Michael Whitman, Herbert Mattord
Edition Fifth edition
Published Boston, MA, USA : Cengage Learning, [2017]

Copies

Location Call no. Vol. Availability
 MELB  005.8 Whi/Moi 2017  AVAILABLE
 MELB  005.8 Whi/Moi 2017  AVAILABLE
 MELB  005.8 Whi/Moi 2017  AVAILABLE
 MELB  005.8 Whi/Moi 2017  AVAILABLE
 W'PONDS  005.8 Whi/Moi 2017  AVAILABLE
 W'PONDS  005.8 Whi/Moi 2017  AVAILABLE
 MELB  005.8 Whi/Moi 2017  AVAILABLE
Description xxii, 650 pages ; 24 cm
Contents Machine generated contents note: Introduction to Security -- CNSS Security Model -- The Value of Information and the C.I.A. Triad -- Key Concepts of Information Security: Threats and Attacks -- The 12 Categories of Threats -- What Is Management> -- Behavioral Types of Leaders -- Management Characteristics -- Governance -- Solving Problems -- Principles of Information Security Management -- Planning -- Policy -- Programs -- Protection -- People -- Projects -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- InfoSec and the Law -- Types of Law -- Relevant U.S. Laws -- International Laws and Legal Bodies -- State and Local Regulations -- Policy Versus Law -- Ethics in InfoSec -- Ethics and Education -- Deterring Unethical and Illegal Behavior -- Professional Organizations and Their Codes of Conduct -- Association for Computing Machinery (ACM) -- International Information Systems Security Certification Consortium, Inc. (ISC)2 -- SANS -- Information Systems Audit and Control Association (ISACA) -- Information Systems Security Association (ISSA) -- Organizational Liability and the Need for Counsel -- Key Law Enforcement Agencies -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- The Role of Planning -- Precursors to Planning -- Strategic Planning -- Creating a Strategic Plan -- Planning Levels -- Planning and the CISO -- Information Security Governance -- The ITGI Approach to Information Security Governance -- NCSP Industry Framework for Information Security Governance -- CERT Governing for Enterprise Security Implementation -- ISO/IEC 27014:2013 Governance of Information Security -- Security Convergence -- Planning for Information Security Implementation -- Introduction to the Security Systems Development Life Cycle -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Why Policy? -- Policy, Standards, and Practices -- Enterprise Information Security Policy -- Integrating an Organization's Mission and Objectives into the EISP -- EISP Elements -- Example EISP Elements -- Issue-Specific Security Policy -- Elements of the ISSP -- Implementing the ISSP -- System-Specific Security Policy -- Managerial Guidance SysSPs -- Technical Specification SysSPs -- Guidelines for Effective Policy Development and Implementation -- Developing Information Security Policy -- Policy Distribution -- Policy Reading -- Policy Comprehension -- Policy Compliance -- Policy Enforcement -- Policy Development and Implementation Using the SecSDLC -- Automated Tools -- Other Approaches to Information Security Policy Development -- SP 800-18, Rev. 1: Guide for Developing Security Plans for Federal Information Systems -- A Final Note on Policy -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Organizing for Security -- Security in Large Organizations -- Security in Medium-Sized Organizations -- Security in Small Organizations -- Placing Information Security Within an Organization -- Components of the Security Program -- Information Security Roles and Titles -- Chief Information Security Officer -- Convergence and the Rise of the True CSO -- Security Managers -- Security Administrators and Analysts -- Security Technicians -- Security Staffers and Watchstanders -- Security Consultants -- Security Officers and Investigators -- Help Desk Personnel -- Implementing Security Education, Training, and Awareness Programs -- Security Education -- Security Training -- Training Techniques -- Security Awareness -- Project Management in Information Security -- Projects Versus Processes -- PMBOK Knowledge Areas -- Project Management Tools -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Introduction to Risk Management -- Knowing Yourself -- Knowing the Enemy -- Accountability for Risk Management -- Risk Identification -- Identification and Prioritization of Information Assets -- Threat Assessment -- The TVA Worksheet -- Risk Assessment and Risk Appetite -- Assessing Risk -- Likelihood -- Assessing Potential Impact on Asset Value (Consequences) -- Percentage of Risk Mitigated by Current Controls -- Uncertainty -- Risk Determination -- Likelihood and Consequences -- Documenting the Results of Risk Assessment -- Risk Appetite -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Introduction to Risk Control -- Risk Control Strategies -- Defense -- Transference -- Mitigation -- Acceptance -- Termination -- Managing Risk -- Feasibility and Cost-Benefit Analysis -- Other Methods of Establishing Feasibility -- Alternatives to Feasibility Analysis -- Recommended Risk Control Practices -- Qualitative and Hybrid Measures -- Delphi Technique -- The OCTAVE Methods -- Microsoft Risk Management Approach -- FAIR -- ISO 27005 Standard for InfoSec Risk Management -- NIST Risk Management Model -- Other Methods -- Selecting the Best Risk Management Model -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Introduction to Blueprints, Frameworks, and Security Models -- Access Control Models -- Categories of Access Controls -- Other Forms of Access Control -- Security Architecture Models -- Trusted Computing Base -- Information Technology System Evaluation Criteria -- The Common Criteria -- Academic Access Control Models -- Bell-LaPadula Confidentiality Model -- Biba Integrity Model -- Clark-Wilson Integrity Model -- Graham-Denning Access Control Model -- Harrison-Ruzzo-Ullman Model -- Brewer-Nash Model (Chinese Wall) -- Other Security Management Models -- The ISO 27000 Series -- NIST Security Publications -- Control Objectives for Information and Related Technology -- Committee of Sponsoring Organizations -- Information Technology Infrastructure Library -- Information Security Governance Framework -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Introduction to Security Practices -- Benchmarking -- Standards of Due Care/Due Diligence -- Selecting Recommended Practices -- Limitations to Benchmarking and Recommended Practices -- Baselining -- Support for Benchmarks and Baselines -- Performance Measurement in InfoSec Management -- InfoSec Performance Management -- Building the Performance Measurement Program -- Specifying InfoSec Measurements -- Collecting InfoSec Measurements -- Implementing InfoSec Performance Measurement -- Reporting InfoSec Performance Measurements -- Trends in Certification and Accreditation -- NIST SP 800-37, Rev
1: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Introduction to Contingency Planning -- Fundamentals of Contingency Planning -- Components of Contingency Planning -- Business Impact Analysis -- Contingency Planning Policies -- Incident Response -- Getting Started -- Incident Response Policy -- Incident Response Planning -- Detecting Incidents -- Reacting to Incidents -- Recovering from Incidents -- Disaster Recovery -- The Disaster Recovery Process -- Disaster Recovery Policy -- Disaster Classification -- Planning to Recover -- Responding to the Disaster -- Simple Disaster Recovery Plan -- Business Continuity -- Business Continuity Policy -- Continuity Strategies -- Timing and Sequence of CP Elements -- Crisis Management -- Business Resumption -- Testing Contingency Plans -- Final Thoughts on CP -- Managing Investigations in the Organization -- Digital Forensics Team -- Affidavits and Search Warrants -- Digital Forensics Methodology -- Evidentiary Policy and Procedures -- Law Enforcement Involvement -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Introduction to Personnel and Security -- Staffing the Security Function -- Information Security Positions -- Information Security Professional Credentials -- (ISC)2 Certifications -- ISACA Certifications -- GIAC Certifications -- EC-Council Certifications -- CompTIA Certifications. -- ISFCE Certifications -- Certification Costs -- Entering the Information Security Profession -- Employment Policies and Practices -- Hiring -- Contracts and Employment -- Security as Part of Performance Evaluation -- Termination Issues -- Personnel Security Practices -- Security of Personnel and Personal Data -- Security Considerations for Temporary Employees, Consultants, and Other Workers -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- Introduction to Protection Mechanisms -- Access Controls and Biometrics -- Managing Network Security -- Firewalls -- Intrusion Detection and Prevention Systems -- Remote Access Protection -- Wireless Networking Protection -- Scanning and Analysis Tools -- Managing Server-Based Systems with Logging -- Cryptography -- Encryption Operations -- Using Cryptographic Controls -- Managing Cryptographic Controls -- Chapter Summary -- Review Questions -- Exercises -- Closing Case -- Discussion Questions -- Ethical Decision Making -- Endnotes -- NIST SP 800-26, Security Self-Assessment Guide for Information Technology Systems -- ISO 17799: 2005 Overview -- The OCTAVE Method of Risk Management -- Microsoft Risk Management Approach
Summary "Discover a managerially-focused overview of information security with a thorough presentation of how to most effectively administer it with MANAGEMENT OF INFORMATION SECURITY, 5E. Insightful, engaging content prepares you to become an information security management practitioner able to secure systems and networks in a world where continuously emerging threats, ever-present attacks, and the success of criminals illustrate the weaknesses in current information technologies. You'll develop both the information security skills and practical experience that organizations are looking for as they strive to ensure more secure computing environments. This edition offers a tightened focus on key executive and managerial aspects of information security while still emphasizing the foundational material to reinforce key concepts. Updated content reflects the most recent developments in the field, including NIST, ISO, and security governance." --Publisher's website
Notes Previous edition: 2014
Bibliography Includes bibliographical references and index
Subject Computer networks -- Security measures -- Management.
Computer security -- Management.
Computer security.
Information technology -- Management.
Information technology -- Security measures.
Management information systems -- Security measures.
Author Mattford, Herbert J., author
ISBN 130550125X
9781305501256
  Permalink