Limit search to available items
Book Cover
E-book
Author Kairab, Sudhanshu, author

Title A Practical Guide to Security Assessments
Published CRC Press [Imprint] Sept. 2004 Abingdon : Taylor & Francis Group Florence : Taylor & Francis Group [distributor]

Copies

Description 1 online resource
Contents Front cover -- About the Author -- Preface -- Table of Contents -- Chapter 1. Introduction -- Chapter 2. Evolution of Information Security -- Chapter 3. The Information Security Program and How a Security Assessment Fits In -- Chapter 4. Planning -- Chapter 5. Initial Information Gathering -- Chapter 6. Business Process Evaluation -- Chapter 7. Technology Evaluation -- Chapter 8. Risk Analysis and Final Presentation -- Chapter 9. Information Security Standards -- Chapter 10. Information Security Legislation -- Security Questionnaires and Checklists -- Appendices: Security Questionnaires and Checklists -- Appendix A: Preliminary Checklist to Gather Information -- Appendix B: Generic Questionnaire for Meetings with Business Process Owners -- Appendix C: Generic Questionnaire for Meetings with Technology Owners -- Appendix D: Data Classification -- Appendix E: Data Retention -- Appendix F: Backup and Recovery -- Appendix G: Externally Hosted Services -- Appendix H: Physical Security -- Appendix I: Employee Termination -- Appendix J: Incident Handling -- Appendix K: Business to Business (B2B) -- Appendix L: Business to Consumer (B2C) -- Appendix M: Change Management -- Appendix N: User ID Administration -- Appendix O: Managed Security -- Appendix P: Media Handling -- Appendix Q: HIPAA Security -- Index -- Back cover
Summary The modern dependence upon information technology and the corresponding information security regulations and requirements force companies to evaluate the security of their core business processes, mission critical data, and supporting IT environment. Combine this with a slowdown in IT spending resulting in justifications of every purchase, and security professionals are forced to scramble to find comprehensive and effective ways to assess their environment in order to discover and prioritize vulnerabilities, and to develop cost-effective solutions that show benefit to the business. A Practical Guide to Security Assessments is a process-focused approach that presents a structured methodology for conducting assessments. The key element of the methodology is an understanding of business goals and processes, and how security measures are aligned with business risks. The guide also emphasizes that resulting security recommendations should be cost-effective and commensurate with the security risk. The methodology described serves as a foundation for building and maintaining an information security program.; In addition to the methodology, the book includes an Appendix that contains questionnaires that can be modified and used to conduct security assessments. This guide is for security professionals who can immediately apply the methodology on the job, and also benefits management who can use the methodology to better understand information security and identify areas for improvement
Audience Trade Taylor & Francis Group
Subject Business -- Data processing -- Security measures -- Evaluation
Computer networks -- Security measures -- Evaluation
Computer security.
Data protection.
Electronic data processing departments -- Safety measures -- Planning
Information technology -- Security measures -- Evaluation
Electronic data processing departments -- Security measures -- Planning
Computer security
Data protection
Form Electronic book
ISBN 9780849317064
0849317061
1280164352
9781280164354
9780203507230
0203507231