Information Security Governance Simplified: From the Boardroom to the Keyboard
Autor Todd Fitzgeralden Limba Engleză Paperback – 30 sep 2020
Defining the leadership skills required by IS officers, the book examines the pros and cons of different reporting structures and highlights the various control frameworks available. It details the functions of the security department and considers the control areas, including physical, network, application, business continuity/disaster recover, and identity management.
Todd Fitzgerald explains how to establish a solid foundation for building your security program and shares time-tested insights about what works and what doesn’t when building an IS program. Highlighting security considerations for managerial, technical, and operational controls, it provides helpful tips for selling your program to management. It also includes tools to help you create a workable IS charter and your own IS policies. Based on proven experience rather than theory, the book gives you the tools and real-world insight needed to secure your information while ensuring compliance with government regulations.
Toate formatele și edițiile | Preț | Express |
---|---|---|
Paperback (1) | 261.90 lei 6-8 săpt. | |
CRC Press – 30 sep 2020 | 261.90 lei 6-8 săpt. | |
Hardback (1) | 981.25 lei 6-8 săpt. | |
CRC Press – 20 dec 2011 | 981.25 lei 6-8 săpt. |
Preț: 261.90 lei
Preț vechi: 375.49 lei
-30% Nou
Puncte Express: 393
Preț estimativ în valută:
50.13€ • 52.56$ • 41.42£
50.13€ • 52.56$ • 41.42£
Carte tipărită la comandă
Livrare economică 29 ianuarie-12 februarie 25
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9780367659226
ISBN-10: 0367659220
Pagini: 431
Dimensiuni: 156 x 234 x 35 mm
Greutate: 0.62 kg
Ediția:1
Editura: CRC Press
Colecția CRC Press
Locul publicării:Boca Raton, United States
ISBN-10: 0367659220
Pagini: 431
Dimensiuni: 156 x 234 x 35 mm
Greutate: 0.62 kg
Ediția:1
Editura: CRC Press
Colecția CRC Press
Locul publicării:Boca Raton, United States
Public țintă
Academic and Professional Practice & DevelopmentCuprins
Getting Information Security Right – Top to Bottom. Developing Information Strategy. Defining the Security Management Organization. Interacting with the C-Suite. Managing Risk to an Acceptable Level. Creating Effective Information Security Policies. Security Compliance Using Control Frameworks. Managerial Controls – Practical Security Considerations. Technical Controls – Practical Security Considerations. Operational Controls – Practical Security Considerations. The Auditors Have Arrived – Now What? Effective Security Communications. The Law and Information Security. Learning From Information Security Incidents. 17 Ways to Dismantle Information Security Efforts.
Notă biografică
Todd Fitzgerald, CISSP, CISA, CISM, CIPM, CIPP/US, CIPP/E, CIPP/C, CGEIT, CRISC, PMP, ISO27000, and ITILv3 certified, is Managing Director and CISO of CISO Spotlight, LLC.
Todd has built and led multiple Fortune 500/large company information security programs for 20 years across multiple industries, named 2016-17 Chicago CISO of the Year by AITP, ISSA, ISACA, Infragard and SIM, ranked Top 50 Information Security Executive, and Information Security Executive (ISE) Award Finalist, and named Ponemon Institute Fellow. Fitzgerald coauthored with Micki Krause the first professional organization Chief Information Security Officer book, CISO Leadership: Essential Principles for Success (Auerbach, 2008). Todd also authored Information Security Governance Simplified: From the Boardroom to the Keyboard (Auerbach, 2012), and co-authored Certified Chief Information Security Officer Body of Knowledge (E-C Council, 2014), and has contributed to over a dozen others. Fitzgerald has participated in the development of materials for the Official (ISC)2 Guide to the CISSP CBK, Information Security Handbook Series, ISACA COBIT 5 for Information Security, and ISACA CSX Cybersecurity Fundamentals.
Fitzgerald is a top-rated RSA Conference speaker and is frequently called upon to present at international, national and local conferences for Information Systems Audit and Control Association (ISACA), Information Systems security Association (ISSA), Management Information Systems Training Institute (MISTI), COSAC, Centers for Medicare and Medicaid Services, T.E.N., and others. Fitzgerald serves on the HIPAA Collaborative of Wisconsin Board of Directors (2002-present), Milwaukee Area Technical College Security Advisory Board, and University of Wisconsin-La Crosse College of Business Administration Board of Advisors.
Prior senior leadership includes SVP, CAO Information Security Northern Trust, Global CISO Grant Thornton International, Ltd, Global CISO ManpowerGroup, Medicare Security Officer/External Audit Oversight WellPoint (now Anthem) Blue Cross Blue Shield-National Government Services, CISO North & Latin America Zeneca/Syngenta and senior Information Technology leadership positions with IMS Health, and American Airlines. Todd earned a B.S. in Business Administration from the University of Wisconsin-La Crosse and Master Business Administration with highest honors from Oklahoma State University.
Todd has built and led multiple Fortune 500/large company information security programs for 20 years across multiple industries, named 2016-17 Chicago CISO of the Year by AITP, ISSA, ISACA, Infragard and SIM, ranked Top 50 Information Security Executive, and Information Security Executive (ISE) Award Finalist, and named Ponemon Institute Fellow. Fitzgerald coauthored with Micki Krause the first professional organization Chief Information Security Officer book, CISO Leadership: Essential Principles for Success (Auerbach, 2008). Todd also authored Information Security Governance Simplified: From the Boardroom to the Keyboard (Auerbach, 2012), and co-authored Certified Chief Information Security Officer Body of Knowledge (E-C Council, 2014), and has contributed to over a dozen others. Fitzgerald has participated in the development of materials for the Official (ISC)2 Guide to the CISSP CBK, Information Security Handbook Series, ISACA COBIT 5 for Information Security, and ISACA CSX Cybersecurity Fundamentals.
Fitzgerald is a top-rated RSA Conference speaker and is frequently called upon to present at international, national and local conferences for Information Systems Audit and Control Association (ISACA), Information Systems security Association (ISSA), Management Information Systems Training Institute (MISTI), COSAC, Centers for Medicare and Medicaid Services, T.E.N., and others. Fitzgerald serves on the HIPAA Collaborative of Wisconsin Board of Directors (2002-present), Milwaukee Area Technical College Security Advisory Board, and University of Wisconsin-La Crosse College of Business Administration Board of Advisors.
Prior senior leadership includes SVP, CAO Information Security Northern Trust, Global CISO Grant Thornton International, Ltd, Global CISO ManpowerGroup, Medicare Security Officer/External Audit Oversight WellPoint (now Anthem) Blue Cross Blue Shield-National Government Services, CISO North & Latin America Zeneca/Syngenta and senior Information Technology leadership positions with IMS Health, and American Airlines. Todd earned a B.S. in Business Administration from the University of Wisconsin-La Crosse and Master Business Administration with highest honors from Oklahoma State University.
Recenzii
Todd Fitzgerald’s new book, Information Security Governance Simplified: From the Boardroom to the Keyboard, presents 15 chapters of advice and real-world experience on how to handle the roll out of an effective program …. Todd has taken the time to include for the reader some practical security considerations for managerial, technical, and operational controls. This is followed up with a discussion on how legal issues are impacting the information security program.
—Tom Peltier, CISSP
—Tom Peltier, CISSP
Descriere
Security practitioners must be able to build a cost-effective security program while at the same time meet the requirements of government regulations. This book lays out these regulations in simple terms and explains how to use the control frameworks to build an effective information security program and governance structure. It discusses how or