IT Security Risk Control Management: An Audit Preparation Plan
Autor Raymond Pomponen Limba Engleză Paperback – 15 sep 2016
Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking.
What You Will Learn:
- Build a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constantly changing threats
- Prepare for and pass such common audits as PCI-DSS, SSAE-16, and ISO 27001
- Calibrate the scope, and customize security controls to fit into an organization’s culture
- Implement the most challenging processes, pointing out common pitfalls and distractions
- Frame security and risk issues to be clear and actionable so that decision makers, technical personnel, and users will listen and value your advice
IT professionals moving into the security field; new security managers, directors, project heads, and would-be CISOs; and security specialists from other disciplines moving into information security (e.g., former military security professionals, law enforcement professionals, and physical security professionals)
Preț: 325.82 lei
Preț vechi: 407.27 lei
-20% Nou
Puncte Express: 489
Preț estimativ în valută:
62.35€ • 65.59$ • 51.62£
62.35€ • 65.59$ • 51.62£
Carte disponibilă
Livrare economică 24 decembrie 24 - 07 ianuarie 25
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9781484221396
ISBN-10: 1484221397
Pagini: 308
Ilustrații: XXXI, 311 p. 33 illus., 11 illus. in color.
Dimensiuni: 178 x 254 x 18 mm
Greutate: 0.66 kg
Ediția:1st ed.
Editura: Apress
Colecția Apress
Locul publicării:Berkeley, CA, United States
ISBN-10: 1484221397
Pagini: 308
Ilustrații: XXXI, 311 p. 33 illus., 11 illus. in color.
Dimensiuni: 178 x 254 x 18 mm
Greutate: 0.66 kg
Ediția:1st ed.
Editura: Apress
Colecția Apress
Locul publicării:Berkeley, CA, United States
Cuprins
Part I: Getting a Handle on Things.- Chapter 1: Why Audit. Chapter 2: Assume Breach. Chapter 3: Risk Analysis: Assets and Impacts. Chapter 4: Risk Analysis: Natural Threats. Chapter 5: Risk Analysis: Adversarial Risk. Part II: Wrangling the Organization.- Chapter 6: Scope. Chapter 7: Governance. Chapter 8: Talking to the Suits. Chapter 9: Talking to the Techs. Chapter 10: Talking to the Users. Part III: Managing Risk with Controls.- Chapter 11: Policy. Chapter 12: Control Design. Chapter 13: Administrative Controls. Chapter 14: Vulnerability Management. Chapter 15: People Controls. Chapter 16: Logical Access Control. Chapter 17: Network Security Controls. Chapter 18: More Technical Controls. Chapter 19: Physical Security Controls. Part IV: Being Audited.-C hapter 20: Response Controls. Chapter 21: Starting the Audit. Chapter 22: Internal Audit. Chapter 23: Third Party Security. Chapter 24: Post Audit Improvement.
Recenzii
“Pompon provides step-by-step guidance for successfully establishing a security management system for an organization’s IT systems. … The introduction provides a good road map to the book, and each chapter finishes with a list of further readings. There is a good index and a very thorough table of contents. … This is a good, step-by-step approach to building a security program that should protect an organization’s IT systems and, importantly, also be able to demonstrate that protection to an auditor.” (David B. Henderson, Computing Reviews, April, 2017)
Notă biografică
Ray Pompon is currently the Director of Security at Linedata. With over 20 years of experience in Internet security, he works closely with Federal investigators in cyber-crime investigations and apprehensions. He has been directly involved in several major intrusion cases, including the FBI undercover Flyhook operation and the NW Hospital botnet prosecution. For six years, Ray was president and founder of the Seattle chapter of InfraGard, the FBI public-private partnership. He is a lecturer and on the board of advisors for three information assurance certificate programs at the University of Washington. Ray has written many articles and white papers on advanced technology topics and is frequently asked to speak as a subject matter expert on Internet security issues. National journalists have solicited and quoted his thoughts and perspective on the topic of computer security numerous times. He is a Certified Information Systems Security Professional as well as GIAC certified in the Law of Data Security & Investigations.
Textul de pe ultima copertă
Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking.
IT Security Risk Control Management provides step-by-step guidance for IT professionals on how to craft a successful security program. Readers will identify with the paradoxes of information security and discover handy tools that hook security controls into business processes, including:
IT Security Risk Control Management provides step-by-step guidance for IT professionals on how to craft a successful security program. Readers will identify with the paradoxes of information security and discover handy tools that hook security controls into business processes, including:
- Building a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constant changing threats
- Preparing for and passing such common audits as PCI-DSS, SSAE-16, and ISO 27001.
- Calibrating the scope, and customizing security controls to fit into an organization’s culture.
- Implementing the most challenging processes, pointing out common pitfalls and distractions.
- Framing security and risk issues to be clear and actionable so that decision makers, technical personnel, and users will listen and value your advice.
Caracteristici
Focuses on timeless, practical, hands-on advice and actionable strategies Think like a seasoned security professional, understanding how cyber-criminals subvert systems with subtle and insidious tricks Write clear, easy-to-follow, comprehensive security policies and procedures Does not get into the minutiae of the technical details, which become obsolete in a few years