SØG - mellem flere end 8 millioner bøger:

Søg på: Titel, forfatter, forlag - gerne i kombination.
Eller blot på isbn, hvis du kender dette.
Hjælp

Viser: Security Program and Policies - Principles and Practices

Security Program and Policies - Principles and Practices

Security Program and Policies

Principles and Practices
Sari Greene
(2014)
Sprog: Engelsk
Cisco Press
867,00 kr.
Denne titel er udgået og kan derfor ikke bestilles. Vi beklager.
Porto kan blive tilføjet, se takster her

Detaljer om varen

  • Paperback: 648 sider
  • Udgiver: Cisco Press (Marts 2014)
  • ISBN: 9780789751676
Everything you need to know about information security programs and policies, in one book

  • Clearly explains all facets of InfoSec program and policy planning, development, deployment, and management
  • Thoroughly updated for today's challenges, laws, regulations, and best practices
  • The perfect resource for anyone pursuing an information security management career

In today's dangerous world, failures in information security can be catastrophic. Organizations must protect themselves. Protection begins with comprehensive, realistic policies. This up-to-date guide will help you create, deploy, and manage them.

Complete and easy to understand, it explains key concepts and techniques through real-life examples. You'll master modern information security regulations and frameworks, and learn specific best-practice policies for key industry sectors, including finance, healthcare, online commerce, and small business.

If you understand basic information security, you're ready to succeed with this book. You'll find projects, questions, exercises, examples, links to valuable easy-to-adapt information security policies...everything you need to implement a successful information security program.

Sari Stern Greene, CISSP, CRISC, CISM, NSA/IAM, is an information security practitioner, author, and entrepreneur. She is passionate about the importance of protecting information and critical infrastructure. Sari founded Sage Data Security in 2002 and has amassed thousands of hours in the field working with a spectrum of technical, operational, and management personnel, as well as boards of directors, regulators, and service providers. Her first text was Tools and Techniques for Securing Microsoft Networks, commissioned by Microsoft to train its partner channel, which was soon followed by the first edition of Security Policies and Procedures: Principles and Practices. She is actively involved in the security community, and speaks regularly at security conferences and workshops. She has been quoted in The New York Times, Wall Street Journal, and on CNN, and CNBC. Since 2010, Sari has served as the chair of the annual Cybercrime Symposium.

Learn how to

- Establish program objectives, elements, domains, and governance

- Understand policies, standards, procedures, guidelines, and plans--and the differences among them

- Write policies in "plain language," with the right level of detail

- Apply the Confidentiality, Integrity & Availability (CIA) security model

- Use NIST resources and ISO/IEC 27000-series standards

- Align security with business strategy

- Define, inventory, and classify your information and systems

- Systematically identify, prioritize, and manage InfoSec risks

- Reduce "people-related" risks with role-based Security Education, Awareness, and Training (SETA)

- Implement effective physical, environmental, communications, and operational security

- Effectively manage access control

- Secure the entire system development lifecycle

- Respond to incidents and ensure continuity of operations

- Comply with laws and regulations, including GLBA, HIPAA/HITECH, FISMA, state data security and notification rules, and PCI DSS


Chapter 1: Understanding Policy 2 Looking at Policy Through the Ages....................................................................3 The Bible as Ancient Policy
........................................................................4 The United States Constitution as a Policy Revolution
..............................5 Policy Today
...............................................................................................5 Information Security Policy
..................................................................................7 Successful Policy Characteristics
...............................................................8 The Role of Government
...........................................................................13 Information Security Policy Lifecycle
................................................................16 Policy Development
..................................................................................17 Policy Publication
.....................................................................................18 Policy Adoption
.........................................................................................19 Policy Review
............................................................................................20 Test Your Skills
..................................................................................................22
Chapter 2: Policy Elements and Style 32 Policy Hierarchy
.................................................................................................32 Standards..................................................................................................33 Baselines
...................................................................................................34 Guidelines
.................................................................................................34 Procedures
................................................................................................35 Plans and Programs..................................................................................36 Policy Format
.....................................................................................................36 Policy Audience
........................................................................................36 Policy Format Types
.................................................................................37 Policy Components
...................................................................................38 Writing Style and Technique
..............................................................................48 Using Plain Language
...............................................................................48 The Plain Language Movement
................................................................49 Plain Language Techniques for Policy Writing
.........................................50 Test Your Skills
..................................................................................................54
Chapter 3: Information Security Framework 64 CIA
.....................................................................................................................65 What Is Confidentiality?
............................................................................66 What Is Integrity?
......................................................................................68 What Is Availability?
..................................................................................69 Who Is Responsible for CIA?
....................................................................72 Information Security Framework
.......................................................................72 What Is NIST''s Function?
.........................................................................72 What Does the ISO Do?
............................................................................74 Can the ISO Standards and NIST Publications Be Used to Build a Framework?
......75 Test Your Skills
..................................................................................................82
Chapter 4: Governance and Risk Management 92 Understanding Information Security Policies
....................................................93 What Is Meant by Strategic Alignment?
...................................................94 Regulatory Requirements
.........................................................................94 User Versions of Information Security Policies
.........................................94 Vendor Versions of Information Security Policies
.....................................95 Client Synopsis of Information Security Policies
......................................95 Who Authorizes Information Security Policy?
...........................................96 Revising Information Security Policies: Change Drivers
...........................97 Evaluating Information Security Polices
...................................................97 Information Security Governance
....................................................................100 What Is a Distributed Governance Model?
.............................................101 Regulatory Requirements
.......................................................................104 Information Security Risk
................................................................................105 Is Risk Bad?
............................................................................................105 Risk Appetite and Tolerance
...................................................................106 What Is a Risk Assessment?
...................................................................106 Risk Assessment Methodologies
............................................................108 What Is Risk Management?
....................................................................109 Test Your Skills
................................................................................................113
Chapter 5: Asset Management 124 Information Assets and Systems
.....................................................................125 Who Is Responsible for Information Assets?
..........................................126 Information Classification
................................................................................128 How Does the Federal Government Classify Data?
...............................129 Why Is National Security Information Classified Differently?
..................131 Who Decides How National Security Data Is Classified?
.......................133 How Does the Private Sector Classify Data?..........................................134 Can Information Be Reclassified or Even Declassified?
.........................135 Labeling and Handling Standards
...................................................................136 Why Label?
.............................................................................................136 Why Handling Standards?
......................................................................136 Information Systems Inventory
........................................................................139 What Should Be Inventoried?
.................................................................139 Test Your Skills
................................................................................................145
Chapter 6: Human Resources Security 156 The Employee Lifecycle
...................................................................................157 What Does Recruitment Have to Do with Security?
...............................158 What Happens in the Onboarding Phase?
.............................................165 What Is User Provisioning?
.....................................................................166 What Should an Employee Learn During Orientation?
...........................167 Why Is Termination Considered the Most Dangerous Phase?
...............168 The Importance of Employee Agreements
......................................................170 What Are Confidentiality or Non-disclosure Agreements?
.....................170 What Is an Acceptable Use Agreement?
................................................170 The Importance of Security Education and Training
.......................................172 What Is the SETA Model?
.......................................................................173 Test Your Skills
................................................................................................177
Chapter 7: Physical and Environmental Security 188 Understanding the Secure Facility Layered Defense Model
.....................190 How Do We Secure the Site?
.................................................................190 How Is Physical Access Controlled?
......................................................192 Protecting Equipment
......................................................................................196 No Power, No Processing?
.....................................................................196 How Dangerous Is Fire?
.........................................................................198 What About Disposal?
............................................................................200 Stop, Thief!
.....
De oplyste priser er inkl. moms
Om Polyteknisk Boghandel
Vore forlag
Kontakt
Medarbejdere 
Om returret
Butikker og åbningstid
Handler du som firma
Forretningsbetingelser
Porto og forsendelse
Data & cookiepolitik 
Find pensumliste
FAQ for studerende
Pensumlistegaranti 
Sortiment og levering
Kompendier(for undervisere)
E-mærke certificeret
Trustpilot = Fremragende
Polyteknisk Boghandel og Forlag A/S - Anker Engelundsvej 1 - 2800 Lyngby
Tlf 77 42 43 44 - email poly@polyteknisk.dk - CVR 34072655 - Sydbank Reg: 6748 Konto 0001107927

Polyteknisk Boghandel

har gennem mere end 50 år været studieboghandlen på DTU og en af Danmarks førende specialister i faglitteratur.

 

Vi lagerfører et bredt udvalg af bøger, ikke bare inden for videnskab og teknik, men også f.eks. ledelse, IT og meget andet.

Læs mere her


Fysisk eller digital bog?

Ud over trykte bøger tilbyder vi tre forskellige typer af digitale bøger:

 

Vital Source Bookshelf: En velfungerende ebogsplatform, hvor bogen downloades til din computer og/eller mobile enhed.

 

Du skal bruge den gratis Bookshelf software til at læse læse bøgerne - der er indbygget gode værktøjer til f.eks. søgning, overstregning, notetagning mv. I langt de fleste tilfælde vil du samtidig have en sideløbende 1825 dages online adgang. Læs mere om Vital Source bøger

 

Levering: I forbindelse med købet opretter du et login. Når du har installeret Bookshelf softwaren, logger du blot ind og din bog downloades automatisk.

 

 

Adobe ebog: Dette er Adobe DRM ebøger som downloades til din lokale computer eller mobil enhed.

 

For at læse bøgerne kræves særlig software, som understøtter denne type. Softwaren er gratis, men du bør sikre at du har rettigheder til installere software på den maskine du påtænker at anvende den på. Læs mere om Adobe DRM bøger

 

Levering: Et download link sendes pr email umiddelbart efter købet.

 


Ibog: Dette er en online bog som kan læses på udgiverens website. 

Der kræves ikke særlig software, bogen læses i en almindelig browser.

 

Levering: Vores medarbejder sender dig en adgangsnøgle pr email.

 

Vi gør opmærksom på at der ikke er retur/fortrydelsesret på digitale varer.