Book description
What do information security and the art of war have in common? The answer, this book argues, is a great deal. Although the authors have an expert technical knowledge of information security, they strongly believe that technical and procedural measures cannot offer a solution on their own.
Table of contents
- Copyright
- Preface
- About the Authors
- Introduction
-
1. Information Security Auditing and Strategy
- To do or not to do?
- On monetary contemplations
-
The fundamentals
- 1. Information security assessment is an act of corporate or organisational politics
- 2. Information security assessment is always shaped by political, administrative, technical and human ‘terrain’
- 3. Information security assessment must shape information security systems of its target
- 4. Information security assessment is never complete
- 5. Information security assessment must be a part of a continuous process
- 6. Information security assessment should maintain a proper balance between tempo and depth
- 7. Information security assessment must always exceed its perceived scope
- 8. Information security assessment always targets corporate or organisational ISMS
- 9. Information security assessment should aspire to establish the roots of all discovered vulnerabilities, weaknesses and gaps
- 10. Information security assessment should aspire to discover strategic problems through tactical means
- 11. Information security assessment must be endorsed, controlled and debriefed at the top
- 12. Information security assessment should be understood and appreciated at the bottom
- 13. Information security assessment must produce transferrable results
- 14. Information security assessment must decrease the friction of the auditee
- 15. Information security assessment should promote security awareness and initiative
- 16. Information security assessment always operates with probabilities
- 17. Information security assessment is mainly a proactive countermeasure
- 18. Information security assessment must be impartial
- 19. Information security assessment must be dissociated from the checked system
- 20. Information security assessment results must be strictly confidential
- On aggressive defence
- On counteroffensive
- On the conditions of success
- 2. Security Auditing, Governance, Policies and Compliance
- 3. Security Assessments Classification
- 4. Advanced Pre-Assessment Planning
- 5. Security Audit Strategies and Tactics
- 6. Synthetic Evaluation of Risks
- 7. Presenting the Outcome and Follow-Up Acts
- 8. Reviewing Security Assessment Failures and Auditor Management Strategies
- Bibliography
- ITG Resources
Product information
- Title: Assessing Information Security: Strategies, tactics, logic and framework
- Author(s):
- Release date: February 2010
- Publisher(s): IT Governance Publishing
- ISBN: 9781849280358
You might also like
book
Assessing Information Security: Strategies, tactics, logic and framework
Build a strategic response to cyber attacks The activities of the cyber criminal are both deliberate …
book
Enterprise Security: A Data-Centric Approach to Securing the Enterprise
A guide to applying data-centric security concepts for securing enterprise data to enable an agile enterprise …
book
Cybersecurity in the COVID-19 Pandemic
This book demystifies Cybersecurity concepts using real-world cybercrime incidents from the pandemic to illustrate how threat …
book
Penetration Testing Fundamentals: A Hands-On Guide to Reliable Security Audits
The perfect introduction to pen testing for all IT professionals and students · Clearly explains key …