You are previewing Information Security Management Principles - Second edition.
O'Reilly logo
Information Security Management Principles - Second edition

Book Description

Commercial, personal and sensitive information is very hard to keep secure, and technological solutions are not the only answer. In today’s technology-driven environment, there is an ever-increasing demand for information delivery on various devices in the office, at home and in public places. A compromise has to be struck between security of information and its availability. This book provides significant first steps along the path of dealing with information assurance in a realistic and comprehensive manner. The second edition has been expanded to include the security of cloud-based resources. The remainder of the contents have been reviewed and reordered to reflect the changes to the BCS Certification in Information Security Management Principles which the book supports.

Table of Contents

  1. FRONT COVER
  2. BCS, THE CHARTERED INSTITUTE FOR IT
  3. TITLE PAGE
  4. COPYRIGHT PAGE
  5. CONTENTS
  6. LIST OF FIGURES AND TABLES
  7. AUTHORS
  8. ACKNOWLEDGEMENTS
  9. ABBREVIATIONS
  10. PREFACE
  11. 1. INFORMATION SECURITY PRINCIPLES
    1. Concepts and definitions
    2. The need for, and benefits of, information security
    3. Pointers for activities in this chapter
  12. 2. INFORMATION RISK
    1. Threats to, and vulnerabilities of, information systems
    2. Risk management
    3. Pointers for activities in this chapter
  13. 3. INFORMATION SECURITY FRAMEWORK
    1. Organisation and responsibilities
    2. Organisational policy standards and procedures
    3. Information security governance
    4. Information security implementation
    5. Security incident management
    6. Legal framework
    7. Security standards and procedures
    8. Pointers for activities in this chapter
  14. 4. PROCEDURAL AND PEOPLE SECURITY CONTROLS
    1. People
    2. User access controls
    3. Training and awareness
    4. Pointers for activities in this chapter
  15. 5. TECHNICAL SECURITY CONTROLS
    1. Protection from malicious software
    2. Networks and communications
    3. External services
    4. Cloud computing
    5. IT infrastructure
    6. Pointers for activities in this chapter
  16. 6. SOFTWARE DEVELOPMENT AND LIFE CYCLE
    1. Testing, audit and review
    2. Systems development and support
    3. Pointers for activities in this chapter
  17. 7. PHYSICAL AND ENVIRONMENTAL SECURITY
    1. Learning outcomes
    2. General controls
    3. Physical security
    4. Technical security
    5. Procedural security
    6. Protection of equipment
    7. Processes to handle intruder alerts
    8. Clear screen and desk policy
    9. Moving property on and off site
    10. Procedures for secure disposal
    11. Security requirements in delivery and loading areas
    12. Pointers for activities in this chapter
  18. 8. DISASTER RECOVERY AND BUSINESS CONTINUITY MANAGEMENT
    1. Learning outcomes
    2. DR/BCP, risk assessment and impact analysis
    3. Writing and implementing plans
    4. Documentation, maintenance and testing
    5. Links to managed service provision and outsourcing
    6. Secure off-site storage of vital material
    7. Involvement of personnel, suppliers and IT systems providers
    8. Security incident management
    9. Compliance with standards
    10. Pointers for the activity in this chapter
  19. 9. OTHER TECHNICAL ASPECTS
    1. Investigations and forensics
    2. Role of cryptography
    3. Pointers for the activity in this chapter
  20. APPENDIX A
  21. GLOSSARY
  22. BACK COVER