You are previewing Strategic and Practical Approaches for Information Security Governance.
O'Reilly logo
Strategic and Practical Approaches for Information Security Governance

Book Description

Strategic and Practical Approaches for Information Security Governance: Technologies and Applied Solutions presents high-quality research papers and practice articles on management and governance issues in the field of information security. The main focus of the book is to provide an organization with insights into practical and applied solutions, frameworks, technologies and practices on technological and organizational factors. The book aims to be a collection of knowledge for professionals, scholars, researchers and academicians working in this field that is fast evolving and growing as an area of information assurance.

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Preface
  5. Chapter 1: Investigating the Concept of Information Security Culture
    1. ABSTRACT
    2. INTRODUCTION
    3. EASE WITH WHICH TO CHANGE A CULTURE EXAGGERATED
    4. CONCLUSION
  6. Chapter 2: Assessing Market Compliance of IT Security Solutions
    1. Abstract
    2. INTRODUCTION
    3. BACKGROUND
    4. A STRUCTURED APPROACH
    5. CASE STUDIES
    6. FUTURE RESEARCH DIRECTIONS
    7. CONCLUSION
  7. Chapter 3: Identity Assurance in Open Networks
    1. Abstract
    2. INTRODUCTION
    3. BACKGROUND
    4. IDENTITY ASSURANCE FRAMEWORKS
    5. FACTORS OF IDENTITY ASSURANCE
    6. CASE STUDY: TRUST LEVELS FOR ATTRIBUTES
    7. CONCLUSION AND FUTURE RESEARCH
  8. Chapter 4: Information Security Governance
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND
    4. CHANGING LANDSCAPE OF INFORMATION SECURITY
    5. REFERENCE MODEL FOR INFORMATION SECURITY GOVERNANCE
    6. FUTURE RESEARCH DIRECTIONS
    7. CONCLUSION
  9. Chapter 5: Enterprise Information Security Policies, Standards, and Procedures
    1. ABSTRACT
    2. INTRODUCTION
    3. SECURITY DOCUMENTS
    4. DIFFERENTIATING BETWEEN POLICIES, STANDARDS, AND GUIDELINES
    5. ENTERPRISE INFORMATION SECURITY POLICIES
    6. DISCUSSION AND ANALYSIS
    7. CONCLUSION
    8. FUTURE RESEARCH DIRECTIONS
    9. APPENDIX
  10. Chapter 6: ISMS Building for SMEs through the Reuse of Knowledge
    1. ABSTRACT
    2. INTRODUCTION
    3. RELATED WORK
    4. MSM2-SME OVERVIEW
    5. GENERATION OF PATTERNS AND ROOT PATTERN
    6. APPLICABILITY OF MSM2-SME
    7. CONCLUSION
  11. Chapter 7: Information Security and Management in Social Network
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND
    4. PRIVACY CONTROL
    5. SOCIAL SPAMMING
    6. USER REPUTATION SYSTEM
    7. FUTURE RESEARCH DIRECTIONS
    8. CONCLUSION
  12. Chapter 8: Music is the Key
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND
    4. EXISTING ALTERNATIVES
    5. MUSICAL PASSWORDS
    6. RESULTS
    7. CONCLUSION
    8. FUTURE WORK
  13. Chapter 9: Information System Integrated Security
    1. ABSTRACT
    2. INTRODUCTION
    3. CURRENT THREATS TO INFORMATION SECURITY
    4. SECURITY OF INDIVIDUAL INFORMATION SYSTEM COMPONENTS
    5. RECOMMENDED APPROACH TO INFORMATION SYSTEM SECURITY MANAGEMENT
    6. CONCLUSION
  14. Chapter 10: Surveillance Communities of Practice
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND
    4. PROBLEM STRUCTURE
  15. Chapter 11: Not Every Cloud Brings Rain
    1. ABSTRACT
    2. INTRODUCTION
    3. Cloud Computing: Once Upon a Time
    4. Conclusion
  16. Chapter 12: Securing the Extended Enterprise
    1. ABSTRACT
    2. 1 INTRODUCTION
    3. 2 BACKGROUND
    4. 3 AN OVERVIEW OF THE EXTENDED ENTERPRISE
    5. 4 CHALLENGES OF EXTERNAL INSIDER THREAT
    6. 5 SOLUTIONS TO COUNTER THE EXTERNAL INSIDER THREAT
    7. 6 PROPOSED SOLUTION TOWARDS EXTERNAL INSIDER THREAT ANALYSIS
    8. 7 METHOD APPLIED TO A RETAILER-MANUFACTURER EXAMPLE
    9. 8 RELATED WORK
    10. 9 Future Research Directions
    11. 10 Conclusion
    12. APPENDIX A
  17. Chapter 13: Information Security Management Systems Cybernetics
    1. ABSTRACT
    2. INTRODUCTION
    3. OVERVIEW OF MANAGEMENT SYSTEMS AND POLICIES
    4. MANAGEMENT SYSTEMS AND THE DEMING CYCLE
    5. MODELING OF THE PLANT
    6. PREVENTIVE ADJUSTMENT OF RISKS WITH MANAGEMENT SYSTEMS
    7. TARGET FUNCTIONS AND MANAGEMENT SYSTEMS
    8. SOLUTIONS AND RECOMMENDATIONS
    9. FUTURE RESEARCH DIRECTIONS
    10. CONCLUSION
  18. Chapter 14: Fraud and Identity Theft Issues
    1. ABSTRACT
    2. 1. INTRODUCTION
    3. 2. METHODS OF IDENTITY THEFT
    4. 5. INTERNET AND ON-LINE RELATED IDENTITY THEFT: PHISHING
    5. 6. ANATOMY OF A PHISHING EMAIL
    6. 7. DEFENSE MECHANISMS: COUNTERMEASURES AGAINST PHISHING
    7. 9. CONCLUSION
    8. 10. FUTURE RESEARCH DIRECTIONS
  19. Chapter 15: Information Security Governance and Standard Based Management Systems
    1. ABSTRACT
    2. INTRODUCTION
    3. Research Framework
    4. HOLISTIC INFORMATION SECURITY GOVERNANCE MODEL
    5. IMPLEMENTATION
    6. CASE STUDIES RESULTS AND EXPERIENCES
    7. OUTLOOK
    8. CONCLUSION
  20. Chapter 16: A Construct Grid Approach to Security Classification and Analysis
    1. ABSTRACT
    2. INTRODUCTION
    3. CONSTRUCT GRID
    4. COMMON AXES FOR SECURITY
    5. FACETS
    6. DISPLAY
    7. OTHER TYPES OF AXES
    8. USAGE
    9. RELATED WORK
    10. CONCLUSION
  21. Chapter 17: Towards an Organizational Culture Framework for Information Security Practices
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND
    4. THE ISSUES OF INFORMATION SECURITY CULTURE
    5. CASE DESCRIPTION
    6. DISCUSSION
    7. CONCLUSION
  22. Chapter 18: Establishment of Enterprise Secured Information Architecture
    1. ABSTRACT
    2. INTRODUCTION
  23. Chapter 19: Information Security Management Based on Adaptive Security Policy Using User Behavior Analysis
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND
    4. INFORMATION SECURITY MANAGEMENT
    5. SECURITY ENVIRONMENT
    6. ADAPTATIVE SECURITY POLICY
    7. USER BEHAVIOR ANALYSIS
    8. USER BEHAVIOR ANALYSIS WITH ADAPTATIVE SECURITY POLICY
    9. FUTURE RESEARCH DIRECTIONS
    10. CONCLUSION
  24. Chapter 20: Detecting Credit Fraud in E-Business System
    1. ABSTRACT
    2. INTRODUCTION
    3. LITERATURE REVIEW
    4. METHODOLOGY
    5. RESEARCH FINDINGS
    6. DATA ANALYSIS AND DISCUSSION
  25. Chapter 21: Safeguarding Australia from Cyber-Terrorism
    1. ABSTRACT
    2. INTRODUCTION
    3. CYBER-TERRORISM SCADA RISK ASSESSMENT
    4. CONCLUSION
  26. Chapter 22: Detecting Compliance Failures in Unmanaged Processes
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND
    4. INTERNAL CONTROLS
    5. AUTOMATED AUDIT TOOLS
    6. MEASURING EFFECTIVENESS OF AUDITING TOOLS
    7. PRACTICAL CONSIDERATIONS
    8. FUTURE RESEARCH DIRECTIONS
    9. CONCLUSION
  27. Chapter 23: Loss of Data
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND
    4. ISSUES
    5. FUTURE RESEARCH
    6. CONCLUSION
  28. Compilation of References
  29. About the Contributors
  30. Index