Executive MBA in Information Security / Edition 1

Executive MBA in Information Security / Edition 1

by John J. Trinckes, Jr.
     
 

According to the Brookings Institute, an organization’s information and other intangible assets account for over 80 percent of its market value. As the primary sponsors and implementers of information security programs, it is essential for those in key leadership positions to possess a solid understanding of the constantly evolving fundamental concepts of

See more details below

Overview

According to the Brookings Institute, an organization’s information and other intangible assets account for over 80 percent of its market value. As the primary sponsors and implementers of information security programs, it is essential for those in key leadership positions to possess a solid understanding of the constantly evolving fundamental concepts of information security management. Developing this knowledge and keeping it current however, requires the time and energy that busy executives like you simply don’t have.

Supplying a complete overview of key concepts, The Executive MBA in Information Security provides the tools needed to ensure your organization has an effective and up-to-date information security management program in place. This one-stop resource provides a ready-to use security framework you can use to develop workable programs and includes proven tips for avoiding common pitfalls—so you can get it right the first time.

Allowing for quick and easy reference, this time-saving manual provides those in key leadership positions with a lucid understanding of:

  • The difference between information security and IT security

  • Corporate governance and how it relates to information security

  • Steps and processes involved in hiring the right information security staff

  • The different functional areas related to information security

  • Roles and responsibilities of the chief information security officer (CISO)

Presenting difficult concepts in a straightforward manner, this concise guide allows you to get up to speed, quickly and easily, on what it takes to develop a rock-solid information security management program that is as flexible as it is secure.

Read More

Product Details

ISBN-13:
9781439810071
Publisher:
Taylor & Francis
Publication date:
10/09/2009
Edition description:
New Edition
Pages:
352
Product dimensions:
6.30(w) x 9.30(h) x 0.90(d)

Table of Contents

Preface

Acknowledgments

The Author

Contributors

Information Security Overview

Information Security Management

What Is Information Security?

Responsibilities

Organization

Functions

Ideal Traits of an Information Security Professional

Certification Requirements

Recruiting

Screening

Interviewing

Reference Checks

Retention

Trust and Loyalty

Why Is Information Security Important?

Information Security Concepts

Laws of Security

Information Security Requirements

Interrelationship of Regulations, Policies, Standards, Procedures, and Guidelines

Regulations

Sarbanes–Oxley Act

Gramm–Leach–Bliley Act

Health Insurance Portability and Accountability Act

Federal Financial Institutions Examination Council

Payment Card Industry (PCI) Data Security Standard

Common Elements of Compliance

Security Controls

Industry Best Practice Guidelines

Standards

Measurement Techniques

Control Objectives for Information and Related Technology

(COBIT)

ISO 27002 Overview

Capability Maturity Model (CMM)

Generally Accepted Information Security Principles (GAISP)

Common Pitfalls of an Effective Information Security Program

Defense in Depth

Managing Risks

Risk Management

System Characterization

Threat Identification

Vulnerability Identification and

Categorization

Control Analysis

Likelihood Rating

Impact Rating (Premitigation)

Risk Determination

Recommendations

Technical Evaluation Plan (TEP)

Methodology Overview

Role of Common Vulnerabilities and Exposures (CVE)

Executive Summary

Follow-Up

Tracking

Conflict Resolution

Test Plans

Physical Security

Access Control Systems and Methods

Discretionary Access Controls (DACs)

Mandatory Access Controls (MACs)

Nondiscretionary Access Controls

Administrative Access Controls

Physical Access Controls

Technical Access Controls

Logical Access Controls

Common Access Control Practices

Auditing

Physical Security

Social Engineering

Phishing

Pharming

Vishing

Passive Information Gathering

Active Information Gathering

Covert Testing

Clean Desk Policy

Dumpster Diving

Business Continuity Plans and Disaster Recovery

Business Continuity

Phase 1—Project Management and Initiation

Phase 2—Business Impact Analysis

Phase 3—Recovery Strategies

Phase 4—Plan, Design, and Develop

Phase 5—Testing, Maintenance, and

Awareness Training

Complications to Consider in BCP

Disaster Recovery

Business

Facilities and Supplies

Users

Technology

Data

Event Stages

Disaster Recovery Testing

Business Continuity Planning and Disaster Recovery Training

Administrative Controls

Change Management

Request Phase

Process Phase

Release Phase

Change Management Steps

Computer Forensics

Computer Investigation Model

Incident Management

Reporting Information

Steps

Notification

Incident Details

Incident Handler

Actions to Date

Recommended Actions

Laws, Investigations, and Ethics

Laws

Investigations

Ethics

Operations Security

OPSEC Controls

Separation of Duties

Job Rotation

Least Privileges

Records Retention

Federal Rules of Civil Procedure

Security Awareness Training

A Cracker’s Story

Security Management Practices

Security Countermeasures

Service Providers, Service-Level Agreements, and Vendor

Reviews

Vendor Relationship Policy

Service-Level Agreements

Vendor Reviews

Managing Security Risks in Vendor Relationships

Due Diligence: The First Tool

Key Contractual Protections: The Second Tool

Information Security Requirements Exhibit: The Third

Tool

Technical Controls

Host Security

System Hardening Checklist

Host Services

Other Host Security Controls

Malware Protection

Viruses, Worms, and Backdoors

DAT Signatures

Multimedia Devices

Network Security

Seven Layers of the OSI Model

Other Layers

Protocol Data Units

TCP/IP Model

Decimal, Binary, and Hexadecimal Compared

Network Addressing

Network Security Controls

Passwords

Patch or Vulnerability Management

Application Controls

Application and System Development

e-Mail

Encryption

Private Key Encryption (Symmetric Key Encryption)

Choosing a Symmetric Key Cryptography Method

Public Key Encryption (Asymmetric Key

Encryption)

Choosing an Asymmetric Key Cryptography Method

Digital Signature

One-Way Encryption

e-Mail Encryption

Choosing e-Mail Encryption

Internet Encryption

Choosing an Internet Security Method

Encrypting Hard Drives

Encryption Attacks

Multifactor Authentication

Perimeter Controls

Security Architecture

Internal Controls

External Controls

Telecommunications Security

Voice over IP Security

Virtual Private Network

Wireless Security

Web Filtering

Audit and Compliance

Audit and Compliance

Information Security Governance Metrics

Testing—Vulnerability Assessment

Appendix A: Information Security Policy

Appendix B: Technology Resource Policy

Appendix C: Log-on Warning Banner

Appendix D: Penetration Test Waiver

Appendix E: Tools

Appendix F: How to Report Internet Crime

Acronyms

MyISAT

Web References

Index

Read More

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >