| Document Type
|
:
|
BL
|
| Record Number
|
:
|
668029
|
| Doc. No
|
:
|
dltt
|
| Main Entry
|
:
|
Campbell, Tony.
|
| Title & Author
|
:
|
Practical information security management : : a complete guide to planning and implementation /\ Tony Campbell
|
| Page. NO
|
:
|
1 online resource
|
| ISBN
|
:
|
9781484216859
|
|
|
:
|
: 1484216857
|
|
|
:
|
9781484216842
|
|
|
:
|
1484216849
|
| Contents
|
:
|
At a Glance; Contents; About the Author; About the Technical Reviewers; Acknowledgments; Introduction; Chapter 1: Evolution of a Profession; What's in a Name?; The Language of Security; CIA; Confidentiality; Integrity; Availability; Non-Repudiation; Threats and Vulnerabilities; Risk and Consequence; Glossary of Useful Terms; Chapter 2: Threats and Vulnerabilities; Threats; Hiding in Plain Sight; How Does Tor Work?; The Deep Web; Malware as a Service; Criminal Motivations and Capabilities; Physical Threats; Vulnerabilities; Technical Vulnerabilities; Non-Technical Vulnerabilities
|
|
|
:
|
Physical VulnerabilitiesProcess Vulnerabilities; People Vulnerabilities; People Can Be Compromised; Chapter 3: The Information Security Manager; Information Security Job Roles; Training, Experience, and Professionalism; Career Planning with Professional and Academic Certifications; Getting Started in Security Management; The Information Security Manager's Responsibilities; The Information Security Management System; Chapter 4: Organizational Security; Security in Organizational Structures; Where Does Security Fit?; License to Operate: Get Your Guys Certified
|
|
|
:
|
Encourage a Culture of Security AwarenessWorking with Specialist Groups; Working with Standards and Regulations; Working with Risk Management; Risk Identification; Risk Analysis; Qualitative Assessments; Quantitative Analysis; Risk Treatment; Risk Monitoring; Business Continuity Management and Disaster Planning; Working with Enterprise Architecture; Working with Facilities Management; Conclusion; Chapter 5: Information Security Implementation; Integration with Risk Management; The Language of Risk; Use Existing Frameworks; Secure Development; Security Architecture Awareness
|
|
|
:
|
Security RequirementsOrganizational Interfaces; Post Implementation; Conclusion; Chapter 6: Standards, Frameworks, Guidelines, and Legislation; Why Do We Need Standards?; Legislation; Privacy; US-EU Safe Harbor and Privacy Shield; Employer and Employee Rights; Computer Fraud and Abuse Laws; US Computer Fraud and Abuse Act; UK Computer Misuse Act; Australia's Cybercrime Act; Records Retention; Intellectual Property and Copyright; The ISO/IEC 27000 Series of Standards; ISO/IEC 27001; Getting Certified; ISO/IEC 27002; ISO/IEC 27035; List of Published ISO/IEC 27000 Standards; Business Continuity
|
|
|
:
|
Risk Management StandardsCOBIT; Payment Card Industry Data Security Standard; Health Insurance Portability and Accountability Act; Conclusion; Chapter 7: Protection of Information; Information Classification; Business Impact Levels; Implementing Information Classification; Information Classification or Systems Classification?; Tactical Implementation; Strategic Implementation; Identification, Authentication, and Authorization; Access Control Models; System Privileges; Separation of Duties; Delegation of Privileges; Chapter 8: Protection of People; Human Vulnerabilities; Social Engineering
|
| Subject
|
:
|
Computer security-- Management.
|
| Dewey Classification
|
:
|
005.8
|
|
|
:
|
004
|
| LC Classification
|
:
|
QA76.9.A25
|
| Added Entry
|
:
|
Ohio Library and Information Network.
|