Information Security Architecture An Integrated Approach to Security in the Organization

ISBN-10: 0849315492
ISBN-13: 9780849315497
Edition: 2nd 2006 (Revised)
Authors: Jan Killmeyer
List price: $109.95 Buy it from $11.98
eBook available
This item qualifies for FREE shipping

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy

Description: Information Security Architecture, Second Edition incorporates the knowledge developed during the past decade that has pushed the information security life cycle from infancy to a more mature, understandable, and manageable state. It simplifies  More...

Used Starting from $67.22
eBooks Starting from $43.98
Rent
Buy
what's this?
Rush Rewards U
Members Receive:
coins
coins
You have reached 400 XP and carrot coins. That is the daily max!

Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Add to cart
Study Briefs
Periodic Table Online content $4.95 $1.99
Add to cart
Study Briefs
SQL Online content $4.95 $1.99
Add to cart
Study Briefs
MS Excel® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS Word® 2010 Online content $4.95 $1.99

Customers also bought

Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading

Book details

List price: $109.95
Edition: 2nd
Copyright year: 2006
Publisher: Auerbach Publishers, Incorporated
Publication date: 1/13/2006
Binding: Hardcover
Pages: 424
Size: 6.25" wide x 9.25" long x 1.25" tall
Weight: 1.562
Language: English

Information Security Architecture, Second Edition incorporates the knowledge developed during the past decade that has pushed the information security life cycle from infancy to a more mature, understandable, and manageable state. It simplifies security by providing clear and organized methods and by guiding you to the most effective resources available. In addition to the components of a successful Information Security Architecture (ISA) detailed in the previous edition, this volume also discusses computer incident/emergency response. The book describes in detail every one of the eight ISA components. Each chapter provides an understanding of the component and details how it relates to the other components of the architecture. The text also outlines how to establish an effective plan to implement each piece of the ISA within an organization. The second edition has been modified to provide security novices with a primer on general security methods. It has also been expanded to provide veteran security professionals with an understanding of issues related to recent legislation, information assurance, and the latest technologies, vulnerabilities, and responses.

Information Security Architecture
Why an Architecture?
Incident
Client/Server Environments
Overview of Security Controls
The Threat
The Risks
Incident
The Controls
The Strategic Information Technology (IT) Plan
Summary
Getting Started
Security Organization / Infrastructure
Learning Objectives
The Security Organization
The Executive Committee for Security
The Chief Information Officer
The Chief Financial Officer
The Security Officer
The Security Team
Security Coordinators or Liaisons
Departmental Management
Network and Application Administrators
Human Resources
Legal Counsel
Help Desk
Audit
Internal Audit
External Audit
Component Audits
Compliance Audits
System Users
Centralized versus Decentralized Security Administration
Information and Resource Ownership
The Strategic Information Technology (IT) Plan
Chapter Summary
Getting Started: Project Management
Deliverables
Password Parameters
Notes
Security Policies, Standards, and Procedures
Introduction
Learning Objectives
The Information Security Policy
Information Security Policy Acknowledgment Form
Network Usage Policy
E-Mail Policy
Internet Policy
Internet Risk
Process for Change
Security Standards
Standards Organizations
Security Procedures
Chapter Summary
Getting Started
Notes
Security Baselines and Risk Assessments
Information Security Assessment: A Phased Approach
High-Level Security Assessment (Section I)
Assessing the Organization of the Security Function
Assessing the Security Plan
Assessing Security Policies, Standards, and Procedures
Assessing Risk-Related Programs
Security Operations (Section II)
Security Monitoring
Computer Virus Controls
Microcomputer Security
Compliance with Legal and Regulatory Requirements
Computer Operations (Section III)
Physical and Environmental Security
Backup and Recovery
Computer Systems Management
Problem Management
Application Controls Assessments
Access Controls
Separation (or Segregation) of Duties
Audit Trails
Authentication
Application Development and Implementation
Change Management
Database Security
Network Assessments
Emergency Response
Remote Access
Gateways Separating the Corporate WAN and Lines of Business
Current and Future Internet Connections
Electronic Mail and the Virtual Office
Placement of WAN Resources at Client Sites
Operating System Security Assessment
Windows NT
Telecommunications Assessments
Summary
Security Awareness and Training Program
Program Objectives
Employees Recognize Their Responsibility for Protecting the Enterprise's Information Assets
Employees Understand the Value of Information Security
Employees Recognize Potential Violations and Know Who to Contact
Incident
Forms of Attack
The Level of Security Awareness among Existing Employees Remains High
Program Considerations
Effectiveness Is Based on Long-Term Commitment of Resources and Funding
Benefits Are Difficult to Measure in the Short Term
Scoping the Target Audience
Incident
Effectively Reaching the Target Audience
Security Organizations
Summary
Getting Started - Program Development
Compliance
Level One Compliance: The Component Owner
Level Two Compliance: The Audit Function
Level Three Compliance: The Security Team
Line of Business (LOB) Security Plan
Enterprise Management Tools
Summary
Pitfalls to an Effective ISA Program
Lack of a Project Sponsor and Executive Management Support
Executive-Level Responsibilities
Executive Management's Lack of Understanding of Realistic Risk
Lack of Resources
The Impact of Mergers and Acquisitions on Disparate Systems
Independent Operations throughout Business Units
Discord Between Mainframe versus Distributed Computing Cultures
Fostering Trust in the Organization
Mom-and-Pop Shop Beginnings
Third-Party and Remote Network Management
The Rate of Change in Technology
Summary
Getting Started
Computer Incident / Emergency Response
Introduction
Learning Objectives
CERT/CC
CSIRT Goals and Responsibilities
Reactive Services
Alerts and Warnings
Incident Handling
Vulnerability Handling
Artifact Handling
Incident Response Handling Methodology
Reporting
Incident Classification
Triage
Identification
Incident Analysis
Incident Response
Incident Response Coordination
Key Organizations
Containment
Eradication
Recovery
Notification
Development of the CSIRT
Issues in Developing a CSIRT
Funding
Management Buy-In
Staffing and Training
Policy Development
Legal Issues
Reevaluation of CSIRT Operations
Chapter Summary
Getting Started
Notes
Conclusion
Appendixes
Information Security Policy
Information Security Policy Acknowledgment Form
Network Computing Policy
E-Mail Security Policy
Internet Policy
Security Lists
Security Standards and Procedures Manual Table of Contents
Anti-Virus Update Procedure
Security Assessment Workplan
Application Security Assessment
Network Security Assessment Workplan
Windows NT Assessment Workplan
Telecommunications Security Assessment Workplan
Computer Incident/Emergency Response Plan
Sample Line of Business Security Plan
Intrusion Checklist

×
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.

×