Information Security Architecture An Integrated Approach to Security in the Organization

ISBN-10: 0849315492

ISBN-13: 9780849315497

Edition: 2nd 2006 (Revised)

Authors: Jan Killmeyer

List price: $109.95
eBook available
30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy


Information Security Architecture, Second Edition incorporates the knowledge developed during the past decade that has pushed the information security life cycle from infancy to a more mature, understandable, and manageable state. It simplifies security by providing clear and organized methods and by guiding you to the most effective resources available. In addition to the components of a successful Information Security Architecture (ISA) detailed in the previous edition, this volume also discusses computer incident/emergency response. The book describes in detail every one of the eight ISA components. Each chapter provides an understanding of the component and details how it relates to the other components of the architecture. The text also outlines how to establish an effective plan to implement each piece of the ISA within an organization. The second edition has been modified to provide security novices with a primer on general security methods. It has also been expanded to provide veteran security professionals with an understanding of issues related to recent legislation, information assurance, and the latest technologies, vulnerabilities, and responses.
eBooks Starting from $43.98
Rent eBooks
Buy eBooks
what's this?
Rush Rewards U
Members Receive:
You have reached 400 XP and carrot coins. That is the daily max!
Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Customers also bought

Book details

List price: $109.95
Edition: 2nd
Copyright year: 2006
Publisher: Auerbach Publishers, Incorporated
Publication date: 1/13/2006
Binding: Hardcover
Pages: 424
Size: 6.25" wide x 9.25" long x 1.25" tall
Weight: 1.870
Language: English

Information Security Architecture
Why an Architecture?
Client/Server Environments
Overview of Security Controls
The Threat
The Risks
The Controls
The Strategic Information Technology (IT) Plan
Getting Started
Security Organization / Infrastructure
Learning Objectives
The Security Organization
The Executive Committee for Security
The Chief Information Officer
The Chief Financial Officer
The Security Officer
The Security Team
Security Coordinators or Liaisons
Departmental Management
Network and Application Administrators
Human Resources
Legal Counsel
Help Desk
Internal Audit
External Audit
Component Audits
Compliance Audits
System Users
Centralized versus Decentralized Security Administration
Information and Resource Ownership
The Strategic Information Technology (IT) Plan
Chapter Summary
Getting Started: Project Management
Password Parameters
Security Policies, Standards, and Procedures
Learning Objectives
The Information Security Policy
Information Security Policy Acknowledgment Form
Network Usage Policy
E-Mail Policy
Internet Policy
Internet Risk
Process for Change
Security Standards
Standards Organizations
Security Procedures
Chapter Summary
Getting Started
Security Baselines and Risk Assessments
Information Security Assessment: A Phased Approach
High-Level Security Assessment (Section I)
Assessing the Organization of the Security Function
Assessing the Security Plan
Assessing Security Policies, Standards, and Procedures
Assessing Risk-Related Programs
Security Operations (Section II)
Security Monitoring
Computer Virus Controls
Microcomputer Security
Compliance with Legal and Regulatory Requirements
Computer Operations (Section III)
Physical and Environmental Security
Backup and Recovery
Computer Systems Management
Problem Management
Application Controls Assessments
Access Controls
Separation (or Segregation) of Duties
Audit Trails
Application Development and Implementation
Change Management
Database Security
Network Assessments
Emergency Response
Remote Access
Gateways Separating the Corporate WAN and Lines of Business
Current and Future Internet Connections
Electronic Mail and the Virtual Office
Placement of WAN Resources at Client Sites
Operating System Security Assessment
Windows NT
Telecommunications Assessments
Security Awareness and Training Program
Program Objectives
Employees Recognize Their Responsibility for Protecting the Enterprise's Information Assets
Employees Understand the Value of Information Security
Employees Recognize Potential Violations and Know Who to Contact
Forms of Attack
The Level of Security Awareness among Existing Employees Remains High
Program Considerations
Effectiveness Is Based on Long-Term Commitment of Resources and Funding
Benefits Are Difficult to Measure in the Short Term
Scoping the Target Audience
Effectively Reaching the Target Audience
Security Organizations
Getting Started - Program Development
Level One Compliance: The Component Owner
Level Two Compliance: The Audit Function
Level Three Compliance: The Security Team
Line of Business (LOB) Security Plan
Enterprise Management Tools
Pitfalls to an Effective ISA Program
Lack of a Project Sponsor and Executive Management Support
Executive-Level Responsibilities
Executive Management's Lack of Understanding of Realistic Risk
Lack of Resources
The Impact of Mergers and Acquisitions on Disparate Systems
Independent Operations throughout Business Units
Discord Between Mainframe versus Distributed Computing Cultures
Fostering Trust in the Organization
Mom-and-Pop Shop Beginnings
Third-Party and Remote Network Management
The Rate of Change in Technology
Getting Started
Computer Incident / Emergency Response
Learning Objectives
CSIRT Goals and Responsibilities
Reactive Services
Alerts and Warnings
Incident Handling
Vulnerability Handling
Artifact Handling
Incident Response Handling Methodology
Incident Classification
Incident Analysis
Incident Response
Incident Response Coordination
Key Organizations
Development of the CSIRT
Issues in Developing a CSIRT
Management Buy-In
Staffing and Training
Policy Development
Legal Issues
Reevaluation of CSIRT Operations
Chapter Summary
Getting Started
Information Security Policy
Information Security Policy Acknowledgment Form
Network Computing Policy
E-Mail Security Policy
Internet Policy
Security Lists
Security Standards and Procedures Manual Table of Contents
Anti-Virus Update Procedure
Security Assessment Workplan
Application Security Assessment
Network Security Assessment Workplan
Windows NT Assessment Workplan
Telecommunications Security Assessment Workplan
Computer Incident/Emergency Response Plan
Sample Line of Business Security Plan
Intrusion Checklist
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.