BOOK
Information Security Management Principles
Andy Taylor | David Alexander | Amanda Finch | David Sutton | Andy Taylor
(2013)
Additional Information
Book Details
Abstract
In today’s technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. The second edition includes the security of cloud-based resources and the contents have been revised to reflect the changes to the BCS Certification in Information Security Management Principles which the book supports.
The security of personal information must keep pace with technology in order to provide a safe and secure environment. This 2nd edition provides a timely update to ensure that BCS remains as an important leader in the education of information security principles.
David Smith
Commercial, personal and sensitive information is very hard to keep secure, and technological solutions are not the only answer. In today’s technology-driven environment, there is an ever-increasing demand for information delivery on various devices in the office, at home and in public places. A compromise has to be struck between security of information and its availability. This book provides significant first steps along the path of dealing with information assurance in a realistic and comprehensive manner. The second edition has been expanded to include the security of cloud-based resources. The remainder of the contents have been reviewed and reordered to reflect the changes to the BCS Certification in Information Security Management Principles which the book supports.
The authors are at the forefront of information security and are instrumental in shaping policy and implementing best-practice. They have gained considerable experience across a wide range of public and private sector bodies including the Home Office, GCHQ, MoD, RAF, Royal Navy, British Airways, Marks & Spencer and O2.
If you want an excellent introduction to information security you could do worse than buying a copy of this book. Highly recommended.
John Hughes
Table of Contents
| Section Title | Page | Action | Price |
|---|---|---|---|
| Cover | Cover | ||
| Copyright | iv | ||
| CONTENTS | v | ||
| LIST OF FIGURES AND TABLES | vii | ||
| AUTHORS | viii | ||
| ACKNOWLEDGEMENTS | x | ||
| ABBREVIATIONS | xi | ||
| PREFACE | xiv | ||
| 1 INFORMATION SECURITY PRINCIPLES | 1 | ||
| CONCEPTS AND DEFINITIONS | 1 | ||
| THE NEED FOR, AND BENEFITS OF, INFORMATION SECURITY | 9 | ||
| POINTERS FOR ACTIVITIES IN THIS CHAPTER | 16 | ||
| 2 INFORMATION RISK | 19 | ||
| THREATS TO, AND VULNERABILITIES OF, INFORMATION SYSTEMS | 19 | ||
| RISK MANAGEMENT | 24 | ||
| POINTERS FOR ACTIVITIES IN THIS CHAPTER | 34 | ||
| 3 INFORMATION SECURITY FRAMEWORK | 37 | ||
| ORGANISATIONS AND RESPONSIBILITIES | 37 | ||
| ORGANISATIONAL POLICY, STANDARDS AND PROCEDURES | 44 | ||
| INFORMATION SECURITY GOVERNANCE | 49 | ||
| INFORMATION SECURITY IMPLEMENTATION | 54 | ||
| SECURITY INCIDENT MANAGEMENT | 59 | ||
| LEGAL FRAMEWORK | 62 | ||
| SECURITY STANDARDS AND PROCEDURES | 73 | ||
| POINTERS FOR ACTIVITIES IN THIS CHAPTER | 81 | ||
| 4 PROCEDURAL AND PEOPLE SECURITY CONTROLS | 85 | ||
| PEOPLE | 85 | ||
| USER ACCESS CONTROLS | 90 | ||
| TRAINING AND AWARENESS | 99 | ||
| POINTERS FOR ACTIVITIES IN THIS CHAPTER | 105 | ||
| 5 TECHNICAL SECURITY CONTROLS | 108 | ||
| PROTECTION FROM MALICIOUS SOFTWARE | 108 | ||
| NETWORKS AND COMMUNICATIONS | 114 | ||
| EXTERNAL SERVICES | 122 | ||
| CLOUD COMPUTING | 126 | ||
| IT INFRASTRUCTURE | 131 | ||
| POINTERS FOR ACTIVITIES IN THIS CHAPTER | 137 | ||
| 6 SOFTWARE DEVELOPMENT AND LIFE CYCLE | 141 | ||
| TESTING, AUDIT AND REVIEW | 141 | ||
| SYSTEMS DEVELOPMENT AND SUPPORT | 143 | ||
| POINTERS FOR ACTIVITIES IN THIS CHAPTER | 151 | ||
| 7 PHYSICAL AND ENVIRONMENTAL SECURITY | 154 | ||
| LEARNING OUTCOMES | 154 | ||
| GENERAL CONTROLS | 154 | ||
| PHYSICAL SECURITY | 154 | ||
| TECHNICAL SECURITY | 155 | ||
| PROCEDURAL SECURITY | 156 | ||
| PROTECTION OF EQUIPMENT | 157 | ||
| PROCESSES TO HANDLE INTRUDER ALERTS | 158 | ||
| CLEAR SCREEN AND DESK POLICY | 160 | ||
| MOVING PROPERTY ON AND OFF SITE | 161 | ||
| PROCEDURES FOR SECURE DISPOSAL | 163 | ||
| SECURITY REQUIREMENTS IN DELIVERY AND LOADING AREAS | 164 | ||
| POINTERS FOR ACTIVITIES IN THIS CHAPTER | 164 | ||
| 8 DISASTER RECOVERY AND BUSINESS CONTINUITY MANAGEMENT | 166 | ||
| LEARNING OUTCOMES | 166 | ||
| DR/BCP, RISK ASSESSMENT AND IMPACT ANALYSIS | 166 | ||
| WRITING AND IMPLEMENTING PLANS | 168 | ||
| DOCUMENTATION, MAINTENANCE AND TESTING | 169 | ||
| LINKS TO MANAGED SERVICE PROVISION AND OUTSOURCING | 171 | ||
| SECURE OFF-SITE STORAGE OF VITAL MATERIAL | 172 | ||
| INVOLVEMENT OF PERSONNEL, SUPPLIERS AND IT SYSTEMS PROVIDERS | 173 | ||
| SECURITY INCIDENT MANAGEMENT | 174 | ||
| COMPLIANCE WITH STANDARDS | 175 | ||
| POINTERS FOR THE ACTIVITY IN THIS CHAPTER | 175 | ||
| 9 OTHER TECHNICAL ASPECTS | 176 | ||
| INVESTIGATIONS AND FORENSICS | 176 | ||
| ROLE OF CRYPTOGRAPHY | 179 | ||
| POINTERS FOR THE ACTIVITY IN THIS CHAPTER | 188 | ||
| APPENDIX A | 191 | ||
| GLOSSARY | 196 | ||
| INDEX | 203 | ||
| Back Cover | 209 |