Effective security rules and procedures do not exist for their own sake-they are put in place to protect critical assets, thereby supporting overall business objectives. Recognizing security as a business enabler is the first step in building a successful program.
Information Security Fundamentals allows future security professionals to gain a solid understanding of the foundations of the field and the entire range of issues that practitioners must address. This book enables students to understand the key elements that comprise a successful information security program and eventually apply these concepts to their own efforts. The book examines the elements of computer security, employee roles and responsibilities, and common threats. It examines the need for management controls, policies and procedures, and risk analysis, and also presents a comprehensive list of tasks and objectives that make up a typical information protection program.
The volume discusses organizationwide policies and their documentation, and legal and business requirements. It explains policy format, focusing on global, topic-specific, and application-specific policies. Following a review of asset classification, the book explores access control, the components of physical security, and the foundations and processes of risk analysis and risk management. Information Security Fundamentals concludes by describing business continuity planning, including preventive controls, recovery strategies, and ways to conduct a business impact analysis.
• Provides a solid understanding of the foundations of the field and the entire range of issues that practitioners must address
• Discusses the legal requirements that impact security policies, including Sarbanes-Oxley, HIPAA, and the Gramm-Leach-Bliley Act (GLBA)
• Details physical security requirements and controls, and offers a sample physical security policy
• Examines elements of the risk analysis process such as asset definition, threat identification occurrence probability, and more
• Describes components of business continuity planning, outlining how to conduct a business impact analysis, and how to test a plan
Author(s): Thomas R. Peltier, Justin Peltier, John Blackley
Edition: 1
Publisher: Auerbach Publications
Year: 2004
Language: English
Pages: 261