| |
Reviews:
An excellent introduction to information security. Highly recommended.
– John Hughes, InfoSec Skills
The security of personal information must keep pace with technology in order to provide a safe and secure environment. This book provides a timely update to ensure that BCS remains an important leader in the education of information security principles.
–David Smith, Deputy Commissioner and Director of Data Protection, Information Commissioner’s Office
Description:
Information is one of the currencies of today’s society. As demand for access to fast, reliable data at work and home becomes increasingly digitised and mobile, new risks emerge which threaten the very information that helps businesses and society to function. Globally there are 1.5 million victims of cybercrime every day with 18 adults affected every second (Norton Cybercrime Report).
By focusing on the three main areas of information assurance – confidentiality, integrity and availability – this book gives business and IT managers the skills to identify threats and protect against them.
• Better understand information threats, vulnerabilities and countermeasures
• Manage emerging risks caused by ‘hyper-connectivity’
• Learn best practice from experienced authors
• Includes security of cloud-based resources
• Supports BCS Certification in IS Management Principles
Contents:
INFORMATION SECURITY PRINCIPLES • Concepts and definitions • The need for, and benefits of, information security • Pointers for activities in this chapter • INFORMATION RISK • Threats to, and vulnerabilities of, information systems • Risk management • Pointers for activities in this chapter • INFORMATION SECURITY FRAMEWORK • Organisation and responsibilities • Organisational policy standards and procedures • Information security governance • Information security implementation • Security incident management • Legal framework • Security standards and procedures • Pointers for activities in this chapter • PROCEDURAL AND PEOPLE SECURITY CONTROLS • People • User access controls • Training and awareness • Pointers for activities in this chapter • TECHNICAL SECURITY CONTROLS • Protection from malicious software • Networks and communications • External services • Cloud computing • IT infrastructure • Pointers for activities in this chapter • SOFTWARE DEVELOPMENT AND LIFE CYCLE • Testing, audit and review • Systems development and support • Pointers for activities in this chapter • PHYSICAL AND ENVIRONMENTAL SECURITY • Learning outcomes • General controls • Physical security • Technical security • Procedural security • Protection of equipment • Processes to handle intruder alerts • Clear screen and desk policy • Moving property on and off site • Procedures for secure disposal • Security requirements in delivery and loading areas • Pointers for activities in this chapter • DISASTER RECOVERY AND BUSINESS CONTINUITY MANAGEMENT • Learning outcomes • DR/BCP, risk assessment and impact analysis • Writing and implementing plans • Documentation, maintenance and testing • Links to managed service provision and outsourcing • Secure off-site storage of vital material • Involvement of personnel, suppliers and IT systems providers • Security incident management • Compliance with standards • Pointers for the activity in this chapter • OTHER TECHNICAL ASPECTS • Investigations and forensics • Role of cryptography • Pointers for the activity in this chapter • APPENDIX A • Glossary • Index ISBN - 9781780171753
|
| |
Pages : 224
|