Corporate Information Security: Operations and Technology Management

Provides practical, step-by-step guidance on all phases of information security operations and technology management to address increasing concerns over data privacy, security and crime.

Select a format

Print Book
Includes Downloadable Content - exe
ISBN: 9781632836939
In Stock
Best value
eBook :epub
Includes Downloadable Content - exe
ISBN: 9781632836946
In Stock
Best value
eBook :mobi
Includes Downloadable Content - exe
ISBN: 9781632836946
In Stock
Best value
Downloadable Content :exe
Not sold separately
ISBN: 9781632836939
In Stock
International Order Inquiry

Product details

Corporate Information Security: Operations and Technology Management is designed as a resource for senior management, business leaders, IT management, and security administrators to help them understand and deal with existing security risks.

Corporate Information Security describes a roadmap for security planning that focuses on risks, related threats, tools for addressing the threats, and the processes needed to build more secure systems and continuously monitor and improve security. The approach is based on a proven technique that results in documented security strategies and informed decisions. The manual can be used as a guide for security best practices because it provides a wider perspective on security in general for a better understanding of how to reduce and manage security risk.

•  The author writes from a data management planning perspective and provides "best practices" guidance.
•  Sample forms, diagrams, charts, glossary, risk assessment worksheets, and other tools facilitate implementation of the security plan.
•  The manual is organized by security planning phases which makes the process easy to follow.
•  Sample policies simplify the policy development process and ensure the plan, once implemented, can be continuously monitored and managed.

The eBook versions of this title feature links to Lexis Advance for further research options.

The content of this publication is published for the public sector in Sheshunoff's State and Local Government Series: Information Security.

Authors / Contributors

Table of Contents

Part I: Risk Assessment Phase

Chapter 1: Computer Crime Techniques

Chapter 2: Laws, Standards, and Frameworks

Chapter 3: Risk Assessment Process

Part II: Protective Controls Phase

Chapter 4: Physical Security

Chapter 5: Authentication and Authorization

Chapter 6: Biometric Identification

Chapter 7: Password Management

Chapter 8: Server Security and Management

Chapter 9: Firewall Security and Management

Chapter 10: Encryption Techniques

Chapter 11: Malware Threats and Mitigation Strategies

Chapter 12: Application Security and Controls

Chapter 13: Security Awareness

Part III: Detective Controls Phase

Chapter 14: Computer Security Logs and Audit Trails

Chapter 15: Intrusion Detection and Prevention Systems

Chapter 16: Forensic Techniques

Chapter 17: Information Security Assessments

Chapter 18: Management and Organizational Controls

Chapter 19: Systems Development and Maintenance Controls

Part IV: Security Planning and Management Phase

Chapter 20: Security Planning Process

Chapter 21: IT Security Governance

Chapter 22: Mobile Device Management and Security

Chapter 23: Cloud Computing and IT Outsourcing

Chapter 24: Information Security Metrics

Part V: Response Management Phase

Chapter 25: Incident Response Plan

Chapter 26: Backup and Offsite Storage

Chapter 27: Business Continuity Planning and Management

Part VI: Compliance Management Phase

Chapter 28: External Audit

Chapter 29: Internal Audit

Part VII: Working Materials

Appendix A: Risk Assessment Worksheets

Appendix B: Sample Policies

Appendix C: Exhibits

Appendix D: Glossary