Sold Out
Book Categories |
Acknowledgments xi
Introduction xiii
1 Governance Overview-How Do We Do It? What Do We Get Out of It? 1
1.1 What Is It? 1
1.2 Back to Basics 2
1.3 Origins of Governance 3
1.4 Governance Definition 5
1.5 Information Security Governance 5
1.6 Six Outcomes of Effective Security Governance 6
1.7 Defining Information, Data, Knowledge 7
1.8 Value of Information 7
2 Why Governance? 9
2.1 Benefits of Good Governance 11
2.1.1 Aligning Security with Business Objectives 11
2.1.2 Providing the Structure and Framework to Optimize Allocations of Limited Resources 12
2.1.3 Providing Assurance that Critical Decisions are Not Based on Faulty Information 13
2.1.4 Ensuring Accountability for Safeguarding Critical Assets 13
2.1.5 Increasing Trust of Customers and Stakeholders 14
2.1.6 Increasing the Company's Worth 14
2.1.7 Reducing Liability for Information Inaccuracy or Lack of Due Care in Protection 14
2.1.8 Increasing Predictability and Reducing Uncertainty of Business Operations 15
2.2 A Management Problem 15
3 Legal and Regulatory Requirements 17
3.1 Security Governance and Regulation 18
4 Roles and Responsibilities 21
4.1 The Board of Directors 22
4.2 Executive Management 22
4.3 Security Steering Committee 24
4.4 The CISO 24
5 Strategic Metrics 27
5.1 Governance Objectives 28
5.1.1 Strategic Direction 29
5.1.2 Ensuring Objectives are Achieved 29
5.1.3 Risks Managed Appropriately 30
5.1.4 Verifying that Resources are Used Responsibly 31
6 Information Security Outcomes 33
6.1 Defining Outcomes 33
6.1.1 Strategic Alignment-Aligning Security Activities in Support of Organizational Objectives 34
6.1.2 Risk Management-ExecutingAppropriate Measures to Manage Risks and Potential Impacts to an Acceptable Level 36
6.1.3 Business Process Assurance/Convergence-Integrating All Relevant Assurance Processes to Improve Overall Security and Efficiency 39
6.1.4 Value Delivery-Optimizing Investments in Support of Organizational Objectives 42
6.1.5 Resource Management-Using Organizational Resources Efficiently and Effectively 44
6.1.6 Performance Measurement-Monitoring and Reporting on Security Processes to Ensure that Objectives are Achieved 45
7 Security Governance Objectives 47
7.1 Security Architecture 48
7.1.1 Managing Complexity 48
7.1.2 Providing a Framework and Road Map 50
7.1.3 Simplicity and Clarity through Layering and Modularization 50
7.1.4 Business Focus Beyond the Technical Domain 50
7.1.5 Objectives of Information Security Architectures 50
7.1.6 SABSA Framework for Security Service Management 54
7.1.7 SABSA Development Process 54
7.1.8 SABSA Life Cycle 54
7.1.9 SABSA Attributes 56
7.2 CobiT 58
7.3 Capability Maturity Model 59
7.4 ISO/IEC 27001/27002 63
7.4.1 ISO 27001 64
7.4.2 ISO 27002 67
7.5 Other Approaches 68
7.5.1 National Cybersecurity Task Force, Information Security Governance: A Call to Action 68
8 Risk Management Objectives 75
8.1 Risk Management Responsibilities 76
8.2 Managing Risk Appropriately 76
8.3 Determining Risk Management Objectives 77
8.3.1 Recovery Time Objectives 78
9 Current State 81
9.1 Current State of Security 81
9.1.1 SABSA 82
9.1.2 CobiT 82
9.1.3 CMM 82
9.1.4 ISO/IEC 27001, 27002 83
9.1.5 Cyber Security Taskforce Governance Framework 83
9.2 Current State of Risk Management 84
9.3 Gap Analysis-Unmitigated Risk 84
9.3.1 SABSA 85
9.3.2 CMM 85
10 Developing a Security Strategy 87
10.1 Failures of Strategy 88
10.2 Attributes of a Good Security Strategy 89
10.3 Strategy Resources 91
10.3.1 Utilizing Architecture for Strategy Development 94
10.3.2 Using CobiT for Strategy Development 94
10.3.3 Using CMM for Strategy Development 96
10.4 Strategy Constraints 96
10.4.1 Contextual Constraints 97
10.4.2 Operational Constraints 97
11 Sample Strategy Development 99
11.1 The Process 100
12 Implementing Strategy 109
12.1 Action Plan Intermediate Goals 109
12.2 Action Plan Metrics 110
12.3 Reengineering 110
12.4 Inadequate Performance 110
12.5 Elements of Strategy 110
12.5.1 Policy Development 111
12.5.2 Standards 116
12.6 Summary 125
13 Security Program Development Metrics 127
13.1 Information Security Program Development Metrics 127
13.2 Program Development Operational Metrics 129
14 Information Security Management Metrics 131
14.1 Management Metrics 132
14.2 Security Management Decision Support Metrics 132
14.3 CISO Decisions 134
14.3.1 Strategic Alignment-Aligning Security Activities in Support of Organizational Objectives 134
14.3.2 Risk Management-Executing Appropriate Measures to Manage Risks and Potential Impacts to an Acceptable Level 137
14.3.3 Metrics for Risk Management 138
14.3.4 Assurance Process Integration 141
14.3.5 Value Delivery-Optimizing Investments in Support of the Organization's Objectives 142
14.3.6 Resource Management-Using Organizational Resources Efficiently and Effectively 144
14.3.7 Performance Measurement-Monitoring and Reporting on Security Processes to Ensure that Organizational Objectives are Achieved 145
14.4 Information Security Operational Metrics 145
14.4.1 IT and Information Security Management 145
14.4.2 Compliance Metrics 146
15 Incident Management and Response Metrics 155
15.1 Incident Management Decision Support Metrics 156
15.1.1 Is It Actually and Incident? 156
15.1.2 What Kind of Incident Is It? 157
15.1.3 Is It a Security Incident? 157
15.1.4 What Is the Security Level? 157
15.1.5 Are there Multiple Events and/or Impacts 158
15.1.6 Will an Incident Need Triage? 158
15.1.7 What Is the Most Effective Response? 158
15.1.8 What Immediate Actions Must be Taken? 158
15.1.9 Which Incident Response Teams and Other Personnel Must be Mobilized? 159
15.1.10 Who Must be Notified? 159
15.1.11 Who Is in Charge? 159
15.1.12 Is It Becoming a Disaster? 159
16 Conclusion 161
Appendix A SABSA Business Attributes and Metrics 163
Appendix B Cultural Worldviews 181
Heirarchists 181
Egalitarians 181
Individualists 182
Fatalists 182
Index 185
Login|Complaints|Blog|Games|Digital Media|Souls|Obituary|Contact Us|FAQ
CAN'T FIND WHAT YOU'RE LOOKING FOR? CLICK HERE!!! X
You must be logged in to add to WishlistX
This item is in your Wish ListX
This item is in your CollectionInformation Security Governence
X
This Item is in Your InventoryInformation Security Governence
X
You must be logged in to review the productsX
X
X
Add Information Security Governence, The Growing Imperative Need for Effective Information Security Governance With monotonous regularity, headlines announce ever more spectacular failures of information security and mounting losses. The succession of corporate debacles and dramatic contr, Information Security Governence to the inventory that you are selling on WonderClubX
X
Add Information Security Governence, The Growing Imperative Need for Effective Information Security Governance With monotonous regularity, headlines announce ever more spectacular failures of information security and mounting losses. The succession of corporate debacles and dramatic contr, Information Security Governence to your collection on WonderClub |