Sold Out
Book Categories |
Executive Summary xi
About This Material xii
The Structure of Information Protection 1
A Comprehensive Information Protection Program 1
The Architectural Model 1
Risk Management 3
How the Business Works 5
How Information Technology Protection Works 7
Interdependencies 8
But How Much Is Enough? The Duty to Protect 8
What Is Information Protection Governance All About? 8
The Goal of Governance 8
What Are the Aspects of Governance? 10
Structures 10
What Are the Rules? 11
Principles and Standards 12
Power and Influence 13
Funding 15
Enforcement Mechanisms 17
Appeals Processes and Disputes 20
The Overall Control System 21
Fitting Protection into Business Structures 22
Fitting In 23
The Theory of Groups 23
What Groups Are Needed 24
Who Is in Charge and Who Does This Person Work for? 25
The CISO 25
The CISO's Team 25
The Structure of the Groups 27
Meetings and Groups the CISO Chairs or Operates 28
Should the CISO Work for the CIO or Others? 28
Should the CISO, CPO, CSO, or Others Be Combined? 30
Where Should the CISO Be in the Corporate Structure? 31
Budgets and Situations 31
Direct Budget for the CISO 31
Identifiable Costs 31
Enforcement and Appeals Processes 34
Top Management Buy-In and Support 34
Power and Influence and Managing Change 34
Responses to Power and Influence 35
Other Power Issues 35
The Control System 36
Metrics 37
Costs 37
Performance 37
Time 38
Lower-Level Metrics 38
How Long Will It Take? 39
Summary 41
Drill-Down 43
How the Business Works 44
The Security Oversight Function 46
Duty to Protect 47
Externally Imposed Duties 47
Internally Imposed Duties 47
Contractual Duties 48
Risk Management and What to Protect 48
Risk Evaluation 48
Consequences 48
Threats 49
Vulnerabilities 49
Interdependencies and Risk Aggregations 50
Risk Treatment 52
Risk Acceptance 52
Risk Avoidance 52
Risk Transfer 52
Risk Mitigation 52
What to Protect and How Well 53
The Risk Management Space 53
Risk Assessment Methodologies and Limitations 54
Matching Surety to Risk 55
Enterprise Risk Management Process: An Example 58
The Risk Management Process 59
Evaluation Processes to Be Used 60
The Order of Analysis 61
Selection of Mitigation Approach 62
Specific Mitigations 63
Specific Issues Mandated by Policy 63
A Schedule of Risk Management Activities 63
Initial Conditions 64
Management's Role 64
Reviews to Be Conducted 65
Threat Assessment 65
Fulfilling the Duties to Protect 66
Security Governance 69
Responsibilities at Organizational Levels 69
Enterprise Security Management Architecture 70
Groups That CISO Meets with or Creates and Chairs 72
Top-Level Governance Board 72
Business Unit Governance Boards 72
Policy, Standards, and Procedures Group and Review Board 73
Legal Group and Review Board 74
Personnel Security Group and Review Board 74
Risk Management Group 75
Protection Testing and Change Control Group and Review Board 75
Technical Safeguards Group and Review Board 76
Zoning Boards and Similar Governance Entities 77
Physical Security Group and Review Board 77
Incident Handling Group and Review Board 78
Audit Group and Review Board 79
Awareness and Knowledge Group and Review Board 80
Documentation Group 81
Issues Relating to Separation of Duties 81
Understanding and Applying Power and Influence 81
Physical Power 81
Resource Power 82
Positional Power 82
Expertise, Personal, and Emotional Power 83
Persuasion Model 84
Managing Change 85
Organizational Perspectives 91
Management 91
Policy 92
Standards 93
Procedures 95
Documentation 96
Auditing 97
Testing and Change Control 97
Technical Safeguards: Information Technology 98
Personnel 101
Incident Handling 102
Legal Issues 104
Physical Security 105
Knowledge 107
Awareness 108
Organization 110
Summary of Perspectives 111
Control Architecture 111
Protection Objectives 111
Integrity 112
Availability 113
Confidentiality 113
Use Control 115
Accountability 116
Access Control Architecture 118
Technical Architecture Functional Units and Composites 118
Perimeter Architectures 118
Physical Perimeter Architecture 119
Logical Perimeter Architecture 122
Perimeter Summary 124
Access Process Architecture 124
Identification 124
Authentication 125
Authorization 125
Use 126
Change Control Architecture 126
Research and Development 126
Change Control 127
Production 127
Technical Security Architecture 127
Issues of Context 127
Time ("When") 127
Location ("Where") 128
Purpose ("Why") 129
Behaviors ("What") 130
Identity ("Who") 130
Method ("How") 131
Life Cycles 132
Business 132
People 134
Systems 138
Data 141
Protection Process: Data State 146
Data at Rest 147
Data in Motion 152
Data in Use 154
Protection Process: Attack and Defense 155
Deter 156
Prevent 157
Detect 159
React 163
Adapt 165
Detect/React Loop 167
Protection Process: Work Flows 168
Work to Be Done 169
Process for Completion and Options 169
Control Points and Approval Requirements 170
Appeals Processes and Escalations 170
Authentication Requirements and Mechanisms 170
Authorization and Context Limitations 171
Work Flow Documentation and Audit 171
Control and Validation of the Engine(s) 171
Risk Aggregation in the Engine(s) 172
Protective Mechanisms 172
Perception 172
Structure 173
Content Controls 175
Behavior 176
Roll-Up of the Drill-Down 178
Summary and Conclusions 181
Index 183
Login|Complaints|Blog|Games|Digital Media|Souls|Obituary|Contact Us|FAQ
CAN'T FIND WHAT YOU'RE LOOKING FOR? CLICK HERE!!! X
You must be logged in to add to WishlistX
This item is in your Wish ListX
This item is in your CollectionIT Security Governance Guidebook with Security Program Metrics on CD-ROM
X
This Item is in Your InventoryIT Security Governance Guidebook with Security Program Metrics on CD-ROM
X
You must be logged in to review the productsX
X
X
Add IT Security Governance Guidebook with Security Program Metrics on CD-ROM, The IT Security Governance Guidebook with Security Program Metrics on CD-ROM provides clear and concise explanations of key issues in information protection, describing the basic structure of information protection and enterprise protection programs. Incl, IT Security Governance Guidebook with Security Program Metrics on CD-ROM to the inventory that you are selling on WonderClubX
X
Add IT Security Governance Guidebook with Security Program Metrics on CD-ROM, The IT Security Governance Guidebook with Security Program Metrics on CD-ROM provides clear and concise explanations of key issues in information protection, describing the basic structure of information protection and enterprise protection programs. Incl, IT Security Governance Guidebook with Security Program Metrics on CD-ROM to your collection on WonderClub |