did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780470131183

Information Security Governance A Practical Development and Implementation Approach

by
  • ISBN13:

    9780470131183

  • ISBN10:

    0470131187

  • Edition: 1st
  • Format: Hardcover
  • Copyright: 2009-04-13
  • Publisher: Wiley

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

List Price: $117.28 Save up to $29.32
  • Rent Book $105.85
    Add to Cart Free Shipping Icon Free Shipping

    TERM
    PRICE
    DUE
    USUALLY SHIPS IN 24-48 HOURS
    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

Supplemental Materials

What is included with this book?

Summary

This book provides an understanding of governance and its relevance to information security. It gives readers a clear, step-by-step approach to developing a sound security strategy aligned with their business objectives in order to ensure a predictable level of functionality and assurance. Next, it explores various approaches to implementing the strategy, guiding the reader toward practical, workable solutions. A broad range of business managers, IT security managers, and information security managers will value the guidance, action plans, and sample policies provided in this comprehensive book.

Author Biography

Krag Brotby, cism, has more than twenty-five years of experience in the computer security field with a focus on governance, metrics, and architecture. A frequent presenter at security conferences, he has authored a variety of publications on information security risk management, governance, and metrics. A principal author and editor of the ISACA CISM review manual and related presentation materials, he has served on the CISM Practice Analysis Task Force defining the information security practice area for the coming years.

Table of Contents

Acknowledgmentsp. xi
Introductionp. xiii
Governance Overview-How Do We Do It? What Do We Get Out of It?p. 1
What Is It?p. 1
Back to Basicsp. 2
Origins of Governancep. 3
Governance Definitionp. 5
Information Security Governancep. 5
Six Outcomes of Effective Security Governancep. 6
Defining Information, Data, Knowledgep. 7
Value of Informationp. 7
Why Governance?p. 9
Benefits of Good Governancep. 11
Aligning Security with Business Objectivesp. 11
Providing the Structure and Framework to Optimize Allocations of Limited Resourcesp. 12
Providing Assurance that Critical Decisions are Not Based on Faulty Informationp. 13
Ensuring Accountability for Safeguarding Critical Assetsp. 13
Increasing Trust of Customers and Stakeholdersp. 14
Increasing the Company's Worthp. 14
Reducing Liability for Information Inaccuracy or Lack of Due Care in Protectionp. 14
Increasing Predictability and Reducing Uncertainty of Business Operationsp. 15
A Management Problemp. 15
Legal and Regulatory Requirementsp. 17
Security Governance and Regulationp. 18
Roles and Responsibilitiesp. 21
The Board of Directorsp. 22
Executive Managementp. 22
Security Steering Committeep. 24
The CISOp. 24
Strategic Metricsp. 27
Governance Objectivesp. 28
Strategic Directionp. 29
Ensuring Objectives are Achievedp. 29
Risks Managed Appropriatelyp. 30
Verifying that Resources are Used Responsiblyp. 31
Information Security Outcomesp. 33
Defining Outcomesp. 33
Strategic Alignment-Aligning Security Activities in Support of Organizational Objectivesp. 34
Risk Management-Executing Appropriate Measures to Manage Risks and Potential Impacts to an Acceptable Levelp. 36
Business Process Assurance/Convergence-Integrating All Relevant Assurance Processes to Improve Overall Security and Efficiencyp. 39
Value Delivery-Optimizing Investments in Support of Organizational Objectivesp. 42
Resource Management-Using Organizational Resources Efficiently and Effectivelyp. 44
Performance Measurement-Monitoring and Reporting on Security Processes to Ensure that Objectives are Achievedp. 45
Security Governance Objectivesp. 47
Security Architecturep. 48
Managing Complexityp. 48
Providing a Framework and Road Mapp. 50
Simplicity and Clarity through Layering and Modularizationp. 50
Business Focus Beyond the Technical Domainp. 50
Objectives of Information Security Architecturesp. 50
SABSA Framework for Security Service Managementp. 54
SABSA Development Processp. 54
SABSA Life Cyclep. 54
SABSA Attributesp. 56
CobiTp. 58
Capability Maturity Modelp. 59
ISO/IEC 27001/27002p. 63
ISO 27001p. 64
ISO 27002p. 67
Other Approachesp. 68
National Cybersecurity Task Force, Information Security Governance: A Call to Actionp. 68
Risk Management Objectivesp. 75
Risk Management Responsibilitiesp. 76
Managing Risk Appropriatelyp. 76
Determining Risk Management Objectivesp. 77
Recovery Time Objectivesp. 78
Current Statep. 81
Current State of Securityp. 81
SABSAp. 82
CobiTp. 82
CMMp. 82
ISO/IEC 27001, 27002p. 83
Cyber Security Taskforce Governance Frameworkp. 83
Current State of Risk Managementp. 84
Gap Analysis-Unmitigated Riskp. 84
SABSAp. 85
CMMp. 85
Developing a Security Strategyp. 87
Failures of Strategyp. 88
Attributes of a Good Security Strategyp. 89
Strategy Resourcesp. 91
Utilizing Architecture for Strategy Developmentp. 94
Using CobiT for Strategy Developmentp. 94
Using CMM for Strategy Developmentp. 96
Strategy Constraintsp. 96
Contextual Constraintsp. 97
Operational Constraintsp. 97
Sample Strategy Developmentp. 99
The Processp. 100
Implementing Strategyp. 109
Action Plan Intermediate Goalsp. 109
Action Plan Metricsp. 110
Reengineeringp. 110
Inadequate Performancep. 110
Elements of Strategyp. 110
Policy Developmentp. 111
Standardsp. 116
Summaryp. 125
Security Program Development Metricsp. 127
Information Security Program Development Metricsp. 127
Program Development Operational Metricsp. 129
Information Security Management Metricsp. 131
Management Metricsp. 132
Security Management Decision Support Metricsp. 132
CISO Decisionsp. 134
Strategic Alignment-Aligning Security Activities in Support of Organizational Objectivesp. 134
Risk Management-Executing Appropriate Measures to Manage Risks and Potential Impacts to an Acceptable Levelp. 137
Metrics for Risk Managementp. 138
Assurance Process Integrationp. 141
Value Delivery-Optimizing Investments in Support of the Organization's Objectivesp. 142
Resource Management-Using Organizational Resources Efficiently and Effectivelyp. 144
Performance Measurement-Monitoring and Reporting on Security Processes to Ensure that Organizational Objectives are Achievedp. 145
Information Security Operational Metricsp. 145
IT and Information Security Managementp. 145
Compliance Metricsp. 146
Incident Management and Response Metricsp. 155
Incident Management Decision Support Metricsp. 156
Is It Actually and Incident?p. 156
What Kind of Incident Is It?p. 157
Is It a Security Incident?p. 157
What Is the Security Level?p. 157
Are there Multiple Events and/or Impactsp. 158
Will an Incident Need Triage?p. 158
What Is the Most Effective Response?p. 158
What Immediate Actions Must be Taken?p. 158
Which Incident Response Teams and Other Personnel Must be Mobilized?p. 159
Who Must be Notified?p. 159
Who Is in Charge?p. 159
Is It Becoming a Disaster?p. 159
Conclusionp. 161
SABSA Business Attributes and Metricsp. 163
Cultural Worldviewsp. 181
Heirarchistsp. 181
Egalitariansp. 181
Individualistsp. 182
Fatalistsp. 182
Indexp. 185
Table of Contents provided by Ingram. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program