9780749438456

It Governance: Data Security & Bs 7799/Iso 17799 : A Manager's Guide to Effective Information Security

by ;
  • ISBN13:

    9780749438456

  • ISBN10:

    0749438452

  • Format: Hardcover
  • Copyright: 2003-01-01
  • Publisher: Stylus Pub Llc

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $165.00 Save up to $41.25
  • Buy Used
    $123.75
    Add to Cart Free Shipping

    USUALLY SHIPS IN 2-4 BUSINESS DAYS

Supplemental Materials

What is included with this book?

Summary

Data security is of increasing importance to businesses as the extent and value of electronic data grows. The commercial viability and profitability of enterprises of all sizes increasingly depends on the security, confidentiality and integrity of their data. The future of e-commerce, in particular, depends on data being secure, accessible and complete across the Web, and ultimately consumer confidence will depend on how secure they feel their personal data is. It is important that an organization should not only implement a set of controls and procedures for information security, but also manage and maintain them. And with increased electronic networking between organizations, there is a need for a common reference document on information security management.The guidance given in international standard BS ISO/IEC 17799 provides a single reference point for identifying the range of controls needed and can be applied across organizations of all sizes.There are no handbooks currently available that guide the businessperson through the maze of issues or through th

Table of Contents

Foreword xi
Nigel Turnbull
Introduction 1(1)
Background
1(6)
Why is information security necessary?
7(12)
Nature of information security threats
8(1)
Prevalence of information security threats
9(1)
Impacts of information security threats
10(1)
Cybercrime
11(2)
Cyberwar
13(3)
Legislation
16(1)
Benefits of an information security management system
17(2)
The Combined Code and the Turnbull Report
19(6)
The Combined Code
19(1)
The Turnbull Report
19(4)
IT governance
23(2)
BS 7799
25(12)
Benefits of certification
25(1)
History of BS 7799 and ISO 17799
26(1)
Use of the standard
27(1)
ISO 17799
28(2)
Structured approach to implementation
30(1)
Quality system integration
31(6)
Information security management
37(20)
The management information security forum
37(1)
Information security manager
38(2)
The cross-functional management forum
40(1)
BS 7799 project group
41(5)
Authorization process for information processing facilities
46(1)
Product selection and the Common Criteria
47(2)
Specialist information security advice
49(4)
Co-operation between organizations
53(1)
Independent review of information security
54(1)
Summary
55(2)
Information security policy and scope
57(8)
Information security policy
57(5)
A policy statement
62(1)
Costs and monitoring progress
63(2)
The risk assessment and statement of applicability
65(16)
Approach to risk
65(11)
Selection of controls and statement of applicability
76(2)
Gap analysis
78(1)
Risk assessment tools
79(2)
Security of third party access and outsourcing
81(10)
Indentification of risks
81(1)
Types of access
82(1)
Reasons for access
83(1)
Onsite contractors
84(2)
Security requirements in third party contracts
86(3)
Outsourcing
89(2)
Asset classification and control
91(14)
Asset owners
91(1)
Inventory
91(3)
Information classification
94(3)
Unified classification markings
97(2)
Information labelling and handling
99(5)
Non-disclosure agreements and trusted partners
104(1)
Personnel security
105(18)
Job descriptions
105(2)
Personnel screening and policy
107(2)
Confidentiality agreements and terms of employment
109(2)
User training
111(5)
Responding to security incidents and malfunctions
116(5)
Learning from incidents
121(1)
Disciplinary process
122(1)
Physical and environmental security
123(10)
Secure areas
123(8)
Isolated delivery and loading areas
131(2)
Equipment security
133(8)
Equipment siting and protection
133(3)
Power supplies
136(1)
Cabling security
137(1)
Equipment maintenance
138(1)
Security of equipment off-premises
139(1)
Secure disposal or re-use of equipment
140(1)
General security controls
141(4)
Clear desk and clear screen policy
141(1)
Removal of property
142(3)
Communications and operations management
145(12)
Documented operating procedures
145(2)
Operational change control
147(1)
Incident management procedures
148(2)
Segregation of duties
150(1)
Separation of development and operational facilities
150(1)
External facilities management
151(1)
System planning and acceptance
152(5)
Controls against malicious software (malware)
157(8)
Viruses, worms and Trojans
157(1)
Anti-malware software
158(1)
Hoax messages
159(1)
Anti-malware controls
160(3)
Airborne viruses
163(2)
Housekeeping, network management and media handling
165(10)
Network management
169(2)
Media handling and security
171(4)
Exchanges of information and software
175(16)
Information and software exchange agreements
175(1)
Security of media in transit
176(1)
Electronic commerce security
177(2)
Security technologies
179(3)
Server security
182(1)
Security of electronic office systems
183(2)
Publicly available systems
185(2)
Other forms of information exchange
187(4)
E-mail and Internet use
191(8)
Security risks in e-mail
191(2)
Misuse of the Internet
193(2)
Internet Acceptable Use Policy (AUP)
195(4)
Access control
199(16)
Hackers
199(1)
Hackers techniques
200(3)
System configuration
203(1)
Access control policy
203(12)
Network access control
215(12)
Networks
215(4)
Network security
219(8)
Operating system access control
227(6)
Automatic terminal identification
227(1)
Terminal logon procedures
228(1)
User identification and authentication
229(1)
Password management system
229(1)
Use of system utilities
230(1)
Duress alarms
231(1)
Terminal time-out
231(1)
Limitation of connection time
231(2)
Application access control
233(6)
Monitoring system access and use
235(4)
Mobile computing and teleworking
239(4)
Mobile computing
239(1)
Teleworking
240(3)
Systems development and maintenance
243(4)
Security requirements analysis and specification
243(1)
Security in application systems
244(3)
Cryptographic controls
247(6)
Encryption
248(1)
Public Key Infrastructure (PKI)
249(1)
Digital signatures
250(1)
Non-repudiation services
250(1)
Key management
251(2)
Security in development and support processes
253(6)
System files
253(1)
Access control to program source library
254(1)
Development and support processes
255(4)
Business continuity management
259(12)
Business continuity management process
259(1)
Business continuity and impact analysis
260(1)
Writing and implementing continuity plans
261(1)
Business continuity planning framework
262(4)
Testing, maintaining and re-assessing business continuity plans
266(5)
Compliance
271(18)
Identification of applicable legislation
271(6)
Intellectual Property Rights (IPR)
277(4)
Safeguarding of organizational records
281(1)
Data protection and privacy of personal information
282(1)
Prevention of misuse of information processing facilities
283(1)
Regulation of cryptographic controls
283(1)
Collection of evidence
284(1)
Review of security policy and technical compliance
285(2)
System audit considerations
287(2)
The BS 7799 audit
289(4)
Selection of auditors
289(1)
Initial visit
290(1)
Preparation for audit
291(2)
Appendices 293(19)
I. Useful websites
295(8)
Consultancy firms
295(1)
BS 7799 certification organizations
295(1)
E-learning
296(1)
Microsoft
296(1)
Information security
296(2)
Accounting, finance and economics
298(1)
Business, management and governance
299(1)
Contingency planning and disaster recovery
299(1)
Information technology
300(1)
Risk management
301(2)
II. BS 7799 -- 2:2002
303(7)
III. Further reading
310(2)
Index 312

Rewards Program

Write a Review