did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780849315497

Information Security Architecture: An Integrated Approach to Security in the Organization, Second Edition

by ;
  • ISBN13:

    9780849315497

  • ISBN10:

    0849315492

  • Edition: 2nd
  • Format: Hardcover
  • Copyright: 2006-01-13
  • Publisher: Auerbach Public

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

List Price: $120.00 Save up to $44.40
  • Rent Book $75.60
    Add to Cart Free Shipping Icon Free Shipping

    TERM
    PRICE
    DUE
    USUALLY SHIPS IN 3-5 BUSINESS DAYS
    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

Supplemental Materials

What is included with this book?

Summary

Information Security Architecture, Second Edition incorporates the knowledge developed during the past decade that has pushed the information security life cycle from infancy to a more mature, understandable, and manageable state. It simplifies security by providing clear and organized methods and by guiding you to the most effective resources available. In addition to the components of a successful Information Security Architecture (ISA) detailed in the previous edition, this volume discusses three additional components: monitoring and detection; computer incident/emergency response; and disaster recovery/business continuity planning. Each chapter provides an understanding of the component and details how it relates to the other components of the architecture.

Table of Contents

Information Security Architecture
1(24)
Why an Architecture?
2(20)
Incident
3(3)
Client/Server Environments
6(5)
Overview of Security Controls
11(1)
The Threat
11(1)
The Risks
12(1)
Incident
12(2)
The Controls
14(3)
The Strategic Information Technology (IT) Plan
17(5)
Summary
22(1)
Getting Started
22(3)
Security Organization / Infrastructure
25(52)
Learning Objectives
25(1)
The Security Organization
26(17)
The Executive Committee for Security
29(1)
The Chief Information Officer
29(2)
The Chief Financial Officer
31(1)
The Security Officer
32(1)
The Security Team
33(2)
Security Coordinators or Liaisons
35(1)
Departmental Management
36(1)
Network and Application Administrators
37(1)
Human Resources
37(1)
Legal Counsel
37(2)
Help Desk
39(1)
Audit
39(1)
Internal Audit
39(2)
External Audit
41(1)
Component Audits
42(1)
Compliance Audits
42(1)
System Users
42(1)
Centralized versus Decentralized Security Administration
43(2)
Information and Resource Ownership
45(4)
The Strategic Information Technology (IT) Plan
49(5)
Chapter Summary
54(21)
Getting Started: Project Management
56(15)
Deliverables
71(1)
Password Parameters
72(3)
Notes
75(2)
Security Policies, Standards, and Procedures
77(24)
Introduction
77(1)
Learning Objectives
77(4)
The Information Security Policy
81(1)
Information Security Policy Acknowledgment Form
82(1)
Network Usage Policy
82(1)
E-Mail Policy
83(4)
Internet Policy
87(3)
Internet Risk
88(2)
Process for Change
90(1)
Security Standards
91(1)
Standards Organizations
92(4)
Security Procedures
96(1)
Chapter Summary
97(1)
Getting Started
98(1)
Notes
99(2)
Security Baselines and Risk Assessments
101(38)
Information Security Assessment: A Phased Approach
102(1)
High-Level Security Assessment (Section I)
103(2)
Assessing the Organization of the Security Function
103(1)
Assessing the Security Plan
104(1)
Assessing Security Policies, Standards, and Procedures
104(1)
Assessing Risk-Related Programs
104(1)
Security Operations (Section II)
105(3)
Security Monitoring
105(1)
Computer Virus Controls
106(1)
Microcomputer Security
107(1)
Compliance with Legal and Regulatory Requirements
108(1)
Computer Operations (Section III)
108(3)
Physical and Environmental Security
108(1)
Backup and Recovery
109(1)
Computer Systems Management
110(1)
Problem Management
110(1)
Application Controls Assessments
111(25)
Access Controls
112(1)
Separation (or Segregation) of Duties
113(1)
Audit Trails
114(1)
Authentication
114(2)
Application Development and Implementation
116(1)
Change Management
117(1)
Database Security
117(2)
Network Assessments
119(1)
Emergency Response
120(1)
Remote Access
121(1)
Gateways Separating the Corporate WAN and Lines of Business
122(1)
Current and Future Internet Connections
122(1)
Electronic Mail and the Virtual Office
123(1)
Placement of WAN Resources at Client Sites
124(1)
Operating System Security Assessment
125(1)
Windows NT
125(7)
Telecommunications Assessments
132(4)
Summary
136(3)
Security Awareness and Training Program
139(26)
Program Objectives
139(8)
Employees Recognize Their Responsibility for Protecting the Enterprise's Information Assets
139(1)
Employees Understand the Value of Information Security
140(2)
Employees Recognize Potential Violations and Know Who to Contact
142(1)
Incident
142(1)
Forms of Attack
143(3)
The Level of Security Awareness among Existing Employees Remains High
146(1)
Program Considerations
147(13)
Effectiveness Is Based on Long-Term Commitment of Resources and Funding
147(1)
Benefits Are Difficult to Measure in the Short Term
148(1)
Scoping the Target Audience
149(2)
Incident
151(3)
Effectively Reaching the Target Audience
154(5)
Security Organizations
159(1)
Summary
160(1)
Getting Started --- Program Development
161(4)
Compliance
165(14)
Level One Compliance: The Component Owner
166(1)
Level Two Compliance: The Audit Function
167(5)
Level Three Compliance: The Security Team
172(1)
Line of Business (LOB) Security Plan
173(1)
Enterprise Management Tools
173(3)
Summary
176(3)
Pitfalls to an Effective ISA Program
179(22)
Lack of a Project Sponsor and Executive Management Support
180(1)
Executive-Level Responsibilities
180(1)
Executive Management's Lack of Understanding of Realistic Risk
181(1)
Lack of Resources
182(1)
The Impact of Mergers and Acquisitions on Disparate Systems
183(3)
Independent Operations throughout Business Units
186(2)
Discord Between Mainframe versus Distributed Computing Cultures
188(2)
Fostering Trust in the Organization
190(1)
Mom-and-Pop Shop Beginnings
191(1)
Third-Party and Remote Network Management
192(4)
The Rate of Change in Technology
196(1)
Summary
197(2)
Getting Started
199(2)
Computer Incident / Emergency Response
201(38)
Introduction
201(1)
Learning Objectives
201(2)
CERT®/CC
203(1)
CSIRT Goals and Responsibilities
203(2)
Reactive Services
205(3)
Alerts and Warnings
205(1)
Incident Handling
206(1)
Vulnerability Handling
207(1)
Artifact Handling
207(1)
Incident Response Handling Methodology
208(1)
Reporting
209(4)
Incident Classification
213(1)
Triage
213(2)
Identification
215(1)
Incident Analysis
216(2)
Incident Response
218(1)
Incident Response Coordination
219(2)
Key Organizations
220(1)
Containment
221(2)
Eradication
223(1)
Recovery
224(1)
Notification
224(2)
Development of the CSIRT
226(4)
Issues in Developing a CSIRT
230(6)
Funding
230(1)
Management Buy-In
231(1)
Staffing and Training
231(2)
Policy Development
233(1)
Legal Issues
234(2)
Reevaluation of CSIRT Operations
236(1)
Chapter Summary
236(1)
Getting Started
236(1)
Notes
237(2)
Conclusion
239(126)
APPENDIXES
A-1 Information Security Policy
243(16)
A-2 Information Security Policy Acknowledgment Form
259(4)
A-3 Network Computing Policy
263(4)
A-4 E-Mail Security Policy
267(4)
A-5 Internet Policy
271(4)
A-6 Security Lists
275(2)
A-7 Security Standards and Procedures Manual Table of Contents
277(6)
A-8 Anti-Virus Update Procedure
283(4)
B-1 Security Assessment Workplan
287(14)
B-2 AApplication Security Assessment
301(8)
B-3 Network Security Assessment Workplan
309(12)
B-4 Windows NT Assessment Workplan
321(6)
B-5 Telecommunications Security Assessment Workplan
327(4)
C-1 Computer Incident/Emergency Response Plan
331(6)
C-2 Sample Line of Business Security Plan
337(28)
D Intrusion Checklist
365

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program