This is the only book that covers all the topics that any budding security manager needs to know! This book is written for managers responsible for IT/Security departments from mall office environments up to enterprise networks.
These individuals do not need to know about every last bit and byte, but they need to have a solid understanding of all major, IT security issues to effectively manage their departments. This book is designed to cover both the basic concepts of security, non – technical principle and practices of security and provides basic information about the technical details of many of the products - real products, not just theory.
Written by a well known Chief Information Security Officer, this book gives the information security manager all the working knowledge needed to: Design the organization chart of his new security organization Design and implement policies and strategies Navigate his way through jargon filled meetings Understand the design flaws of his E-commerce and DMZ infrastructure
* A clearly defined guide to designing the organization chart of a new security organization and how to implement policies and strategies
* Navigate through jargon filled meetings with this handy aid
* Provides information on understanding the design flaws of E-commerce and DMZ infrastructure
For managers responsible for IT/Security departments from small office environments up to enterprise networks.
Table of Contents
About the Author
About Interoute Communications Limited
About the Technical Editor
How to Use this Book
Chapter 1: The Security Organization
Where Should Security Sit? Below the CEO, CTO, or CFO
Your Mission: If You Choose to Accept It
Role of the Security Function: What’s in a Job?
The Hybrid Security Team: Back to Organizational Studies
What Makes a Good CISO?
Chapter 2: The Information Security Policy
Policy, Strategy, and Standards: Business Theory
Back to Security
The Security Strategy and the Security Planning Process
Security Policy Revisited
Security Standards Revisited
Compliance and Enforcement
Chapter 3: Jargon, Principles, and Concepts
CIA: Confidentiality, Integrity, and Availability
The Vulnerability Cycle
Types of Controls
Other Concepts You Need to Know
Generic Types of Attack
Chapter 4: Information Security Laws and Regulations
Chapter 5: Information Security Standards and Audits