Information Assurance - 1st Edition - ISBN: 9780750673273, 9780080508719

Information Assurance

1st Edition

Managing Organizational IT Security Risks

Authors: Joseph Boyce Daniel Jennings
eBook ISBN: 9780080508719
Paperback ISBN: 9780750673273
Imprint: Butterworth-Heinemann
Published Date: 3rd June 2002
Page Count: 261
Tax/VAT will be calculated at check-out Price includes VAT (GST)
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
73.95
51.77
51.77
51.77
51.77
51.77
59.16
59.16
60.95
42.66
42.66
42.66
42.66
42.66
48.76
48.76
48.99
34.29
34.29
34.29
34.29
34.29
39.19
39.19
79.95
55.97
55.97
55.97
55.97
55.97
63.96
63.96
Unavailable
Price includes VAT (GST)
× DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

Written by two INFOSEC experts, this book provides a systematic and practical approach for establishing, managing and operating a comprehensive Information Assurance program. It is designed to provide ISSO managers, security managers, and INFOSEC professionals with an understanding of the essential issues required to develop and apply a targeted information security posture to both public and private corporations and government run agencies.

There is a growing concern among all corporations and within the security industry to come up with new approaches to measure an organization's information security risks and posture. Information Assurance explains and defines the theories and processes that will help a company protect its proprietary information including:

  • The need to assess the current level of risk.
  • The need to determine what can impact the risk.
  • The need to determine how risk can be reduced.

The authors lay out a detailed strategy for defining information security, establishing IA goals, providing training for security awareness, and conducting airtight incident response to system compromise. Such topics as defense in depth, configuration management, IA legal issues, and the importance of establishing an IT baseline are covered in-depth from an organizational and managerial decision-making perspective.

Key Features

  • Experience-based theory provided in a logical and comprehensive manner.
  • Management focused coverage includes establishing an IT security posture, implementing organizational awareness and training, and understanding the dynamics of new technologies.
  • Numerous real-world examples provide a baseline for assessment and comparison.

Readership

Security Managers, INFOSEC Managers, Operational Managers, Information and Operational System Auditors, IT System Administrators and IT Network Managers.

Table of Contents

Section I - The Organizational IA Program: The Practical and Conceptual Foundation Ch. 1 IA and the Organization: The Challenges Ch. 2 Basic Security Concepts, Principles, and Strategy Section II - Defining the Organization's Current IA Posture Ch. 3 Determining the Organization's IA Baseline Ch. 4 Determining IT Security Priorities Ch. 5 The Organization's IA Posture III - Establishing and Managing an IA Defense In Depth Strategy within an Organization Ch. 6 Layer 1: IA Policies Ch. 7 Layer 2: IA Management Ch. 8 Layer 3: IA Architecture Ch. 9 Layer 4: Operational Security Administration; Ch. 10 Layer 5: Configuration Management Ch. 11 Layer 6: Life-Cycle Security Ch. 12 Layer 7: Contingency Planning Ch. 13 Layer 8: IA Education, Training, and Awareness Ch. 14 Layer 9: IA Policy Compliance Oversight Ch. 15 Layer 10: IA Incident Response Ch. 16 Layer 11: IA Reporting Appendix

Details

No. of pages:
261
Language:
English
Copyright:
© Butterworth-Heinemann 2002
Published:
Imprint:
Butterworth-Heinemann
eBook ISBN:
9780080508719
Paperback ISBN:
9780750673273

About the Author

Joseph Boyce

Joseph G. Boyce, CISA, is a Senior Information Assurance (IA) Manager within the Department of Defense (DoD). He has over 25 years of experience as an IA INFOSEC professional with particular expertise in developing and managing large-scale organizational IA programs to ensure the protection of highly critical and sensitive information. Mr. Boyce attended the Advanced Management Program of the U.S. National Defense University’s Information Resources Management College and holds an M.S. degree in Information Systems from the U.S. Naval Postgraduate School and an M.P.A. degree from Harvard University.

Daniel Jennings

Dan W. Jennings has over 20 years of IT experience within the U.S. Department of Defense and has held security management positions within the U.S. European Command (USEUCOM) for the past 10 years. He is well known and respected as the USEUCOM theater’s Department of Defense Intelligence Information System (DoDIIS) security representative at the national level. He holds a Bachelor’s degree in Information Systems Management from the University of Maryland.

Reviews

Information security experts with the Department of Defense, authors Joseph Boyce and Dan Jennings outline the steps needed to develop an information assurance plan to protect an organization’ knowledge and information. Though the authors’ backgrounds are in government, the book is as applicable to protecting the proprietary corporate information as it is to safeguarding classified government data. Perhaps the best resource in the book is the wealth of references cited, leading the reader to a trove of additional information. It is a high-level overview of the necessary elements of an effective information-assurance plan and strategy, written in such a way that it can be used to explain the fundamentals to management. – Security Management