Information Protection Playbook
View on ScienceDirect

Information Protection Playbook

1st Edition - September 17, 2013

Write a review

  • Editors: Greg Kane, Lorna Koppel
  • Paperback ISBN: 9780124172326
  • eBook ISBN: 9780124172425

Purchase options

Purchase options
Available
DRM-free (Mobi, EPub, PDF)
eBook Format Help
Sales tax will be calculated at check-out

Institutional Subscription

Support CenterReturns & Refunds
Free Global Shipping
No minimum order

Description

The primary goal of the Information Protection Playbook is to serve as a comprehensive resource for information protection (IP) professionals who must provide adequate information security at a reasonable cost. It emphasizes a holistic view of IP: one that protects the applications, systems, and networks that deliver business information from failures of confidentiality, integrity, availability, trust and accountability, and privacy. Using the guidelines provided in the Information Protection Playbook, security and information technology (IT) managers will learn how to implement the five functions of an IP framework: governance, program planning, risk management, incident response management, and program administration. These functions are based on a model promoted by the Information Systems Audit and Control Association (ISACA) and validated by thousands of Certified Information Security Managers. The five functions are further broken down into a series of objectives or milestones to be achieved in order to implement an IP framework. The extensive appendices included at the end of the book make for an excellent resource for the security or IT manager building an IP program from the ground up. They include, for example, a board of directors presentation complete with sample slides; an IP policy document checklist; a risk prioritization procedure matrix, which illustrates how to classify a threat based on a scale of high, medium, and low; a facility management self-assessment questionnaire; and a list of representative job descriptions for roles in IP. The Information Protection Playbook is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs.

Key Features

  • Emphasizes information protection guidelines that are driven by business objectives, laws, regulations, and industry standards
  • Draws from successful practices in global organizations, benchmarking, advice from a variety of subject-matter experts, and feedback from the organizations involved with the Security Executive Council
  • Includes 11 appendices full of the sample checklists, matrices, and forms that are discussed in the book

Readership

Mid- to upper-level security and information technology managers; security and information technology practitioners; students enrolled in two- and four-year college programs for security or computer science

Table of Contents

  • Acknowledgments

    Executive Summary

    What is a Playbook?

    About the Information Protection Playbook

    IP Program

    Introduction

    Assumptions

    IP Strategy

    Chapter 1. Information Protection Function One: Governance

    Implementation One: Strategic Management

    Implementation Two: Reporting and Communication

    Implementation Three: Policies

    Implementation Four: Regulations and Compliance Management

    Implementation Five: Roles and Responsibilities

    Implementation Six: Procedures and Guidelines

    Implementation Seven: Portfolio Management

    Governance Improvement

    Additional Information

    Chapter 2. Information Protection Function Two: Program Planning

    BASELINES, STANDARDS, Procedures, and Guidelines

    Accountability and Resources

    Metrics

    For More Information

    Chapter 3. Information Protection Function Three: Risk Management

    Risk Assessment

    Risk Communication Procedure

    Risk Management Methodologies

    For More Information

    Chapter 4. Information Protection Function Four: Incident Response Management

    Process

    Plans, Exercises, Activation, Documentation, and Improvement

    For More Information

    Chapter 5. Information Protection Function Five: Program Administration

    Compliance

    Metrics

    Change Management

    Awareness

    Key Points

    For More Information

    Appendix A. Playbook Summary

    What’s Here

    How to Use This Appendix

    Summary

    Appendix B. Board of Directors Presentation

    What’s Here

    How to Use This Appendix

    Example Presentation

    Appendix C. Information Protection Policies Checklist

    What’s Here

    How to Use This Appendix

    Example Policy Documents

    Example Data Classification Policy Elements

    Appendix D. An Example Roles and Responsibilities RACI Matrix

    What’s Here

    How to Use This Appendix

    Example RACI Matrix

    Appendix E. Risk Prioritization Procedure Matrix

    What’s Here

    How to Use This Appendix

    Risk Prioritization Matrix

    Appendix F. Security Awareness and Training Menu

    What’s Here

    How to Use This Appendix

    Security Awareness and Training Delivery Methods

    Security Awareness and Training Menu

    Appendix G. Risk Assessment and Compliance Checklist

    What’s Here

    How to Use This Appendix

    Risk Assessment and Compliance Checklist

    Appendix H. Incident Response

    What’s Here

    How to Use This Appendix

    Incident Response Planning

    Incident Reaction

    Appendix I. Facility Management Self-Assessment

    What’s Here

    How to Use This Appendix

    Self-assessment Questionnaire

    Appendix J. Roles in Information Protection

    What’s Here

    How to Use This Appendix

    Example Positions

    Appendix K. Measurement in Information Protection

    What’s Here

    How to Use This Appendix

    Initial Measurement Program

    Evolutionary Process Improvement

    Additional Resources

    References

    About the Contributing Editors

    About Elsevier’s Security Executive Council Risk Management Portfolio

Product details

  • No. of pages: 128
  • Language: English
  • Copyright: © Elsevier 2013
  • Published: September 17, 2013
  • Imprint: Elsevier
  • Paperback ISBN: 9780124172326
  • eBook ISBN: 9780124172425

About the Editors

Greg Kane

Greg Kane
Greg Kane has held a director role for the Security Executive Council since 2006. In this role he is responsible for mitigating risk as it applies to IT systems and the extensive intellectual property assets contained within. He has been responsible for disaster recovery and business continuity for various organizations for over 20 years. His work experience also includes analysis of security-related regulations, standards, and guidelines in order to encourage efficient and value-added compliance management. Greg leverages his strong skills in research and analysis to write a monthly security newsletter published to an audience of over 10,000 security practitioners. Before joining the Security Executive Council, Greg provided services to multiple businesses from retail to high tech manufacturing. This included more than 10 successful years with a leading international business consulting services provider. Greg's educational background includes an MS degree in computer science and an MBA.

Affiliations and Expertise

Director of IT and product technology, Security Executive Council

Lorna Koppel

Lorna Koppel
Lorna Koppel has been the VP, chief information security officer (CISO) for Iron Mountain since January 2013. Her role is designed to bring focus to growing information security (IS) needs and to deliver an effective global IS program to protect Iron Mountain’s proprietary and confidential information, customer information, and the technology infrastructure.

Her key responsibilities at Iron Mountain include overseeing IS governance, including global policies, standards, and the technology architecture strategy; assessing and managing IS compliance and assurance needs for Iron Mountain’s customers; and overseeing the Computer Incident Response Center, technology risk assessments, and risk management processes.

Lorna has an extensive background in IS with over 20 years of experience in security and systems administration, risk analysis, and the implementation of high-profile global strategic initiatives. Throughout her career, she has worked closely with senior leaders and cross-functional teams to develop and execute strategic and tactical security programs, as well as develop strategies to address regulatory compliance mandates and other security-related requirements.

Prior to joining Iron Mountain, Lorna was the CISO for global consumer goods manufacturer Kohler, and director of global security at network service provider BT/Infonet Services Corp. She began her career as a meteorologist with the US Air Force and has degrees from Bowling Green State University, Penn State, and the State University of New York at Albany.

In November 2010 Lorna was recognized as one of the industry’s “Most Influential People in Security” in the information technology/cyber security practitioners category by Security magazine.

Affiliations and Expertise

CISO, Iron Mountain; Tier 1 Security Leader Board of Advisors, Security Executive Council

Ratings and Reviews

Write a review

There are currently no reviews for "Information Protection Playbook"