Security De-Engineering: Solving the Problems in Information Risk Management
As hacker organizations surpass drug cartels in terms of revenue generation, it is clear that the good guys are doing something wrong in information security. Providing a simple foundational remedy for our security ills, Security De-Engineering: Solving the Problems in Information Risk Management is a definitive guide to the current problems impacting corporate information risk management. [...]
Untying the Gordian Knot, Demystifying Information Risk Assessment
Information Risk Assessment is both a process and the product of the process, most managers do not know what to exprect to receive in an assessment or understand the process used to develop it. This volume explains the content by providing a suggest table of contents and suggested content for each section of the document. [...]
The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice
As part of the Syngress Basics series, The Basics of Information Security provides you with fundamental knowledge of information security in both theoretical and practical aspects. It covers the basic knowledge needed to understand the key concepts of confidentiality, integrity, and availability. Then it dives into practical applications of these ideas in the areas of [...]
US official say weak computer security among allies makes sharing cyber information a risk – Washington Post
WASHINGTON — A senior Pentagon official says international cooperation on developing better tools and methods to prevent cyberattacks is being undermined by poor computer security among U.S. allies. Rear Adm. Samuel Cox, who is director of intelligence … “computer security” – Bing News
Information Security Risk Analysis, Second Edition
The risk management process supports executive decision-making, allowing managers and owners to perform their fiduciary responsibility of protecting the assets of their enterprises. This crucial process should not be a long, drawn-out affair. To be effective, it must be done quickly and efficiently.Information Security Risk Analysis, Second Edition enables CIOs, CSOs, and MIS managers to [...]
CISA Certified Information Systems Auditor Study Guide
The industry-leading study guide for the CISA exam, fully updatedMore than 27,000 IT professionals take the Certified Information Systems Auditor exam each year. SC Magazine lists the CISA as the top certification for security professionals. Compliances, regulations, and best practices for IS auditing are updated twice a year, and this is the most up-to-date book [...]
Writing Information Security Policies, Volume 4, The Roles and Responsibilities Policy
Roles are assigned to users based on assigned duties. A role usually consists of discrete sets of privileges and responsibilities. Use of privilege is a concern as it allows a user to violate the security policy. The risk is addressed by accountability, applied to deter damaging behavior. This policy is closely paired with the Personnel [...]
New Report Calls for Enhanced Security to Safeguard Protected Health Information – MSN Money
ANSI, The Santa Fe Group/Shared Assessments Program Healthcare Working Group, and the Internet Security Alliance to Host Congressional Briefing Today; White House Cybersecurity Coordinator Howard Schmidt Invited to Speak at Press Conference … “internet security” – Bing News
Information Risk Management in an Age of Enterprise
Ecommerce has become an integral part of critical business processes throughout organizatuions large and small. The risks to sensitive assets remain poorly understood by managers and other key stakeholders. Soultions are found in the application of protection measures to reduce risks and potential losses. Making systems safe enough means mitigating risks to the point they [...]
Information Security: Principles and Practices
For an introductory course in information security covering principles and practices. This text covers the ten domains in the Information Security Common Body of Knowledge, which are Security Management Practices, Security Architecture and Models, Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP), Law, Investigations, and Ethics, Physical Security, Operations Security, Access Control Systems and [...]
