Security Information and Event Management (Siem) Implementation, Miller David, Payton Zachary, Harper Allen
Автор: Mark Talabis Название: Information Security Risk Assessment Toolkit, ISBN: 1597497355 ISBN-13(EAN): 9781597497350 Издательство: Elsevier Science Рейтинг: Цена: 3577 р. 3974.00-10% Наличие на складе: Есть у поставщика Поставка под заказ.
Описание: In order to protect company’s information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments. Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored. Information Security Risk Assessment Toolkitgives you the tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders.
Описание: Helps IT managers and assets protection professionals to assure the protection and availability of digital information and related information systems assets. This book bridges the gap between information security, information systems security and information warfare. It examines why organizations need to take information assurance seriously.
Описание: This book constitutes the refereed proceedings of the 4th International Conference on Information and Communication Security, ICICS 2002, held in Singapore in December 2002.The 41 revised full papers presented were carefully reviewed and selected from a total of 161 submissions. The papers are organized in topical sections on system security, crypto systems, security protocols, fingerprinting and watermarking, efficient implementation of algorithms, access control, and cryptanalysis and cryptographic techniques.
Описание: A compilation of the fundamental knowledge, skills, techniques, and tools required by all security professionals, this work forms the basis on which all IT
security programs and certifications are created. Considered the gold-standard reference of Information Security, the 2009 CD-Rom edition includes coverage of each domain of the
Common Body of Knowledge, the standard of knowledge required by IT security professionals worldwide. In step with the lightening-quick, increasingly fast pace of change in the
technology field, this CD is revised annually, keeping IT professionals updated and current in their field and on the job.
Описание: Includes coverage of each domain of the Common Body of Knowledge, the standard of knowledge required by IT security professionals worldwide. This book includes information on mobile device security, adaptive threat defense, Web 2.0, virtualization, data leakage, and governance.
Описание: Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise’s effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and responsibilities, and common threats. It discusses the legal requirements that impact security policies, including Sarbanes-Oxley, HIPAA, and the Gramm-Leach-Bliley Act. Detailing physical security requirements and controls, this updated edition offers a sample physical security policy and includes a complete list of tasks and objectives that make up an effective information protection program. Includes ten new chapters Broadens its coverage of regulations to include FISMA, PCI compliance, and foreign requirements Expands its coverage of compliance and governance issues Adds discussions of ISO 27001, ITIL, COSO, COBIT, and other frameworks Presents new information on mobile security issues Reorganizes the contents around ISO 27002 The book discusses organization-wide policies, their documentation, and legal and business requirements. It explains policy format with a focus on global, topic-specific, and application-specific policies. Following a review of asset classification, it explores access control, the components of physical security, and the foundations and processes of risk analysis and risk management.The text concludes by describing business continuity planning, preventive controls, recovery strategies, and how to conduct a business impact analysis. Each chapter in the book has been written by a different expert to ensure you gain the comprehensive understanding of what it takes to develop an effective information security program.
Описание: Prepares readers for the Certified Information Security Manager (CISM) exam, ISACA's new certification that launches in June 2003 CISM is business-oriented and intended for the individual who must manage, design, oversee, and assess an enterprise's information security Essential reading for those who are cramming for this new test and need an authoritative study guide Many out-of-work IT professionals are seeking security management certification as a vehicle to re-employment CD-ROM includes a Boson-powered test engine with all the questions and answers from the book
Автор: Raggad Название: Information Security Management ISBN: 1420078542 ISBN-13(EAN): 9781420078541 Издательство: Taylor&Francis Рейтинг: Цена: 7627 р. Наличие на складе: Невозможна поставка.
Описание: An authoritative and practical classroom resource, Information Security Management: Concepts and Practice provides a general overview of security auditing before examining the various elements of the information security life cycle. It explains the ISO 17799 standard and walks readers through the steps for conducting a nominal security audit that conforms to the standard. The text also provides detailed guidance for conducting an in-depth technical security audit leading to certification against the 27001 standard. Topics addressed include cyber security, security risk assessments, privacy rights, HIPAA, SOX, intrusion detection systems, security testing activities, cyber terrorism, and vulnerability assessments.
Описание: This book illustrates how policies and procedures support the efficient running of an organization. It points out how security documents and standards are key elements in the business process, but should never be undertaken to satisfy a perceived audit or security requirement. Instead, policies, standards, and procedures should exist only to support business objectives or mission requirements. The authors emphasize how information security must be integrated into all business processes. The book examines Tier 1, Tier 2, and Tier 3 policies.
Описание: Although compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control. Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will help readers elicit management opinions on information security and document the formal and informal procedures currently in place. Topics covered include: Entity-level policies and procedures Access-control policies and procedures Change control and change management System information integrity and monitoring System services acquisition and protection Informational asset management Continuity of operations The book supplies you with the tools to use the full range of compliance standards as guides for writing policies that meet the security needs of your organization. Detailing a methodology to facilitate the elicitation process, it asks pointed questions to help you obtain the information needed to write relevant policies. More importantly, this methodology can help you identify the weaknesses and vulnerabilities that exist in your organization.A valuable resource for policy writers who must meet multiple compliance standards, this guidebook is also available in eBook format. The eBook version includes hyperlinks beside each statement that explain what the various standards say about each topic and provide time-saving guidance in determining what your policy should include.
Описание: Information Security Policies, Procedures, and Standards: A Practitioner's Reference gives you a blueprint on how to develop effective information security policies and procedures. It uses standards such as NIST 800-53, ISO 27001, and COBIT, and regulations such as HIPAA and PCI DSS as the foundation for the content. Highlighting key terminology, policy development concepts and methods, and suggested document structures, it includes examples, checklists, sample policies and procedures, guidelines, and a synopsis of the applicable standards. The author explains how and why procedures are developed and implemented rather than simply provide information and examples. This is an important distinction because no two organizations are exactly alike; therefore, no two sets of policies and procedures are going to be exactly alike. This approach provides the foundation and understanding you need to write effective policies, procedures, and standards clearly and concisely. Developing policies and procedures may seem to be an overwhelming task. However, by relying on the material presented in this book, adopting the policy development techniques, and examining the examples, the task will not seem so daunting. You can use the discussion material to help sell the concepts, which may be the most difficult aspect of the process. Once you have completed a policy or two, you will have the courage to take on even more tasks. Additionally, the skills you acquire will assist you in other areas of your professional and private life, such as expressing an idea clearly and concisely or creating a project plan.
Описание: With a focus on the technical issues related to digital privacy and information management, this book is an in-depth examination of how different privacy mechanisms are motivated, designed, analyzed, tested and finally implemented in companies or institutions.
ООО "Логосфера " Тел:+7(495) 980-12-10 www.logobook.ru