Описание: Developing an information security program that adheres to the principle of security as a business enabler must be the first step in an enterprise’s effort to build an effective security program. Following in the footsteps of its bestselling predecessor, Information Security Fundamentals, Second Edition provides information security professionals with a clear understanding of the fundamentals of security required to address the range of issues they will experience in the field.The book examines the elements of computer security, employee roles and responsibilities, and common threats. It discusses the legal requirements that impact security policies, including Sarbanes-Oxley, HIPAA, and the Gramm-Leach-Bliley Act. Detailing physical security requirements and controls, this updated edition offers a sample physical security policy and includes a complete list of tasks and objectives that make up an effective information protection program. Includes ten new chapters Broadens its coverage of regulations to include FISMA, PCI compliance, and foreign requirements Expands its coverage of compliance and governance issues Adds discussions of ISO 27001, ITIL, COSO, COBIT, and other frameworks Presents new information on mobile security issues Reorganizes the contents around ISO 27002 The book discusses organization-wide policies, their documentation, and legal and business requirements. It explains policy format with a focus on global, topic-specific, and application-specific policies. Following a review of asset classification, it explores access control, the components of physical security, and the foundations and processes of risk analysis and risk management.The text concludes by describing business continuity planning, preventive controls, recovery strategies, and how to conduct a business impact analysis. Each chapter in the book has been written by a different expert to ensure you gain the comprehensive understanding of what it takes to develop an effective information security program.
Автор: Howard Название: FISMA Principles and Best Practices ISBN: 1420078291 ISBN-13(EAN): 9781420078299 Издательство: Taylor&Francis Рейтинг: Цена: 7105 р. Наличие на складе: Невозможна поставка.
Описание: Detailing a proven approach for establishing and implementing a comprehensive information security program, this book integrates compliance review, technical monitoring, and remediation efforts to explain how to achieve and maintain compliance with Federal Information Security Management Act (FISMA) requirements. Based on the author’s experience developing, implementing, and maintaining enterprise FISMA-based information technology security programs at three major federal agencies, the book provides workable solutions for establishing and operating an effective security compliance program. It delineates the processes, practices, and principles involved in managing the complexities of FISMA compliance.
Описание: This book illustrates how policies and procedures support the efficient running of an organization. It points out how security documents and standards are key elements in the business process, but should never be undertaken to satisfy a perceived audit or security requirement. Instead, policies, standards, and procedures should exist only to support business objectives or mission requirements. The authors emphasize how information security must be integrated into all business processes. The book examines Tier 1, Tier 2, and Tier 3 policies.
Описание: Implement SIEM to efficiently analyze and report data, respond to inside and outside threats, and follow compliance regulations
"Security Information and Event Management (SIEM) Implementation" shows how to take advantage of SIEM technology for real-time analysis of security alerts generated by network hardware and applications. The book explains how to implement multiple SIEM products from different vendors, and also discusses the strengths, weaknesses, and advanced tuning of these various systems.
This comprehensive guide covers everything from basic concepts and components to high-level configuration, risk and threat analysis, interpretation, and response. The separate pieces that make up a complete SIEM system are outlined, and techniques for deploying an integrated collection of discrete SIEM pieces to meet your requirements are presented. You will also learn how to extend SIEM tools to develop business intelligence solutions.
"Security Information and Event Management (SIEM) Implementation" Includes a Smartbook--a knowledge base of real-world business use cases illustrating successfully deployed, finely-tuned SIEM systems Covers the top SIEM products/vendors: ArcSight, Q1 QRadar, and Cisco MARS Is written by security, SIEM, and compliance experts Includes product feature summaries and analyses and trending examples Covers regulatory compliance issues and provides Incident Response solutions
All-inclusive coverage: Introduction to Threat Intelligence For IT Systems; Business Models; Threat Models; Compliance; SIEM Concepts - Components for small and medium size businesses; The Anatomy of SIEM Systems; Incident Response; SIEM for Business Intelligence; SIEM Tools; Open Systems SIEM Implementation; Open Systems SIEM Advanced Techniques; Cisco Security-MARS Implementation; Cisco Security-MARS Advanced Techniques; Q1 Labs QRadar Implementation; Q1 Labs Advanced Techniques; ArcSight Implementation; ArcSight Advanced Techniques
Автор: Mark Talabis Название: Information Security Risk Assessment Toolkit, ISBN: 1597497355 ISBN-13(EAN): 9781597497350 Издательство: Elsevier Science Рейтинг: Цена: 3577 р. 3974.00-10% Наличие на складе: Есть у поставщика Поставка под заказ.
Описание: In order to protect company’s information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments. Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored. Information Security Risk Assessment Toolkitgives you the tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders.
Автор: Scherling Название: Practical Risk Management for the CIO ISBN: 1439856532 ISBN-13(EAN): 9781439856536 Издательство: Taylor&Francis Рейтинг: Цена: 8026 р. Наличие на складе: Поставка под заказ.
Описание: Detailing procedures that will help your team perform better risk assessments and aggregate results into more meaningful metrics, Practical Risk Management for the CIO approaches information risk management through improvements to information management and information security. It provides easy-to-follow guidance on how to effectively manage the flow of information and incorporate both service delivery and reliability. Clarifying common misunderstandings about the risks in cyberspace, this book provides the foundation required to make more informed decisions and effectively manage, protect, and deliver information to your organization and its constituents.
Автор: Pompon Название: IT Security Risk Control Management ISBN: 1484221397 ISBN-13(EAN): 9781484221396 Издательство: Springer Рейтинг: Цена: 4207 р. Наличие на складе: Есть у поставщика Поставка под заказ.
Описание: This book explains how to construct an information security program, from inception to audit, with enduring, practical, hands-on advice and actionable behavior for IT professionals. Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking.IT Security Risk Control Management provides step-by-step guidance on how to craft a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constant changing threats. Readers will understand the paradoxes of information security and discover handy tools that hook security controls into business processes. With this book, you will be able to equip your security program to prepare for and pass such common audits as PCI, SSAE-16 and ISO 27001. In addition, you will learn the depth and breadth of the expertise necessary to become an adaptive and effective security professional. This book:Starts at the beginning of how to approach, scope, and customize a security program to fit an organization.Walks you through how to implement the most challenging processes, pointing out common pitfalls and distractions.Teaches you how to frame security and risk issues to be clear and actionable to decision makers, technical personnel, and users. What you’ll learnHow to organically grow a useful, functional security program appropriate to an organization's culture and requirementsHow to inform, advise, and influence executives, IT staff, and users on information securityHow to think like a seasoned security professional, understanding how cyber-criminals subvert systems with subtle and insidious tricks.How to analyze, select, implement, and monitor security controls such as change control, vulnerability management, incident response, and access controls.How to prepare an organization to pass external formal audits such as PCI, SSAE-16 or ISO 27001How to write clear, easy to follow, comprehensive security policies and proceduresWho This Book Is ForIT professionals moving into the security field; new security managers, directors, project heads, and would-be CISOs; and security specialists from other disciplines moving into information security (e.g., former military security professionals, law enforcement professionals, and physical security professionals).
Описание: This insider’s guide examines computer security from the hacker's perspective, demonstrating how a security system can be designed and structured to repel an attack. It shows how an attack is conceptualized, formulated, and performed. With the VMware® Workstation software package available on the accompanying CD-ROM, it uses virtual computers to illustrate how an attack is executed, including the script, compilation, and results. It offers examples of attacks on Windows and Linux. The book also covers such topics as footprinting, scanning, sniffing, passwords, and other attack tools. Filled with information not readily available elsewhere, this text provides valuable armor for constructing a defensible system.
Описание: Addresses ASP.NET 3.5, AJAX, and IIS 7 security from the developer`s point of view. This book looks at the fresh features of IIS 7.0 and focuses on IIS 7.0 and ASP.NET 3.5 integration. It gives a detailed explanation of the request life cycle for an ASP.NET application running on IIS 7.
Автор: Collette Название: CISO Soft Skills ISBN: 1420089102 ISBN-13(EAN): 9781420089103 Издательство: Taylor&Francis Рейтинг: Цена: 6896 р. Наличие на складе: Есть у поставщика Поставка под заказ.
Описание: A companion volume to the highly touted CISO Handbook, this book presents tools to empower organizations to identify the intangible negative influences on security that plague most organizations, and provides further techniques for security professionals to identify, minimize, and overcome these pitfalls within their own customized situations. The book also discusses some proactive techniques that CISOs can utilize in order to effectively secure challenging work environments. Reflecting the experience and solutions of those that are in the trenches of modern organizations, this volume provides practical ideas that can make a difference in the daily lives of security practitioners.
Автор: Raggad Название: Information Security Management ISBN: 1420078542 ISBN-13(EAN): 9781420078541 Издательство: Taylor&Francis Рейтинг: Цена: 7627 р. Наличие на складе: Невозможна поставка.
Описание: An authoritative and practical classroom resource, Information Security Management: Concepts and Practice provides a general overview of security auditing before examining the various elements of the information security life cycle. It explains the ISO 17799 standard and walks readers through the steps for conducting a nominal security audit that conforms to the standard. The text also provides detailed guidance for conducting an in-depth technical security audit leading to certification against the 27001 standard. Topics addressed include cyber security, security risk assessments, privacy rights, HIPAA, SOX, intrusion detection systems, security testing activities, cyber terrorism, and vulnerability assessments.
Название: Port Security Management ISBN: 142006892X ISBN-13(EAN): 9781420068924 Издательство: Taylor&Francis Рейтинг: Цена: 5746 р. Наличие на складе: Поставка под заказ.
Описание: Focusing on organizational structure and operations oversight, this book explores security management in the port facility environment. It begins with a historical perspective on maritime and port security and presents the management of risk assessment within the context of the unique vulnerabilities within the maritime and port sector.
ООО "Логосфера " Тел:+7(495) 980-12-10 www.logobook.ru