A Practical Guide to Security Assessments

A Practical Guide to Security Assessments presents a structured methodology for conducting assessments. The methodology stresses gaining an understanding of business goals and processes and then determining whether security measures are properly aligned with business risks. This methodology is a phased approach to conducting security assessments, from initial planning to the development of recommendations and the final report. In addition to the methodology, the book includes an appendix that contains questionnaires for common information security topics that can be modified and used to conduct security assessments.

Novice security professionals can use this methodology for conducting security assessments and experienced professionals can enhance their current approach. Management can also use the methodology for evaluating security risks on an ongoing basis.

Features

• Provides a detailed step-by-step methodology for conducting security assessments
• Analyzes the history of information security and its evolution as a discipline
• Discusses relevant standards such as ISO 177799, COBIT, and others
• Examines relevant legislation affecting information security
• Includes an appendix containing questionnaires that cover common areas of information security; these can be tailored for conducting security assessments
• Offers guidance in each question explaining potential risks and why the question is relevant

About the Author

Sudhanshu Kairab has over ten years of experience in audit and security. He started in public accounting at a Big Four firm, where he conducted financial audits in a range of industries including financial services, utilities, and healthcare. He has also worked as an internal auditor for a major pharmaceutical company. At this company he was also involved in an ERP rollout, where he focused on security and internal controls. Over the past six years, he has focused on information security and audit. Specifically, he has been involved in conducting security assessment and providing other security consulting services.

Mr. Kairab earned his bachelor’s degree from Bucknell University, Lewisburg, Pennsylvania and an MBA and Masters in Accounting from Northeastern University, Boston, Massachusetts. He has obtained the CISA (Certified Information Systems Auditor) and CISSP (Certified Information Systems Security Professional) certifications. He is also a member of the Information Systems Audit & Control Association and the Information Systems Security Association, where he is a member of the Professional Ethics Committee.