Information Assurance: Managing Organizational IT Security Risks

  • 5h 3m
  • Dan W. Jennings, Joseph G. Boyce
  • Elsevier Science and Technology Books, Inc.
  • 2002

Written by two INFOSEC experts, Information Assurance provides a systematic and practical approach for establishing, managing, and operating a comprehensive Information Assurance program. It is designed to provide ISSO managers, security managers, and INFOSEC professionals with an understanding of the essential issues required to develop and apply a targeted information security posture for both public and private corporations and government-run agencies.

There is a growing emphasis among all corporations and organizations within the security community on designing new approaches to measure an organization’s information security risks and posture. Information Assurance explains and defines the theories and processes that will help a company protect its proprietary information including:

  • The need to assess the current level of risk
  • The need to determine what can impact the risk
  • The need to determine how risk can be reduced

The authors lay out a detailed strategy for defining information security, establishing IA goals, providing training for security awareness, and conducting airtight incident response to system compromise. Such topics as Defense in Depth, configuration management, IA legal issues, and the importance of establishing an IT baseline are covered in-depth from an organizational and managerial decision-making perspective. This guide will serve as an invaluable resource to all information security professionals and managers responsible for establishing, implementing, and maintaining IT system security policies and procedures.

About the Authors

Joseph G. Boyce, CISA, is a Senior Information Assurance (IA) Analyst within the Department of Defense (DoD). He has over 25 years of experience as an IA INFOSEC professional with particular expertise in developing and managing large-scale organizational IA programs to ensure the protection of highly critical and sensitive information. Mr. Boyce attended the Advanced Management Program of the U.S. National Defense University’ Information Resources Management College and holds an M.S. degree in Information Systems fro the U.S. Naval Postgraduate School and an M.P.A. degree from Harvard University.

Dan W. Jennings has over 20 years of IT experience within the U.S. Department of Defense and has held security management positions within the U.S. European Command (USEUCOM) for the past 10 years. He is well known and respected as the USEUCOM theater’s Department of Defense Intelligence Information System (DoDIIS) security representative at the national level. He holds a Bachelor’s degree in Information Systems Management from the University of Maryland.

In this Book

  • IA and the Organization: The Challenges
  • Basic Security Concepts, Principles, and Strategy
  • Determining the Organization's IA Baseline
  • Determining IT Security Priorities
  • The Organization's IA Posture
  • Layer 1: IA Policies
  • Layer 2: IA Management
  • Layer 3: IA Architecture
  • Layer 4: Operational Security Administration
  • Layer 5: Configuration Management
  • Layer 6: Life-Cycle Security
  • Layer 7: Contingency Planning
  • Layer 8: IA Education, Training, and Awareness
  • Layer 9: IA Policy Compliance Oversight
  • Layer 10: IA Incident Response
  • Layer 11: IA Reporting
SHOW MORE
FREE ACCESS

YOU MIGHT ALSO LIKE

Course Mitigating Security Risks: Information Security Governance
Rating 4.4 of 47 users Rating 4.4 of 47 users (47)
Course Information Security Practices: InfoSec Vendor Management
Rating 4.6 of 5 users Rating 4.6 of 5 users (5)
Course InfoSec Crisis Management & Incident Response
Rating 4.7 of 7 users Rating 4.7 of 7 users (7)