Information Security Management: Concepts and Practice
- 14h 14m
- Bel G. Raggad
- CRC Press
- 2010
Information security cannot be effectively managed unless secure methods and standards are integrated into all phases of the information security life cycle. And, although the international community has been aggressively engaged in developing security standards for network and information security worldwide, there are few textbooks available that provide clear guidance on how to properly apply the new standards in conducting security audits and creating risk-driven information security programs.
An authoritative and practical classroom resource, Information Security Management: Concepts and Practice provides a general overview of security auditing before examining the various elements of the information security life cycle. It explains the ISO 17799 standard and walks readers through the steps of conducting a nominal security audit that conforms to the standard. The text also provides detailed guidance for conducting an in-depth technical security audit leading to certification against the 27001 standard. Topics addressed include cyber security, security risk assessments, privacy rights, HIPAA, SOX, intrusion detection systems, security testing activities, cyber terrorism, and vulnerability assessments.
This self-contained text is filled with review questions, workshops, and real-world examples that illustrate effective implementation and security auditing methodologies. It also includes a detailed security auditing methodology students can use to devise and implement effective risk-driven security programs that touch all phases of a computing environment—including the sequential stages needed to maintain virtually air-tight IS management systems that conform to the latest ISO standards.
About the Author
Bel G. Raggad, Ph.D., is a professor of IT Security in the Seidenberg School of Computer Science and Information Systems, an NSA Center of Excellence in IA Education, at Pace University, New York. Dr. Raggad is Executive Chairman of the International Group of e-Systems Research and Applications (TIGERA).
Dr. Raggad obtained his Ph.D. in Information Systems from the Smeal School of Business at The Pennsylvania State University, University Park, PA, in 1989. His research interests include global computing, IT management, intelligent decision support, and information security. Dr. Raggad has written several books in the information security discipline.
Dr. Raggad is an international consultant in information security planning and auditing who actively advises governments in securing their computer networks. He was awarded a Gold Medal by the President of Tunisia in November 2001 for his advice and support in planning the security of public agencies against cyber crimes. Dr. Raggad is currently a member of the Fulbright Board of Directors and Secretary of the Philadelphia/Delaware Chapter.
In this Book
-
Introduction to Information Security Management
-
Introduction to Management Concepts
-
The Information Security Life Cycle
-
Security Plan
-
Security Policy
-
Business Continuity Planning
-
Security Risk Management
-
Continual Security: Integrated Fault-Event Analysis and Response Framework (IFEAR)
-
Active Security Assessment
-
System Availability
-
Nominal Security Enhancement Design Based on ISQ/IEC 27002
-
Technical Security Enhancement Based on ISO/IEC 27001
-
Security Solutions
-
The Common Criteria
-
Security Review through Security Audit
-
Privacy Rights, Information Technology, and HIPAA
-
The Sarbanes– Oxley Act and IT Compliance
-
Cyberterrorism and Homeland Security