Security Policies and Implementation Issues, Third Edition

  • 11h 20m
  • Chuck Easttom, Robert Johnson
  • Jones and Bartlett Learning
  • 2022

Security Policies and Implementation Issues, Third Edition offers a comprehensive, end-to-end view of information security policies and frameworks from the raw organizational mechanics of building to the psychology of implementation. Written by industry experts, the new Third Edition presents an effective balance between technical knowledge and soft skills, while introducing many different concepts of information security in clear simple terms such as governance, regulator mandates, business drivers, legal considerations, and much more. With step-by-step examples and real-world exercises, this book is a must-have resource for students, security officers, auditors, and risk leaders looking to fully understand the process of implementing successful sets of security policies and frameworks.

Features and Benefits

  • Introduces the latest version of the COBIT(Control Objectives for Information Technologies) framework
  • Covers critical regulations such as GDPR (General Data Protection Regulation)
  • Examines the technical knowledge and software skills required for policy implementation
  • Expanded topics such as security models and vulnerabilities
  • Explores the creation of an effective IT security policy framework
  • Includes coverage of new mobile policies such as:
    • BYOD (Bring Your Own Device)
    • CYOD (Choose Your Own Device)
    • COPE (Corporate-Owned, Personally Enabled
  • Available with updated Theory Labs

About the Author

Robert Johnson - CISSP, CISA, CISM, CGEIT, and CRISC

Robert Johnson (CISA, CGEIT, CISM, CISSP) has 20 years experience dealing with all aspects of information security, IT audit, risk management, and privacy compliance. His diverse background includes hands-on operational experience as well as providing strategic risk assessment and scoring for leadership and board-level audiences. Currently he works in the security risk management division of a large financial services insurance company. Previously he worked as a first vice president and IT audit and security advisory director at Washington Mutual (JP Morgan Chase).

Chuck Easttom, PhD, DSc, MEd - Adjunct Lecturer, Georgetown University, Adjunct Professor, University of Dallas

Dr. Chuck Easttom is the author of 32 books, including several on computer security, forensics, and cryptography. He has also authored scientific papers on digital forensics, cyber warfare, machine learning, cryptography, and applied mathematics. He is an inventor with 22 computer science patents. He holds a Doctor of Science (D.Sc.) in cyber security, a Ph.D. in nanotechnology, a Ph.D. in computer science, and three master’s degrees (one in applied computer science, one in education, and one in systems engineering). He is a senior member of both the IEEE and the ACM. He is also a Distinguished Speaker of the ACM and a Distinguished Visitor of the IEEE.

He also holds 55 industry certifications including many cyber security and digital forensics certifications. He has both academic and hands on forensics experience. He has served as an expert witness in U.S. court cases since 2004. He is currently an adjunct lecturer for Georgetown University where he teaches cyber security, systems engineer, and cryptography and an adjunct professor for University of Dallas where he teaches a graduate course in digital forensics.

In this Book

  • Information Systems Security Policy Management
  • Business Drivers for Information Security Policies
  • Compliance Laws and Information Security Policy Requirements
  • Business Challenges Within the Seven Domains of IT Responsibility
  • Information Security Policy Implementation Issues
  • IT Security Policy Frameworks
  • How to Design, Organize, Implement, and Maintain IT Security Policies
  • IT Security Policy Framework Approaches
  • User Domain Policies
  • IT Infrastructure Security Policies
  • Data Classification and Handling Policies and Risk Management Policies
  • Incident Response Team (IRT) Policies
  • IT Security Policy Implementations
  • IT Security Policy Enforcement
  • IT Policy Compliance and Compliance Technologies
  • References
SHOW MORE
FREE ACCESS

YOU MIGHT ALSO LIKE

Rating 5.0 of 1 users Rating 5.0 of 1 users (1)
Rating 4.6 of 123 users Rating 4.6 of 123 users (123)
Rating 4.5 of 44 users Rating 4.5 of 44 users (44)