IT Governance
Höfundur: Alan Calder
6.890 kr.
Lýsing:
Faced with constant and fast-evolving threats to information security and with a growing exposure to cyber risk, managers at all levels and in organizations of all sizes need a robust IT governance system. Now in its sixth edition, the bestselling IT Governance provides best-practice guidance for companies looking to protect and enhance their information security management systems and protect themselves against cyber threats.
IT Governance has been fully updated to take account of current cyber security and advanced persistent threats and reflects the latest regulatory and technical developments, including the 2013 updates to ISO27001/ISO27002. Changes for this edition include: Full updates throughout in line with the revised ISO27001 standard and accompanying ISO27002 code of practice for information security controls Full coverage of changes to data-related regulations in different jurisdictions and advice on compliance Guidance on the options for continual improvement models and control frameworks made possible by the new standard New developments in cyber risk and mitigation practices The latest technological developments that affect IT governance and security Guidance on the new information security risk assessment process and treatment requirements Including coverage of key international markets including the UK, North America, the EU and Asia Pacific, IT Governance is the definitive guide to implementing an effective information security management and governance system.
Annað
- Höfundur: Alan Calder
- Útgáfa:6
- Útgáfudagur: 03-09-2015
- Engar takmarkanir á útprentun
- Engar takmarkanir afritun
- Format:Page Fidelity
- ISBN 13: 9780749474065
- Print ISBN: 9780749474058
- ISBN 10: 0749474068
Efnisyfirlit
- Contents
- Introduction
- 01 Why is information security necessary?
- The nature of information security threats
- Information insecurity
- Impacts of information security threats
- Cybercrime
- Cyberwar
- Advanced persistent threat
- Future risks
- Legislation
- Benefits of an information security management system
- 02 The UK Combined Code, the FRC Risk Guidance and Sarbanes–Oxley
- The Combined Code
- The Turnbull Report
- The Corporate Governance Code
- Sarbanes–Oxley
- Enterprise risk management
- Regulatory compliance
- IT governance
- 03 ISO27001
- Benefits of certification
- The history of ISO27001 and ISO27002
- The ISO/IEC 27000 series of standards
- Use of the standard
- ISO/IEC 27002
- Continual improvement, Plan–Do–Check–Act, and process approach
- Structured approach to implementation
- Management system integration
- Documentation
- Continual improvement and metrics
- 04 Organizing information security
- Internal organization
- Management review
- The information security manager
- The cross-functional management forum
- The ISO27001 project group
- Specialist information security advice
- Segregation of duties
- Contact with special interest groups
- Contact with authorities
- Information security in project management
- Independent review of information security
- Summary
- 05 Information security policy and scope
- Context of the organization
- Information security policy
- A policy statement
- Costs and the monitoring of progress
- 06 The risk assessment and Statement of Applicability
- Establishing security requirements
- Risks, impacts and risk management
- Cyber Essentials
- Selection of controls and Statement of Applicability
- Statement of Applicability Example
- Gap analysis
- Risk assessment tools
- Risk treatment plan
- Measures of effectiveness
- 07 Mobile devices
- Mobile devices and teleworking
- Teleworking
- 08 Human resources security
- Job descriptions and competency requirements
- Screening
- Terms and conditions of employment
- During employment
- Disciplinary process
- Termination or change of employment
- 09 Asset management
- Asset owners
- Inventory
- Acceptable use of assets
- Information classification
- Unified classification markings
- Government classification markings
- Information lifecycle
- Information labelling and handling
- Non-disclosure agreements and trusted partners
- 10 Media handling
- Physical media in transit
- 11 Access control
- Hackers
- Hacker techniques
- System configuration
- Access control policy
- Network Access Control
- 12 User access management
- User access provisioning
- 13 System and application access control
- Secure log-on procedures
- Password management system
- Use of privileged utility programs
- Access control to program source code
- 14 Cryptography
- Encryption
- Public key infrastructure
- Digital signatures
- Non-repudiation services
- Key management
- 15 Physical and environmental security
- Secure areas
- Delivery and loading areas
- 16 Equipment security
- Equipment siting and protection
- Supporting utilities
- Cabling security
- Equipment maintenance
- Removal of assets
- Security of equipment and assets off-premises
- Secure disposal or reuse of equipment
- Clear desk and clear screen policy
- 17 Operations security
- Documented operating procedures
- Change management
- Separation of development, testing and operational environments
- Back-up
- 18 Controls against malicious software (malware)
- Viruses, worms, Trojans and rootkits
- Spyware
- Anti-malware software
- Hoax messages and Ransomware
- Phishing and pharming
- Anti-malware controls
- Airborne viruses
- Technical vulnerability management
- Information Systems Audits
- 19 Communications management
- Network security management
- 20 Exchanges of information
- Information transfer policies and procedures
- Agreements on information transfers
- E-mail and social media
- Security risks in e-mail
- Spam
- Misuse of the internet
- Internet acceptable use policy
- Social media
- 21 System acquisition, development and maintenance
- Security requirements analysis and specification
- Securing application services on public networks
- E-commerce issues
- Security technologies
- Server security
- Server virtualization
- Protecting application services transactions
- 22 Development and support processes
- Secure development policy
- Secure systems engineering principles
- Secure development environment
- Security and acceptance testing
- 23 Supplier relationships
- Information security policy for supplier relationships
- Addressing security within supplier agreements
- ICT supply chain
- Monitoring and review of supplier services
- Managing changes to supplier services
- 24 Monitoring and information security incident management
- Logging and monitoring
- Information security events and incidents
- Incident management – responsibilities and procedures
- Reporting information security events
- Reporting software malfunctions
- Assessment of and decision on information security events
- Response to information security incidents
- Legal admissibility
- 25 Business and information security continuity management
- ISO22301
- The business continuity management process
- Business continuity and risk assessment
- Developing and implementing continuity plans
- Business continuity planning framework
- Testing, maintaining and reassessing business continuity plans
- Information security continuity
- 26 Compliance
- Identification of applicable legislation
- Intellectual property rights
- Protection of organizational records
- Privacy and protection of personally identifiable information
- Regulation of cryptographic controls
- Compliance with security policies and standards
- Information systems audit considerations
- 27 The ISO27001 audit
- Selection of auditors
- Initial audit
- Preparation for audit
- Terminology
- Appendix 1: Useful websites
- Appendix 2: Further reading
- Index
UM RAFBÆKUR Á HEIMKAUP.IS
Bókahillan þín er þitt svæði og þar eru bækurnar þínar geymdar. Þú kemst í bókahilluna þína hvar og hvenær sem er í tölvu eða snjalltæki. Einfalt og þægilegt!Rafbók til eignar
Rafbók til eignar þarf að hlaða niður á þau tæki sem þú vilt nota innan eins árs frá því bókin er keypt.
Þú kemst í bækurnar hvar sem er
Þú getur nálgast allar raf(skóla)bækurnar þínar á einu augabragði, hvar og hvenær sem er í bókahillunni þinni. Engin taska, enginn kyndill og ekkert vesen (hvað þá yfirvigt).
Auðvelt að fletta og leita
Þú getur flakkað milli síðna og kafla eins og þér hentar best og farið beint í ákveðna kafla úr efnisyfirlitinu. Í leitinni finnur þú orð, kafla eða síður í einum smelli.
Glósur og yfirstrikanir
Þú getur auðkennt textabrot með mismunandi litum og skrifað glósur að vild í rafbókina. Þú getur jafnvel séð glósur og yfirstrikanir hjá bekkjarsystkinum og kennara ef þeir leyfa það. Allt á einum stað.
Hvað viltu sjá? / Þú ræður hvernig síðan lítur út
Þú lagar síðuna að þínum þörfum. Stækkaðu eða minnkaðu myndir og texta með multi-level zoom til að sjá síðuna eins og þér hentar best í þínu námi.
Fleiri góðir kostir
- Þú getur prentað síður úr bókinni (innan þeirra marka sem útgefandinn setur)
- Möguleiki á tengingu við annað stafrænt og gagnvirkt efni, svo sem myndbönd eða spurningar úr efninu
- Auðvelt að afrita og líma efni/texta fyrir t.d. heimaverkefni eða ritgerðir
- Styður tækni sem hjálpar nemendum með sjón- eða heyrnarskerðingu
- Gerð : 208
- Höfundur : Watkins, Steve , Alan Calder , Calder, Alan
- Útgáfuár : 2015
- Leyfi : 379
