Information Assurance: Managing Organizational IT Security Risks
Written by two INFOSEC experts, this book provides a systematic and practical approach for establishing, managing and operating a comprehensive Information Assurance program. It is designed to provide ISSO managers, security managers, and INFOSEC professionals with an understanding of the essential issues required to develop and apply a targeted information security posture to both public and private corporations and government run agencies.
There is a growing concern among all corporations and within the security industry to come up with new approaches to measure an organization's information security risks and posture. Information Assurance explains and defines the theories and processes that will help a company protect its proprietary information including:
* The need to assess the current level of risk.
* The need to determine what can impact the risk.
* The need to determine how risk can be reduced.
The authors lay out a detailed strategy for defining information security, establishing IA goals, providing training for security awareness, and conducting airtight incident response to system compromise. Such topics as defense in depth, configuration management, IA legal issues, and the importance of establishing an IT baseline are covered in-depth from an organizational and managerial decision-making perspective.
What people are saying - Write a review
We haven't found any reviews in the usual places.
Other editions - View all
access control accounts accreditation application approved assessment assets attacks authentication authorized automated availability awareness backups basic changes CHAPTER OBJECTIVES COBIT communications components Computer Security confidentiality configuration management connection control mechanisms Defense in Depth Defines denial of service Depth strategy detection determine devices digital signature document e-mail employees enclave boundary encryption ensure entity environment example files firewalls function hardware IA architecture IA education IA incidents IA manager IA needs IA policies IA program IA reporting identify implemented individuals Information Assurance Information Systems Security INFOSEC integrity involves Layer mation monitoring operating system orga organization organization’s IA baseline Organization’s IA Posture organizational IA organizational information password performance personnel privileged users procedures protection risk routers SANS Institute security mechanisms security requirements security services servers static passwords superuser system administrator technical threats tion unauthorized understand virus vulnerabilities workstation YES NO N/A
Page vi - Among the natural Rights of the Colonists are these First, a Right to Life; Secondly to Liberty; thirdly to Property ; together with the Right to support and defend them in the best manner they can...
Page xii - Information assurance (IA) is information operations (IO) that .. .protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality and nonrepudiation. This includes providing for restoration of information systems by incorporating protection, detection and reaction capabilities.
Page xii - Security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's authorization to receive specific categories of information...
Page xiii - IA non-repudiation: assurance the sender of data is provided with proof of delivery and the recipient is provided -with proof of the sender's identity, so neither can later deny...
Page vi - Governments are to act; and that the rights of persons, and the rights of property, are the objects, for the protection of which Government was instituted. These rights cannot well be separated. The personal right to acquire property, which is a natural right, gives to property, when acquired, a right to protection, as a social right.
Page xi - Wind — affect contemporary black women's economic prospects in profound ways (Jewell, 1993). A strength of the conflict perspective is that it stresses how cultural values and norms may perpetuate social inequalities. It also highlights the inevitability of change and the constant tension between those who want to maintain the status quo and those who desire change. A limitation is its focus on societal discord and the divisiveness of culture.