Information Security Governance Simplified: From the Boardroom to the Keyboard

Front Cover
CRC Press, Dec 20, 2011 - Business & Economics - 431 pages
0 Reviews

Security practitioners must be able to build cost-effective security programs while also complying with government regulations. Information Security Governance Simplified: From the Boardroom to the Keyboard lays out these regulations in simple terms and explains how to use control frameworks to build an air-tight information security (IS) program and governance structure.

Defining the leadership skills required by IS officers, the book examines the pros and cons of different reporting structures and highlights the various control frameworks available. It details the functions of the security department and considers the control areas, including physical, network, application, business continuity/disaster recover, and identity management.

Todd Fitzgerald explains how to establish a solid foundation for building your security program and shares time-tested insights about what works and what doesn’t when building an IS program. Highlighting security considerations for managerial, technical, and operational controls, it provides helpful tips for selling your program to management. It also includes tools to help you create a workable IS charter and your own IS policies. Based on proven experience rather than theory, the book gives you the tools and real-world insight needed to secure your information while ensuring compliance with government regulations.

 

What people are saying - Write a review

We haven't found any reviews in the usual places.

Other editions - View all

Common terms and phrases

About the author (2011)

Todd Fitzgerald, CISSP, CISA, CISM, ISO27000, CGEIT, PMP, HITRUST, and ITILV3 certified, is responsible for external audit technical compliance for National Government Services (NGS), Milwaukee, WI, one of the largest processors of Medicare claims and a subsidiary of WellPoint, Inc., the nation’s leading health benefits company, serving 1 out of 9 Americans. Fitzgerald has initiated, developed, and led information security programs as the Information Security Officer for several companies. Fitzgerald served as the chair/co-chair for the 2011/2010 ISACA North America and Europe Information Security & Risk Management conferences.

Fitzgerald coauthored, with Micki Krause, the 2008 (ISC)2 Press book titled CISO Leadership: Essential Principles for Success. Fitzgerald has authored articles on information security for the 2007 Official (ISC)2 Guide to the CISSP Exam, The Information Security Handbook Series (2003–2012), The HIPAA Program Reference Book, Managing an Information Security and Privacy Awareness and Training Program, CISM Review Manual, and several other security-related publications. He is also a member of the editorial board for (ISC)2 Journal/Information Systems Security Magazine. Fitzgerald is frequently called upon to present at international, national, and local conferences for Information Systems Audit and Control Association (ISACA), Computer Security Institute (CSI), Information Systems Security Association (ISSA), Management Information Systems Training Institute (MISTI), COSAC, and the Centers for Medicare & Medicaid Services (CMS) systems security officer community. He also serves on the board of directors for the HIPAA Collaborative of Wisconsin and several other industry groups. Fitzgerald has received several awards including a Midwest Information Security Executive of the Year Award Finalist award and Health Ethics Trust HIPAA Implementation Award.

Fitzgerald has 32 years of information technology experience, including 20 years of management and the past 13 years focused solely on information security. Prior to joining NGS, he held various broad-based senior information technology management positions for Fortune 500 organizations, including American Airlines, IMS Health, Zeneca (subsidiary of AstraZeneca Pharmaceuticals), and Syngenta, as well as prior positions with Blue Cross Blue Shield of Wisconsin.

Fitzgerald holds a BS in business administration from the University of Wisconsin-Lacrosse, serves as an advisor to the College of Business Administration, as well as an advisor to the Milwaukee Area Technical College information security program. He also earned an MBA with highest honors from Oklahoma State University.

Bibliographic information