Information securitydriven topic coverage is the basis for this updated book that will benefit readers in the information technology and business fields alike. This book is a pragmatic guide to information assurance for both business professionals and technical experts. Management of information security, 5th edition cengage. Jan 19, 2010 he and michael whitman have authored principles of information security, management of information security, readings and cases in the management of information security, principles of incident response and disaster recovery, the guide to network security, and the handson information security lab manual, dr. Practical information security management a complete guide to. Written by an acknowledged expert on the iso 27001 standard, this is the ideal resource for anyone wanting a clear, concise and easytoread primer on information security. Isms implementation includes policies, processes, procedures, organizational structures and software and hardware functions. Introducing measures of organization structure and culture sets this security metrics book. This book is an overview of how security actually works in practice, and details the success and failures of security implementations. Management of information security, sixth edition prepares you to become an information security management practitioner able to secure systems and networks in a world where continuously emerging threats, everpresent attacks and the success of criminals illustrate the weaknesses in current information technologies. This new text provides students the knowledge and skills they will need to compete for and succeed in the information security roles they will encounter straight out of college. Information security management handbook, volume 7. Practical information security management a complete guide.
Information security management handbook, volume 7 crc press book. Understanding of current national legislation and regulations which impact upon information security management. Information security is a multidisciplinary area of study and professional activity which is concerned with the development and implementation of security mechanisms of all available types technical, organizational, humanoriented and legal in order to keep information. Management of information security primarily focuses on the managerial aspects of information security, such as access control models, information security governance, and information security program assessment and metrics.
Updated annually, this book is the most comprehensive and uptodate reference available on information security and assurance. Information security management handbook, 6th edition. Audit, business continuity planning, development and acquisition, ebanking, fedline, information security, management, operations, outsourcing technology services, retail payment systems, supervision of technology service providers, wholesale payment systems. However all types of risk aremore or less closelyrelated to the security, in information security management. In the information security industry there have been several initiatives to attempt to define security management and how and when to apply it. This book will be used way into a professional career.
Ffiec it examination handbook infobase information security. Managing risk and information security provides thought leadership in the increasingly important area of enterprise information risk and security. Mattord is a member of the information systems security association. Information security governance, risk management and. Create appropriate, security focused business propositions that consider the balance between cost, risk, and usability, while starting your journey to become an information security manager. Iso common terminology for information security management. Security professionals can gain a lot from reading about it security. In the cios guide to information security incident management, authors matthew pemble and wendy goucher focus on the setup and running of an incident response organization. Abstract this paper examines the security management for prevention of book thefts in university libraries with benue state university library, makurdi. In todays technologydriven environment, there is an everincreasing demand for information selection from information security management principles second edition book. Practical information security management a complete. Information security management handbook, volume 7 crc press book updated annually, the information security management handbook, sixth edition is the most comprehensive and uptodate reference available on information security.
Covering a wealth of information that explains exactly how the industry works today, this book focuses on how you can set up an effective information security. Management of information security, 4security, 4th edition chapter 12chapter 12 law and ethics acknowledgement. The leader in certifying information security professionals is the internet security. Mar 07, 2007 the topics within this document were selected based on the laws and regulations relevant to information security, including the clingercohen act of 1996, the federal information security management act fisma of 2002, and office of management and budget omb circular a. Management of information security, sixth edition prepares you to become an information security management practitioner able to secure systems and networks in a world where continuously emerging threats, everpresent attacks and the success of criminals illustrate the weaknesses in current information. Information security management systems isms is a systematic and structured approach to managing information so that it remains secure. Information security management handbook, volume 7 crc. Mar 24, 2017 10 books that information security professionals must read.
It describes the changing risk environment and why a fresh approach to information security is needed. Knowledge of the concepts relating to information security management. Department of veterans affairs va handbook 6500 washington. Topics covered include access control models, information security governance, and information security program assessment and metrics. There are many ways for it professionals to broaden their knowledge of information security. Coverage on the foundational and technical components of information security is included to reinforce key concepts.
Management of information security, fourth edition gives readers an overview of information security and assurance using both domestic and international standards, all from a management perspective. Isaca s certified information security manager cism certification indicates expertise in information security governance, program development and management, incident management and risk management. Information security management principles guide books. From online teaching and learning tools to personalised learning, and from online and blended course design to trusted and engaging content, we help you help your students be the best they can possibly be. The family of standards on information security management systems isms lets organizations develop and implement a robust framework for managing the security of their information assets, including financial data, intellectual property, employee details, and information otherwise entrusted to them by customers or third parties. Use risk management techniques to identify and prioritize risk factors for information assets. It goes on to outline some of the basics of information security incident management, including discussions of an incident, the timeline, types and priorities, reporting and decision making, and policies and documentation. Covering a wealth of information that explains exactly how the industry works today, this book focuses on. Create appropriate, securityfocused business propositions that consider the balance between cost, risk, and usability, while starting your journey to become an information security manager. The goal of an isms is to minimize risk and ensure business continuity by proactively limiting the impact of a security breach. The second edition includes the security of cloudbased resources and the contents have been revised to reflect the changes to the bcs certification in information security management principles which the book. Asses risk based on the likelihood of adverse events and the effect on information assets when events occur. Information security management handbook, 6th edition tipton, harold f. These documents are of great importance because they spell out how the organization manages its security.
Author and field expert bruce newsome helps readers learn how to understand, analyze, assess, control, and generally manage security and risks from the personal to the operational. It also focuses on usability, and the different mental models of security. Considered the goldstandard reference on information security, the information security management handbook provides an authoritative compilation of the fundamental knowledge, skills, techniques, and tools required of todays it security professional. The second edition includes the security of cloudbased resources and the contents have been revised to reflect the changes to the bcs certification in information security management principles which the book supports. You might ask yourself what the point of this history lesson isfair question, given this book is about information security management. Highly practical in approach and easy to read and follow, this book provides a comprehensive overview of the multi faceted, global, and interdisciplinary field of security.
In todays technologydriven environment, there is an everincreasing demand for information. Risk management is an ongoing, proactive program for establishing and maintaining an acceptable information system security. Introduction to information security sciencedirect. Information security management aims to ensure the confidentiality, integrity and availability of an organizations information, data and it services. This book serves as the perfect introduction to the principles of information security management and iso 27001.
This compact book discusses business risk from a broader perspective, including privacy and regulatory considerations. The following it topics are available via this infobase. He and michael whitman have authored principles of information security, management of information security, readings and cases in the management of information security, principles of incident response and disaster recovery, the guide to network security, and the handson information security. Coverage on the foundational and technical components of information security.
Security information management is also referred to as log management and is different from sem security event management, but makes up a portion of a siem security information. Itil security management usually forms part of an organizational approach to security management which has a wider scope than the it service provider. Twelve books every infosec pro should read in 2018 posted on october 30, 2017 by jeff edwards in best practices endpoint protection solutions are an essential part of the enterprise security. Merkow jim breithaupt 800 east 96th street, indianapolis, indiana 46240 usa. Outside of industry events, analysts can pick up a book that explores a specific topic of information security.
Give your students a managerially focused overview of information security and how to effectively administer it with whitman and mattords management of information security, 5th edition. Commercial, personal and sensitive information is very hard to keep secure, and technological solutions are not the only answer. What is the difference between cyber security and information. The aim of the study was to identify the causes of book thefts and mutilation in university libraries and how to curb and preserve the continuous use of this information resources in the library. Risk management approach is the most popular one in contemporary security management. He and michael whitman have authored principles of information security, management of information security, readings and cases in the management of information security, principles of incident response and disaster recovery, the guide to network security, and the handson information security lab manual, dr. An information security management system isms is a set of policies and procedures for systematically managing an organizations sensitive data. But not all books offer the same depth of knowledge and insight. Deception is a useful strategy for the defenders of network security since it offers opportunities to distract the adversary away from protected information, misinform the adversary as to the success of the attack, and disrupt the utility of the attack by corrupting the information. They both have to do with security and protecting computer systems from information. Information technology management free books at ebd.
They both have to do with security and protecting computer systems from information breaches and threats, but theyre also very different. Excellent book got me through the certificate in information security management principles exam with a distinction 1st time, having read it just three times. However, those with the interest and time to study information security management metrics will be rewarded with a deeper and more rounded understanding of the issue. Iso 27001 is a highly respected international standard for information security management that you will need to know to work in the field.
This book teaches practical techniques that will be used on a daily basis, while also explaining the fundamentals so students understand the rationale behind these practices. The guidance is aimed toward the management professional with standard computer technology skills and the it operations manager with minimal specific security. Take your career out of the technical realm to management. The information security management handbook maps the ten domains of the common body of knowledge tested on the certification examination. However, information security best practice can often be challenging to understand and implement. Information security management principles second edition.
It features numerous examples and case situations specific to security management, identifies over twenty specific security applications, and examines the issues encountered within those areas. The second edition has been expanded to include the security of cloudbased resources. One has to do with protecting data from cyberspace while the other deals with protecting data in. This selection from information security and it risk management book. Whats interesting is that the authors put forward a peoplecentric approach to incident management. Very informative and not too technical, so it should continue to be relevant much longer than books from more techoriented coursework.
Jun 18, 20 this book is a pragmatic guide to information assurance for both business professionals and technical experts. Although they are often used interchangeably, there is a difference between the terms cybersecurity and information security. Bors compliance with the federal information security management. Risk management is an ongoing, proactive program for establishing and maintaining an acceptable information system security posture. Exploring the ten domains of the cbk, the book explores access control, telecommunications and network security, information security and risk. Information security management system isms what is isms. Security policy requires the creation of an ongoing information management planning process that includes planning for the security of each organizations information assets. Management of information security, third edition focuses on the managerial aspects of information security and assurance. Security management addresses the identification of the organizations information assets. A compromise has to be struck between security of information and its availability. Handbook of information security management free computer.
The term commonly used to represent an entire security infrastructure that protects an environment is commonly called information security management infosec. I used this book in a course on information security management, and felt it was wellorganized, and easy to read and understand. Define risk management and its role in an organization. Managing risk and information security protect to enable. Implementing the isoiec 27001 information security. Information security management handbook, volume 7 crc press. He has published articles in the information resources management journal, journal of information security education, the journal of executive education, and the international journal of interdisciplinary telecommunications and networking. Thanks for the a2a considered the goldstandard reference on information security, the information security management handbook provides an authoritative. Books are a valuable way of broadening your information security knowledge, but with thousands to. Which is the best reference book for information security. The security management domain also introduces some critical documents, such as policies, procedures, and guidelines. Attending infosec conferences, for instance, provides personnel with an opportunity to complete inperson trainings and network with likeminded individuals. In the information economy, the confidentiality, availability and integrity cia of corporate information assets and intellectual property.
Information security federal financial institutions. Security risk management is the definitive guide for building or running an information security risk management program. Whether you are looking for strategic planning or project management books. Information technology security handbook v t he preparation of this book was fully funded by a grant from the infodev program of the world bank group. I highly recommend this book if your education is in information security even if it has not been assigned as one of your books you need to purchase for class.
Deception is a useful strategy for the defenders of network security since it offers opportunities to distract the adversary away from protected information, misinform the adversary as to the success of the attack, and disrupt the utility of the attack by corrupting the information resulting from it. Cism certification certified information security manager. What is information security management system isms. This is the first book to introduce the full spectrum of security and risks and their management. Audit, business continuity planning, development and acquisition, ebanking, fedline, information security, management, operations, outsourcing. To be fair, i had worked in a related field for 3 years and, as any student should, read around the subject using 2 or 3 other text books. As such, the book is probably of most value to cisos and isms tasked with implementing better security metrics, and to information security management students. Management books our free management books will guide you through the wealth of theory and practicalities of effective management. Iso 27001 uses the term information security management system isms to describe the processes and records required for effective security management in any size organization. This book teaches practical techniques that will be used on a daily basis, while. There are hundreds, if not thousands, of books about security, whether we are talking about hackers, cybercrime, or technology protocols.
Download for offline reading, highlight, bookmark or take notes while you read management of information security. The companion book of readings and cases is good, too. Beginning with the foundational and technical components of information security, this edition then focuses on access control models, information security governance, and information security. Bor it security management processes with a goal of improving the. Awareness of current national and international standards, frameworks and organisations which facilitate the management of information security. Bcs foundation certificate in information security management. Cobit, developed by isaca, is a framework for helping information security personnel develop and implement strategies for information management and governance while minimizing negative impacts and controlling information security and risk management, and oism3 2. It features numerous examples and case situations specific to security management, identifies over twenty specific security.
In todays technologydriven environment, there is an everincreasing demand for information delivery on various devices in the office, at home and in public places. In addition to conventional information security metrics, the book draws on governance, risk management, financial management and business analysis methods, a more diverse range of approaches than is normally covered in this field. Information security management handbook, volume 3 crc. Organisational information security is a vital board responsibility. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. Implement the boardapproved information security program. A practical introduction to security and risk management. The board of directors, management of it, information security, staff, and business lines, and internal auditors all have signi.
892 644 127 84 1101 968 635 186 1055 247 311 390 1099 1252 1424 189 692 1034 217 850 196 886 1112 662 1100 728 133 196 1138 269 394 776 1239 33 1414 1282 608 1495