Follow step-by-step guidance to craft a successful security program. You will identify with the paradoxes of information security and discover handy tools that hook security controls into business processes.Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking.What You Will Learn: Build a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constantly changing threats Prepare for and pass such common audits as PCI-DSS, SSAE-16, and ISO 27001 Calibrate the scope, and customize security controls to fit into an organizations culture Implement the most challenging processes, pointing out common pitfalls and distractions Frame security and risk issues to be clear and actionable so that decision makers, technical personnel, and users will listen and value your adviceWho This Book Is For:IT professionals moving into the security field; new security managers, directors, project heads, and would-be CISOs; and security specialists from other disciplines moving into information security (e.g., formermilitarysecurity professionals, law enforcement professionals, and physical securityprofessionals)
Part I: Getting a Handle on Things Chapter 1: Why Audit Chapter 2: Assume Breach Chapter 3: Risk Analysis: Assets and Impacts Chapter 4: Risk Analysis: Natural Threats Chapter 5: Risk Analysis: Adversarial Risk Part II: Wrangling the Organization Chapter 6: Scope Chapter 7: Governance Chapter 8: Talking to the Suits Chapter 9: Talking to the Techs< Chapter 10: Talking to the Users Part III: Managing Risk with Controls Chapter 11: Policy Chapter 12: Control Design Chapter 13: Administrative Controls Chapter 14: Vulnerability Management Chapter 15: People Controls Chapter 16: Logical Access Control Chapter 17: Network Security Controls Chapter 18: More Technical Controls Chapter 19: Physical Security Controls Part IV: Being Audited Chapter 20: Response Controls Chapter 21: Starting the Audit Chapter 22: Internal Audit Chapter 23: Third Party Security Chapter 24: Post Audit Improvement
Accessing your eBook through Kortext
Once purchased, you can view your eBook through the Kortext app, available to download for Windows, Android and iOS devices. Once you have downloaded the app, your eBook will be available on your Kortext digital bookshelf and can even be downloaded to view offline anytime, anywhere, helping you learn without limits.
In addition, you'll have access to Kortext's smart study tools including highlighting, notetaking, copy and paste, and easy reference export.
To download the Kortext app, head to your device's app store or visit https://app.kortext.com to sign up and read through your browser.
NB: eBook is only available for a single-user licence (i.e. not for multiple / networked users).
