Freshly Printed - allow 10 days lead
Couldn't load pickup availability
Information Protection Playbook
A handbook of successful practices and tools for designing, developing, and deploying an information protection framework
Greg Kane (Edited by), Lorna Koppel (Edited by)
9780124172326, Elsevier Science
Paperback, published 19 September 2013
128 pages
22.9 x 15.1 x 1 cm, 0.32 kg
"...outline a model IP security program promoted by the Information Systems Audit and Control Assn. (ISACA)…An excellent, terse series of IT security job descriptions and qualifications guidelines is included…" --Security Letter
The primary goal of the Information Protection Playbook is to serve as a comprehensive resource for information protection (IP) professionals who must provide adequate information security at a reasonable cost. It emphasizes a holistic view of IP: one that protects the applications, systems, and networks that deliver business information from failures of confidentiality, integrity, availability, trust and accountability, and privacy. Using the guidelines provided in the Information Protection Playbook, security and information technology (IT) managers will learn how to implement the five functions of an IP framework: governance, program planning, risk management, incident response management, and program administration. These functions are based on a model promoted by the Information Systems Audit and Control Association (ISACA) and validated by thousands of Certified Information Security Managers. The five functions are further broken down into a series of objectives or milestones to be achieved in order to implement an IP framework. The extensive appendices included at the end of the book make for an excellent resource for the security or IT manager building an IP program from the ground up. They include, for example, a board of directors presentation complete with sample slides; an IP policy document checklist; a risk prioritization procedure matrix, which illustrates how to classify a threat based on a scale of high, medium, and low; a facility management self-assessment questionnaire; and a list of representative job descriptions for roles in IP. The Information Protection Playbook is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs.
Information Protection Function 1: Governance Information Protection Function 2: Program Planning Information Protection Function 3: Risk Management Information Protection Function 4: Incident Response Management Information Protection Function 5: Program Administration Appendix A: Playbook Summary Appendix B: Board of Directors Presentation Appendix C: Information Protection Policies Checklist Appendix D: An Example Roles and Responsibilities RACI Matrix Appendix E: Risk Prioritization Procedure Matrix Appendix F: Security Awareness and Training Menu Appendix G: Risk Assessment and Compliance Checklist Appendix H: Incident Response Appendix I: Facility Management Self-Assessment Appendix J: Roles in Information Protection Appendix K: Measurement in Information Protection Additional Resources
Subject Areas: Computer security [UR]
