{"product_id":"information-security-a-strategic-approach-paperback-softback-9780471736127","title":"Information Security; A Strategic Approach (Paperback \/ softback) 9780471736127","description":"\u003cfont face=\"Georgia\"\u003e\r\n\u003cp\u003e\u003cfont size=\"6\"\u003eInformation Security\u003c\/font\u003e\u003cbr\u003e\r\n\u003cfont size=\"5\"\u003eA Strategic Approach\u003c\/font\u003e\u003c\/p\u003e\r\n\r\n\r\n\r\n\r\n\u003cp\u003e\u003cfont size=\"4\"\u003eVincent LeVeque (Author)\u003c\/font\u003e\u003c\/p\u003e\r\n\r\n\u003cp\u003e\u003cfont size=\"3\"\u003e9780471736127, Wiley\u003c\/font\u003e\u003c\/p\u003e\r\n\r\n\u003cp\u003e\u003cfont size=\"3\"\u003ePaperback \/ softback, published 9 May 2006\u003c\/font\u003e\u003c\/p\u003e\r\n\r\n\u003cp\u003e\u003cfont size=\"3\"\u003e288 pages\u003cbr\u003e23.6 x 16.3 x 1.6 cm, 0.411 kg\u003c\/font\u003e\u003c\/p\u003e\r\n\r\n\r\n\r\n\u003cp align=\"justify\"\u003e\u003cem\u003e\u003cfont size=\"3\"\u003e\"Executives will quickly learn to see how information security can be addressed...IT security professionals will benefit...from an understanding of how to present information security to nontechnical experts.\" (\u003ci\u003eComputing Reviews.com\u003c\/i\u003e, August 15, 2006)  \u003cp\u003e\"Useful for information security managers, IT executives, and consultants, the book can also help nontechnical executives who need to protect the value and security of their organization's information.\" (\u003ci\u003eIEEE Computer Magazine\u003c\/i\u003e, May 2006)\u003c\/p\u003e\u003c\/font\u003e\u003c\/em\u003e\u003c\/p\u003e\r\n\r\n\u003cp align=\"justify\"\u003e\u003cstrong\u003e\u003cfont size=\"3\"\u003eBridging the gap between information security and strategic planning\u003cbr\u003e \u003cbr\u003e \u003cbr\u003e This publication is a reflection of the author's firsthand experience as an information security consultant, working for an array of clients in the private and public sectors. Readers discover how to work with their organizations to develop and implement a successful information security plan by improving management practices and by establishing information security as an integral part of overall strategic planning.\u003cbr\u003e \u003cbr\u003e The book starts with an overview of basic concepts in strategic planning, information technology strategy, and information security strategy. A practical guide to defining an information security strategy is then provided, covering the \"nuts and bolts\" of defining long-term information security goals that effectively protect information resources. Separate chapters covering technology strategy and management strategy clearly demonstrate that both are essential, complementary elements in protecting information.\u003cbr\u003e \u003cbr\u003e Following this practical introduction to strategy development, subsequent chapters cover the theoretical foundation of an information security strategy, including:\u003cbr\u003e * Examination of key enterprise planning models that correspond to different uses of information and different strategies for securing information\u003cbr\u003e * Review of information economics, an essential link between information security strategy and business strategy\u003cbr\u003e * Role of risk in building an information security strategy\u003cbr\u003e \u003cbr\u003e Two separate case studies are developed, helping readers understand how the development and implementation of information security strategies can work within their own organizations.\u003cbr\u003e \u003cbr\u003e This is essential reading for information security managers, information technology executives, and consultants. By linking information security to general management strategy, the publication is also recommended for nontechnical executives who need to protect the value and security of their organization's information.\u003c\/font\u003e\u003c\/strong\u003e\u003c\/p\u003e\r\n\r\n\u003cp\u003e\u003cfont size=\"3\"\u003e\u003cb\u003eList of Figures.\u003c\/b\u003e  \u003cp\u003e\u003cb\u003ePreface.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e1. Introduction.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eStrategy Overview.\u003c\/p\u003e \u003cp\u003eStrategy and Information Technology.\u003c\/p\u003e \u003cp\u003eStrategy and Information Security.\u003c\/p\u003e \u003cp\u003eAn Information Security Strategic Planning Methodology.\u003c\/p\u003e \u003cp\u003eThe Business Environment.\u003c\/p\u003e \u003cp\u003eInformation Value.\u003c\/p\u003e \u003cp\u003eRisk.\u003c\/p\u003e \u003cp\u003eThe Strategic Planning Process.\u003c\/p\u003e \u003cp\u003eThe Technology Plan.\u003c\/p\u003e \u003cp\u003eThe Management Plan.\u003c\/p\u003e \u003cp\u003eTheory and Practice.\u003c\/p\u003e \u003cp\u003e\u003cb\u003e2. Developing an Information Security Strategy.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOverview.\u003c\/p\u003e \u003cp\u003eAn Information Security Strategy Development Methodology.\u003c\/p\u003e \u003cp\u003eStrategy Prerequisites.\u003c\/p\u003e \u003cp\u003eResearch Sources.\u003c\/p\u003e \u003cp\u003ePreliminary Development.\u003c\/p\u003e \u003cp\u003eFormal Project Introduction.\u003c\/p\u003e \u003cp\u003eFact Finding.\u003c\/p\u003e \u003cp\u003eGeneral Background Information.\u003c\/p\u003e \u003cp\u003eDocumentation Review.\u003c\/p\u003e \u003cp\u003eInterviews.\u003c\/p\u003e \u003cp\u003eSurveys.\u003c\/p\u003e \u003cp\u003eResearch Sources.\u003c\/p\u003e \u003cp\u003eAnalysis Methods.\u003c\/p\u003e \u003cp\u003eStrengths, Weaknesses, Opportunities, and Threats.\u003c\/p\u003e \u003cp\u003eBusiness Systems Planning.\u003c\/p\u003e \u003cp\u003eLife-Cycle Methods.\u003c\/p\u003e \u003cp\u003eCritical Success Factors.\u003c\/p\u003e \u003cp\u003eEconomic Analysis.\u003c\/p\u003e \u003cp\u003eRisk Analysis.\u003c\/p\u003e \u003cp\u003eBenchmarks and Best Practices.\u003c\/p\u003e \u003cp\u003eCompliance Requirements.\u003c\/p\u003e \u003cp\u003eAnalysis Focus Areas.\u003c\/p\u003e \u003cp\u003eIndustry Environment.\u003c\/p\u003e \u003cp\u003eOrganizational Mission and Goals.\u003c\/p\u003e \u003cp\u003eExecutive Governance.\u003c\/p\u003e \u003cp\u003eManagement Systems and Controls.\u003c\/p\u003e \u003cp\u003eInformation Technology Management.\u003c\/p\u003e \u003cp\u003eInformation Technology Architecture.\u003c\/p\u003e \u003cp\u003eSecurity Management.\u003c\/p\u003e \u003cp\u003eDraft Plan Presentation.\u003c\/p\u003e \u003cp\u003eFinal Plan Presentation.\u003c\/p\u003e \u003cp\u003eOptions for Plan Development.\u003c\/p\u003e \u003cp\u003eA Plan Outline.\u003c\/p\u003e \u003cp\u003eSelling the Strategy.\u003c\/p\u003e \u003cp\u003ePlan Maintenance.\u003c\/p\u003e \u003cp\u003eThe Security Assessment and the Security Strategy.\u003c\/p\u003e \u003cp\u003eStrategy Implementation:\u003c\/p\u003e \u003cp\u003eWhat is a Tactical Plan?\u003c\/p\u003e \u003cp\u003eConverting Strategic goals to Tactical Plans.\u003c\/p\u003e \u003cp\u003eTurning Tactical Planning Outcomes into Ongoing Operations.\u003c\/p\u003e \u003cp\u003eKey Points.\u003c\/p\u003e \u003cp\u003ePlan Outline.\u003c\/p\u003e \u003cp\u003e\u003cb\u003e3. The Technology Strategy.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThinking About Technology.\u003c\/p\u003e \u003cp\u003ePlanning Technology Implementation.\u003c\/p\u003e \u003cp\u003eTechnology Forecasting.\u003c\/p\u003e \u003cp\u003eSome Basic Advice.\u003c\/p\u003e \u003cp\u003eTechnology Life-Cycle Models.\u003c\/p\u003e \u003cp\u003eTechnology Solution Evaluation.\u003c\/p\u003e \u003cp\u003eRole of Analysts.\u003c\/p\u003e \u003cp\u003eTechnology Strategy Components:\u003c\/p\u003e \u003cp\u003eThe Security Strategy Technical Architecture.\u003c\/p\u003e \u003cp\u003eLeveraging Existing Vendors.\u003c\/p\u003e \u003cp\u003eLegacy Technology.\u003c\/p\u003e \u003cp\u003eThe Management Dimension.\u003c\/p\u003e \u003cp\u003eOverall Technical Design.\u003c\/p\u003e \u003cp\u003eThe Logical Technology Architecture.\u003c\/p\u003e \u003cp\u003eSpecific Technical Components.\u003c\/p\u003e \u003cp\u003eServers.\u003c\/p\u003e \u003cp\u003eNetwork Zones.\u003c\/p\u003e \u003cp\u003eExternal Network Connections.\u003c\/p\u003e \u003cp\u003eDesktop Systems.\u003c\/p\u003e \u003cp\u003eApplications and DBMS.\u003c\/p\u003e \u003cp\u003ePortable Computing Devices.\u003c\/p\u003e \u003cp\u003eTelephone Systems.\u003c\/p\u003e \u003cp\u003eControl Devices.\u003c\/p\u003e \u003cp\u003eIntelligent Peripherals.\u003c\/p\u003e \u003cp\u003eFacility Security Systems.\u003c\/p\u003e \u003cp\u003eSecurity Management Systems.\u003c\/p\u003e \u003cp\u003eKey Points.\u003c\/p\u003e \u003cp\u003e\u003cb\u003e4. The Management Strategy.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eControl Systems.\u003c\/p\u003e \u003cp\u003eControl Systems and the Information Security Strategy.\u003c\/p\u003e \u003cp\u003eGovernance.\u003c\/p\u003e \u003cp\u003eEnsuring IT Governance.\u003c\/p\u003e \u003cp\u003eIT Governance Models.\u003c\/p\u003e \u003cp\u003eCurrent Issues in Governance.\u003c\/p\u003e \u003cp\u003eControl Objectives for Information and Related Technology (CobiT).\u003c\/p\u003e \u003cp\u003eIT Balanced Scorecard.\u003c\/p\u003e \u003cp\u003eGovernance in Information Security.\u003c\/p\u003e \u003cp\u003eEnd-User Role.\u003c\/p\u003e \u003cp\u003eAn IT Management Model for Information Security.\u003c\/p\u003e \u003cp\u003ePolicies, Procedures, and Standards.\u003c\/p\u003e \u003cp\u003eAssigning Information Security Responsibilities.\u003c\/p\u003e \u003cp\u003eTo Whom Should Information Security Report?\u003c\/p\u003e \u003cp\u003eExecutive Roles.\u003c\/p\u003e \u003cp\u003eOrganizational Interfaces.\u003c\/p\u003e \u003cp\u003eInformation Security Staff Structure.\u003c\/p\u003e \u003cp\u003eStaffing and Funding Levels.\u003c\/p\u003e \u003cp\u003eManaging Vendors.\u003c\/p\u003e \u003cp\u003eOrganizational Culture and Legitimacy.\u003c\/p\u003e \u003cp\u003eTraining and Awareness.\u003c\/p\u003e \u003cp\u003eKey Points.\u003c\/p\u003e \u003cp\u003e\u003cb\u003e5. Case Studies.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCase Study 1—Singles Opportunity Services.\u003c\/p\u003e \u003cp\u003eBackground.\u003c\/p\u003e \u003cp\u003eDeveloping the Strategic Plan.\u003c\/p\u003e \u003cp\u003eInformation Value Analysis.\u003c\/p\u003e \u003cp\u003eRisk Analysis.\u003c\/p\u003e \u003cp\u003eTechnology Strategy.\u003c\/p\u003e \u003cp\u003eManagement Strategy.\u003c\/p\u003e \u003cp\u003eImplementation.\u003c\/p\u003e \u003cp\u003eCase Study 2—Rancho Nachos Mosquito Abatement District.\u003c\/p\u003e \u003cp\u003eBackground.\u003c\/p\u003e \u003cp\u003eDeveloping the Strategic Plan.\u003c\/p\u003e \u003cp\u003eInformation Value Analysis.\u003c\/p\u003e \u003cp\u003eRisk Analysis.\u003c\/p\u003e \u003cp\u003eTechnology Strategy.\u003c\/p\u003e \u003cp\u003eManagement Strategy.\u003c\/p\u003e \u003cp\u003eImplementation.\u003c\/p\u003e \u003cp\u003eKey Points.\u003c\/p\u003e \u003cp\u003e\u003cb\u003e6. Business and IT Strategy:\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction.\u003c\/p\u003e \u003cp\u003eStrategy and Systems of Management.\u003c\/p\u003e \u003cp\u003eBusiness Strategy Models.\u003c\/p\u003e \u003cp\u003eBoston Consulting Group Business Matrix.\u003c\/p\u003e \u003cp\u003eMichael Porter—Competitive Advantage.\u003c\/p\u003e \u003cp\u003eBusiness Process Reengineering.\u003c\/p\u003e \u003cp\u003eThe Strategy of No Strategy.\u003c\/p\u003e \u003cp\u003eIT Strategy.\u003c\/p\u003e \u003cp\u003eNolan\/Gibson Stages of Growth.\u003c\/p\u003e \u003cp\u003eInformation Engineering.\u003c\/p\u003e \u003cp\u003eRockart’s Critical Success Factors.\u003c\/p\u003e \u003cp\u003eIBM Business System Planning (BSP).\u003c\/p\u003e \u003cp\u003eSo is IT really “strategic”?\u003c\/p\u003e \u003cp\u003eIT Strategy and Information Security Strategy.\u003c\/p\u003e \u003cp\u003eKey Points.\u003c\/p\u003e \u003cp\u003e\u003cb\u003e7. Information Economics.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eConcepts of Information Protection.\u003c\/p\u003e \u003cp\u003eInformation Ownership.\u003c\/p\u003e \u003cp\u003eFrom Ownership to Asset.\u003c\/p\u003e \u003cp\u003eInformation Economics and Information Security.\u003c\/p\u003e \u003cp\u003eBasic Economic Principles.\u003c\/p\u003e \u003cp\u003eWhy is Information Economics Difficult?\u003c\/p\u003e \u003cp\u003eInformation Value—Reducing Uncertainty.\u003c\/p\u003e \u003cp\u003eInformation Value—Improved Business Processes.\u003c\/p\u003e \u003cp\u003eInformation Security Investment Economics.\u003c\/p\u003e \u003cp\u003eThe Economic Cost of Security Failures.\u003c\/p\u003e \u003cp\u003eFuture Directions in Information Economics.\u003c\/p\u003e \u003cp\u003eInformation Management Accounting—Return on Investment.\u003c\/p\u003e \u003cp\u003eEconomic Models and Management Decision Making.\u003c\/p\u003e \u003cp\u003eInformation Protection or Information Stewardship?\u003c\/p\u003e \u003cp\u003eKey Points.\u003c\/p\u003e \u003cp\u003e\u003cb\u003e8. Risk Analysis.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCompliance Versus Risk Approaches.\u003c\/p\u003e \u003cp\u003eThe “Classic” Risk Analysis Model.\u003c\/p\u003e \u003cp\u003eNewer Risk Models.\u003c\/p\u003e \u003cp\u003eProcess-Oriented Risk Models.\u003c\/p\u003e \u003cp\u003eTree-Based Risk Models.\u003c\/p\u003e \u003cp\u003eOrganizational Risk Cultures.\u003c\/p\u003e \u003cp\u003eRisk Averse, Risk Neutral, and Risk Taking Organizations.\u003c\/p\u003e \u003cp\u003eStrategic Versus Tactical Risk Analysis.\u003c\/p\u003e \u003cp\u003eWhen Compliance-based Models are Appropriate.\u003c\/p\u003e \u003cp\u003eRisk Mitigation.\u003c\/p\u003e \u003cp\u003eKey Points.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eNotes and References.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eIndex.\u003c\/b\u003e\u003c\/p\u003e\u003c\/font\u003e\u003c\/p\u003e\r\n\r\n\u003cp\u003e\u003cfont size=\"3\"\u003eSubject Areas: Computer networking \u0026amp; communications [\u003ca title=\"See our other books on Computer networking \u0026amp; communications\" href=\"https:\/\/freshlyprintedbooks.co.uk\/search?q=%22Computer%20networking%20\u0026amp;%20communications%20%5BUT%5D%22\"\u003eUT\u003c\/a\u003e]\u003c\/font\u003e\u003c\/p\u003e\r\n\r\n\r\n\u003c\/font\u003e","brand":"Wiley-IEEE Computer Society Pr","offers":[{"title":"Brand New","offer_id":52298046701848,"sku":"9780471736127","price":63.79,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0730\/2037\/5320\/files\/9780471736127.jpg?v=1781732532","url":"https:\/\/freshlyprintedbooks.co.uk\/products\/information-security-a-strategic-approach-paperback-softback-9780471736127","provider":"Freshly Printed Books","version":"1.0","type":"link"}