Search in ISMS Guides


Wednesday, December 19, 2007

Information Security Management Handbook [Sixth Edition]

Information Security Management Handbook [Sixth Edition]
Book Details
- Hardcover: 3280 pages
- Publisher: AUERBACH; 6 edition (May 14, 2007)
- Language: English
- ISBN-10: 0849374952
- ISBN-13: 978-0849374951

Book Description

Never before have there been so many laws designed to keep corporations honest. New laws and regulations force companies to develop stronger ethics policies and the shareholders themselves are holding publicly traded companies accountable for their practices. Consumers are also concerned over the privacy of their personal information and current and emerging legislation is reflecting this trend. Under these conditions, it can be difficult to know where to turn for reliable, applicable advice.

The sixth edition of the Information Security Management Handbook addresses up-to-date issues in this increasingly important area. It balances contemporary articles with relevant articles from past editions to bring you a well grounded view of the subject. The contributions cover questions important to those tasked with securing information assets including the appropriate deployment of valuable resources as well as dealing with legal compliance, investigations, and ethics. Promoting the view that the management ethics and values of an organization leads directly to its information security program and the technical, physical, and administrative controls to be implemented, the book explores topics such as risk assessments; metrics; security governance, architecture, and design; emerging threats; standards; and business continuity and disaster recovery. The text also discusses physical security including access control and cryptography, and a plethora of technology issues such as application controls, network security, virus controls, and hacking.

US federal and state legislators continue to make certain that information security is a board-level conversation and the Information Security Management Handbook, Sixth Edition continues to ensure that there you have a clear understanding of the rules and regulations and an effective method for their implementation.

Book Info
Handbook includes chapters that correspond to the 10 domains of the Certified Information System Security Professional (CISSP) examination. Previous edition: c1999. DLC: Computer security--Management--Handbooks, manuals, etc. --This text refers to an out of print or unavailable edition of this title.

IT Auditing: Using Controls to Protect Information Assets [Book]

IT Auditing: Using Controls to Protect Information Assets
Book Details :

- Paperback: 387 pages
- Publisher: McGraw-Hill Osborne Media; 1 edition (December 22, 2006)
- Language: English
- ISBN-10: 0072263431
- ISBN-13: 978-0072263435

Book Description
Protect Your Systems with Proven IT Auditing Strategies

"A must-have for auditors and IT professionals." -Doug Dexter, CISSP-ISSMP, CISA, Audit Team Lead, Cisco Systems, Inc.

Plan for and manage an effective IT audit program using the in-depth information contained in this comprehensive resource. Written by experienced IT audit and security professionals, IT Auditing: Using Controls to Protect Information Assets covers the latest auditing tools alongside real-world examples, ready-to-use checklists, and valuable templates. Inside, you'll learn how to analyze Windows, UNIX, and Linux systems; secure databases; examine wireless networks and devices; and audit applications. Plus, you'll get up-to-date information on legal standards and practices, privacy and ethical issues, and the CobiT standard.

Build and maintain an IT audit function with maximum effectiveness and value

-Implement best practice IT audit processes and controls
-Analyze UNIX-, Linux-, and Windows-based operating systems
-Audit network routers, switches, firewalls, WLANs, and mobile devices
-Evaluate entity-level controls, data centers, and disaster recovery plans
-Examine Web servers, platforms, and applications for vulnerabilities
-Review databases for critical controls
-Use the COSO, CobiT, ITIL, ISO, and NSA INFOSEC methodologies
-Implement sound risk analysis and risk management practices
-Drill down into applications to find potential control weaknesses

About the Author

Chris Davis, CISA, CISSP, shares his experience from architecting, hardening, and auditing systems. He has trained auditors and forensic analysts. Davis is the coauthor of the bestselling Hacking Exposed: Computer Forensics.

Mike Schiller, CISA, has 14 years of experience in the IT audit field, most recently as the worldwide IT Audit Manager at Texas Instruments.

Kevin Wheeler, CISA, CISSP, NSA IAM/IEM, is the founder and CEO of InfoDefense and has over ten years of IT security experience.