Creating an Information Security Program from Scratch
- Length: 222 pages
- Edition: 1
- Language: English
- Publisher: CRC Press
- Publication Date: 2021-09-15
- ISBN-10: 036755464X
- ISBN-13: 9780367554644
- Sales Rank: #0 (See Top 100 Books)
This book is written for the first security hire in an organization, either an individual moving into this role from within the organization or hired into the role. More and more, organizations are realizing that information security requires a dedicated team with leadership distinct from information technology, and often the people who are placed into those positions have no idea where to start or how to prioritize.
There are many issues competing for their attention, standards that say do this or do that, laws, regulations, customer demands, and no guidance on what is actually effective. This book offers guidance on approaches that work for how you prioritize and build a comprehensive information security program that protects your organization.
While most books targeted at information security professionals explore specific subjects with deep expertise, this book explores the depth and breadth of the field. Instead of exploring a technology such as cloud security or a technique such as risk analysis, this book places those into the larger context of how to meet an organization’s needs, how to prioritize, and what success looks like. Guides to the maturation of practice are offered, along with pointers for each topic on where to go for an in-depth exploration of each topic.
Unlike more typical books on information security that advocate a single perspective, this book explores competing perspectives with an eye to providing the pros and cons of the different approaches and the implications of choices on implementation and on maturity, as often a choice on an approach needs to change as an organization grows and matures.
Cover Half Title Title Page Copyright Page Dedication Table of Contents Preface Chapter 1: Getting Started Risk Analysis Frameworks OCTAVE National Institute of Standards and Technology (NIST) Special Publication (SP) 800-30r1 Center for Internet Security Risk Assessment Method Factor Analysis of Information Risk (FAIR) Risk Management NIST Special Publication 800-39 ISO 27005:2018 RISK IT Compliance Frameworks NIST SP 800-53 NIST Cyber Security Framework Center for Internet Security Critical Security Controls Payment Card Industry Data Security Standard ISO 27000 Family COBIT Cloud Security Alliance STAR Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy Notes and for Further Study Chapter 2: The Things You Must Do Policy Procedures Standards Guidance Planning Notes and for Further Study Chapter 3: Asset Management Notes and for Further Study Chapter 4: Vulnerability Management Notes and for Further Study Chapter 5: Incident Management Notes and for Further Study Chapter 6: The Endpoint Notes and for Further Study Chapter 7: Email Security Notes and for Further Study Chapter 8: The Network Notes and for Further Study Chapter 9: Integrating Security into Software Development Notes and for Further Study Chapter 10: Disasters Notes and for Further Study Chapter 11: Access Control Notes and for Further Study Chapter 12: Human Issues Notes and for Further Study Chapter 13: Maturity Notes and for Further Study Index
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.