skip to content
Information security : design, implementation, measurement, and compliance Preview this item
ClosePreview this item

Information security : design, implementation, measurement, and compliance

Author: Timothy P Layton
Publisher: Boca Raton : Auerbach Publications, ©2007.
Edition/Format:   eBook : Document : EnglishView all editions and formats
Summary:
Fortunately, Information Security: Design, Implementation, Measurement, and Compliance outlines a complete roadmap to successful adaptation and implementation of a security program based on the ISO/IEC 17799:2005 (27002) Code of Practice for Information Security Management. The book first describes a risk assessment model, a detailed risk assessment methodology, and an information security evaluation process. Upon  Read more...
Rating:

(not yet rated) 0 with reviews - Be the first.

Subjects
More like this

 

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...

Details

Genre/Form: Electronic books
Normes
Additional Physical Format: Print version:
Layton, Timothy P.
Information security.
Boca Raton : Auerbach Publications, ©2007
(DLC) 2006047620
(OCoLC)70129222
Material Type: Document, Internet resource
Document Type: Internet Resource, Computer File
All Authors / Contributors: Timothy P Layton
ISBN: 9781420013412 1420013416
OCLC Number: 85767153
Reproduction Notes: Electronic reproduction. [S.l.] : HathiTrust Digital Library, 2010. MiAaHDL
Description: 1 online resource (222 pages)
Details: Master and use copy. Digital master created according to Benchmark for Faithful Digital Reproductions of Monographs and Serials, Version 1. Digital Library Federation, December 2002.
Contents: EVALUATING AND MEASURING AN INFORMATION SECURITY PROGRAMINFORMATION SECURITY RISK ASSESSMENT MODEL (ISRAM (TM)). Background. Linkage. Risk Assessment Types. Relationship to Other Models and Standards. Terminology. Risk Assessment Relationship. Information Security Risk Assessment Model (ISRAM). ReferencesGLOBAL INFORMATION SECURITY ASSESSMENT METHODOLOGY (GISAM (TM)). GISAM and ISRAM Relationship. GISAM Design Criteria. General Assessment Types. GISAM Components. ReferencesDEVELOPING AN INFORMATION SECURITY EVALUATION (ISE (TM)) PROCESS. The Culmination of ISRAM and GISAM. Business ProcessA SECURITY BASELINE. KRI Security Baseline Controls. Security Baseline. Information Security Policy Document. Management Commitment to Information Security. Allocation of Information Security Responsibilities. Independent Review of Information Security. Identification of Risks Related to External Parties. Inventory of Assets. Classification Guidelines. Screening. Information Security Awareness, Education, and Training. Removal of Access Rights. Physical Security Perimeter. Protecting Against External and Environmental Threats. Secure Disposal or Reuse of Equipment. Documented Operating Procedures. Change Management. Segregation of Duties. System Acceptance. Controls against Malicious Code. Management of Removable Media. Information Handling Procedures. Physical Media in Transit. Electronic Commerce. Access Control Policy. User Registration. Segregation in Networks. Teleworking. Security Requirements Analysis and Specification. Policy on the Use of Cryptographic Controls. Protection of System Test Data. Control of Technical Vulnerabilities. Reporting Information Security Events. Including Information Security in the Business Continuity Process. Identification of Applicable Legislation. Data Protection and Privacy of Personal Information. Technical Compliance Checking. ReferencesBACKGROUND OF THE ISO/IEC 17799 STANDARD. History of the Standard. Internals of the Standard. Guidance for Use. High-Level Objectives. ISO/IEC Defined. ReferencesISO/IEC 17799:2005 GAP ANALYSIS. Overview. Guidance for Use. General Changes. Security Policy. Organization of Information Security. Asset Management. Human Resources Security. Physical and Environmental Security. Communications and Operations Management. Access Control. Information Systems Acquisition, Development, and Maintenance. Information Security Incident Management. Business Continuity Management. Compliance. ReferencesANALYSIS OF ISO/IEC 17799:2005 (27002) CONTROLSSECURITY POLICY. Information Security Policy. Summary. ReferencesORGANIZATION OF INFORMATION SECURITY. Internal Organization. External Parties. Summary. ReferencesASSET MANAGEMENT. Responsibility for Assets. Information Classification. Summary. ReferencesHUMAN RESOURCES SECURITY. Prior to Employment. During Employment. Termination or Change of Employment. Summary. ReferencesPHYSICAL AND ENVIRONMENTAL SECURITY. Secure Areas. Equipment Security. Summary. ReferencesCOMMUNICATIONS AND OPERATIONS MANAGEMENT. Operational Procedures and Responsibilities. Third-Party Service Delivery Management. System Planning and Acceptance. Protection against Malicious and Mobile Code. Backup. Network Security Management. Media Handling. Exchange of Information. Electronic Commerce Services. Monitoring. Summary. ReferencesACCESS CONTROL. Business Requirements for Access Control. User Access Management. User Responsibilities. Network Access Control. Operating System Access Control. Application and Information Access Control. Mobile Computing and Teleworking. Summary. ReferencesINFORMATION SYSTEMS ACQUISITION, DEVELOPMENT, AND MAINTENANCE. Security Requirements of Information Systems. Correct Processing in Applications. Cryptographic Controls. Security of System Files. Security in Development and Support Processes. Technical Vulnerability Management. Summary. ReferencesINFORMATION SECURITY INCIDENT MANAGEMENT. Reporting Information Security Events and Weaknesses. Management of Information Security Incidents and Improvements. Summary. ReferencesBUSINESS CONTINUITY MANAGEMENT. Information Security Aspects of Business Continuity Management. Summary. ReferencesCOMPLIANCE. Compliance with Legal Requirements. Compliance with Security Policies and Standards, and Technical Compliance. Information Systems Audit Considerations. Summary. ReferencesAPPENDIX A: ISO STANDARDS CITED IN ISO/IEC 17799:2005APPENDIX B: GENERAL REFERENCESINDEX
Responsibility: Timothy P. Layton.
More information:

Abstract:

Presents a perspective of the ISO/IEC 17799 Information Security Standard and provides an analysis of how to effectively measure an information security program using this standard. This book  Read more...

Reviews

User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...

Tags

Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Linked Data


Primary Entity

<http://www.worldcat.org/oclc/85767153> # Information security : design, implementation, measurement, and compliance
    a schema:CreativeWork, schema:Book, schema:MediaObject ;
   library:oclcnum "85767153" ;
   library:placeOfPublication <http://id.loc.gov/vocabulary/countries/flu> ;
   library:placeOfPublication <http://experiment.worldcat.org/entity/work/data/797233052#Place/boca_raton> ; # Boca Raton
   schema:about <http://id.worldcat.org/fast/874699> ; # Confidential business information
   schema:about <http://id.worldcat.org/fast/842307> ; # Business--Data processing--Security measures
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_leadership> ; # BUSINESS & ECONOMICS--Leadership
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/protection_de_l_information_informatique> ; # Protection de l'information (Informatique)
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#CreativeWork/norme_iso_17799> ; # Norme ISO 17799.
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_organizational_development> ; # BUSINESS & ECONOMICS--Organizational Development
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_corporate_governance> ; # BUSINESS & ECONOMICS--Corporate Governance
   schema:about <http://id.worldcat.org/fast/887958> ; # Data protection
   schema:about <http://dewey.info/class/658.478/e22/> ;
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/databescherming> ; # Databescherming
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/computerbeveiliging> ; # Computerbeveiliging
   schema:about <http://id.worldcat.org/fast/872484> ; # Computer security
   schema:about <http://id.loc.gov/authorities/subjects/sh2009117958> ; # Business--Data processing--Security measures
   schema:about <http://id.loc.gov/authorities/subjects/sh95010367> ; # Business enterprises--Computer networks--Security measures
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/securite_informatique> ; # Sécurité informatique
   schema:about <http://id.worldcat.org/fast/842535> ; # Business enterprises--Computer networks--Security measures
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/informatietechnologie> ; # Informatietechnologie
   schema:about <http://id.worldcat.org/fast/1098146> ; # Risk assessment
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_workplace_culture> ; # BUSINESS & ECONOMICS--Workplace Culture
   schema:bookFormat schema:EBook ;
   schema:copyrightYear "2007" ;
   schema:creator <http://viaf.org/viaf/81106722> ; # Timothy P. Layton
   schema:datePublished "2007" ;
   schema:description "Fortunately, Information Security: Design, Implementation, Measurement, and Compliance outlines a complete roadmap to successful adaptation and implementation of a security program based on the ISO/IEC 17799:2005 (27002) Code of Practice for Information Security Management. The book first describes a risk assessment model, a detailed risk assessment methodology, and an information security evaluation process. Upon this foundation, the author presents a proposed security baseline for all organizations, an executive summary of the ISO/IEC 17799 standard, and a gap analysis exposing the differenc."@en ;
   schema:exampleOfWork <http://worldcat.org/entity/work/id/797233052> ;
   schema:genre "Electronic books"@en ;
   schema:inLanguage "en" ;
   schema:isSimilarTo <http://www.worldcat.org/oclc/70129222> ;
   schema:name "Information security : design, implementation, measurement, and compliance"@en ;
   schema:productID "85767153" ;
   schema:publication <http://www.worldcat.org/title/-/oclc/85767153#PublicationEvent/boca_raton_auerbach_publications_2007> ;
   schema:publisher <http://experiment.worldcat.org/entity/work/data/797233052#Agent/auerbach_publications> ; # Auerbach Publications
   schema:url <http://catalog.hathitrust.org/api/volumes/oclc/70129222.html> ;
   schema:url <http://public.eblib.com/choice/publicfullrecord.aspx?p=267956> ;
   schema:url <http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=165213> ;
   schema:url <https://www.taylorfrancis.com/books/9781420013412> ;
   schema:url <http://itknowledgebase.net/books/5173/au7087_fm.pdf> ;
   schema:url <http://books.google.com/books?id=NC5PAAAAMAAJ> ;
   schema:url <http://www.crcnetbase.com/isbn/9781420013412> ;
   schema:url <http://www.crcnetbase.com/isbn/9780849370878> ;
   schema:url <http://site.ebrary.com/id/10150623> ;
   schema:url <http://www.myilibrary.com?id=65164&ref=toc> ;
   schema:url <http://www.myilibrary.com?id=65164> ;
   schema:workExample <http://worldcat.org/isbn/9781420013412> ;
   wdrs:describedby <http://www.worldcat.org/title/-/oclc/85767153> ;
    .


Related Entities

<http://experiment.worldcat.org/entity/work/data/797233052#Agent/auerbach_publications> # Auerbach Publications
    a bgn:Agent ;
   schema:name "Auerbach Publications" ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_corporate_governance> # BUSINESS & ECONOMICS--Corporate Governance
    a schema:Intangible ;
   schema:name "BUSINESS & ECONOMICS--Corporate Governance"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_leadership> # BUSINESS & ECONOMICS--Leadership
    a schema:Intangible ;
   schema:name "BUSINESS & ECONOMICS--Leadership"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_organizational_development> # BUSINESS & ECONOMICS--Organizational Development
    a schema:Intangible ;
   schema:name "BUSINESS & ECONOMICS--Organizational Development"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_workplace_culture> # BUSINESS & ECONOMICS--Workplace Culture
    a schema:Intangible ;
   schema:name "BUSINESS & ECONOMICS--Workplace Culture"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/computerbeveiliging> # Computerbeveiliging
    a schema:Intangible ;
   schema:name "Computerbeveiliging"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/informatietechnologie> # Informatietechnologie
    a schema:Intangible ;
   schema:name "Informatietechnologie"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/protection_de_l_information_informatique> # Protection de l'information (Informatique)
    a schema:Intangible ;
   schema:name "Protection de l'information (Informatique)"@fr ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/securite_informatique> # Sécurité informatique
    a schema:Intangible ;
   schema:name "Sécurité informatique"@fr ;
    .

<http://id.loc.gov/authorities/subjects/sh2009117958> # Business--Data processing--Security measures
    a schema:Intangible ;
   schema:name "Business--Data processing--Security measures"@en ;
    .

<http://id.loc.gov/authorities/subjects/sh95010367> # Business enterprises--Computer networks--Security measures
    a schema:Intangible ;
   schema:name "Business enterprises--Computer networks--Security measures"@en ;
    .

<http://id.worldcat.org/fast/1098146> # Risk assessment
    a schema:Intangible ;
   schema:name "Risk assessment"@en ;
    .

<http://id.worldcat.org/fast/842307> # Business--Data processing--Security measures
    a schema:Intangible ;
   schema:name "Business--Data processing--Security measures"@en ;
    .

<http://id.worldcat.org/fast/842535> # Business enterprises--Computer networks--Security measures
    a schema:Intangible ;
   schema:name "Business enterprises--Computer networks--Security measures"@en ;
    .

<http://id.worldcat.org/fast/872484> # Computer security
    a schema:Intangible ;
   schema:name "Computer security"@en ;
    .

<http://id.worldcat.org/fast/874699> # Confidential business information
    a schema:Intangible ;
   schema:name "Confidential business information"@en ;
    .

<http://id.worldcat.org/fast/887958> # Data protection
    a schema:Intangible ;
   schema:name "Data protection"@en ;
    .

<http://viaf.org/viaf/81106722> # Timothy P. Layton
    a schema:Person ;
   schema:familyName "Layton" ;
   schema:givenName "Timothy P." ;
   schema:name "Timothy P. Layton" ;
    .

<http://worldcat.org/isbn/9781420013412>
    a schema:ProductModel ;
   schema:isbn "1420013416" ;
   schema:isbn "9781420013412" ;
    .

<http://www.worldcat.org/oclc/70129222>
    a schema:CreativeWork ;
   rdfs:label "Information security." ;
   schema:description "Print version:" ;
   schema:isSimilarTo <http://www.worldcat.org/oclc/85767153> ; # Information security : design, implementation, measurement, and compliance
    .

<https://www.taylorfrancis.com/books/9781420013412>
   rdfs:comment "from Taylor & Francis" ;
    .


Content-negotiable representations

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.