skip to content
Information security : design, implementation, measurement, and compliance Preview this item
ClosePreview this item
Checking...

Information security : design, implementation, measurement, and compliance

Author: Timothy P Layton
Publisher: Boca Raton : Auerbach Publications, ©2007.
Edition/Format:   eBook : Document : EnglishView all editions and formats
Summary:
Fortunately, Information Security: Design, Implementation, Measurement, and Compliance outlines a complete roadmap to successful adaptation and implementation of a security program based on the ISO/IEC 17799:2005 (27002) Code of Practice for Information Security Management. The book first describes a risk assessment model, a detailed risk assessment methodology, and an information security evaluation process. Upon  Read more...
Rating:

(not yet rated) 0 with reviews - Be the first.

Subjects
More like this

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...

Details

Genre/Form: Electronic books
Normes
Additional Physical Format: Print version:
Layton, Timothy P.
Information security.
Boca Raton : Auerbach Publications, ©2007
(DLC) 2006047620
(OCoLC)70129222
Material Type: Document, Internet resource
Document Type: Internet Resource, Computer File
All Authors / Contributors: Timothy P Layton
ISBN: 9781420013412 1420013416
OCLC Number: 85767153
Reproduction Notes: Electronic reproduction. [S.l.] : HathiTrust Digital Library, 2010. MiAaHDL
Description: 1 online resource (222 pages)
Details: Master and use copy. Digital master created according to Benchmark for Faithful Digital Reproductions of Monographs and Serials, Version 1. Digital Library Federation, December 2002.
Contents: EVALUATING AND MEASURING AN INFORMATION SECURITY PROGRAM; ; INFORMATION SECURITY RISK ASSESSMENT MODEL (ISRAM™); . Background; . Linkage; . Risk Assessment Types; . Relationship to Other Models and Standards; . Terminology; . Risk Assessment Relationship; . Information Security Risk Assessment Model (ISRAM); . References; GLOBAL INFORMATION SECURITY ASSESSMENT METHODOLOGY (GISAM™); . GISAM and ISRAM Relationship; . GISAM Design Criteria; . General Assessment Types; . GISAM Components; . References; DEVELOPING AN INFORMATION SECURITY EVALUATION (ISE™) PROCESS; . The Culmination of ISRAM and GISAM; . Business Process; A SECURITY BASELINE; . KRI Security Baseline Controls; . Security Baseline; . Information Security Policy Document; . Management Commitment to Information Security; . Allocation of Information Security Responsibilities; . Independent Review of Information Security; . Identification of Risks Related to External Parties; . Inventory of Assets; . Classification Guidelines; . Screening; . Information Security Awareness, Education, and Training; . Removal of Access Rights; . Physical Security Perimeter; . Protecting Against External and Environmental Threats; . Secure Disposal or Reuse of Equipment; . Documented Operating Procedures; . Change Management; . Segregation of Duties; . System Acceptance; . Controls against Malicious Code; . Management of Removable Media; . Information Handling Procedures; . Physical Media in Transit; . Electronic Commerce; . Access Control Policy; . User Registration; . Segregation in Networks; . Teleworking; . Security Requirements Analysis and Specification; . Policy on the Use of Cryptographic Controls; . Protection of System Test Data; . Control of Technical Vulnerabilities; . Reporting Information Security Events; . Including Information Security in the Business Continuity Process; . Identification of Applicable Legislation; . Data Protection and Privacy of Personal Information; . Technical Compliance Checking; . References; BACKGROUND OF THE ISO/IEC 17799 STANDARD; . History of the Standard; . Internals of the Standard; . Guidance for Use; . High-Level Objectives; . ISO/IEC Defined; . References; ISO/IEC 17799:2005 GAP ANALYSIS; . Overview; . Guidance for Use; . General Changes; . Security Policy; . Organization of Information Security; . Asset Management; . Human Resources Security; . Physical and Environmental Security; . Communications and Operations Management; . Access Control; . Information Systems Acquisition, Development, and Maintenance; . Information Security Incident Management; . Business Continuity Management; . Compliance; . Exchange of Information; . Electronic Commerce Services; . Monitoring; . Summary; . References; ACCESS CONTROL; . Business Requirements for Access Control; . User Access Management; . User Responsibilities; . Network Access Control; . Operating System Access Control; . Application and Information Access Control; . Mobile Computing and Teleworking; . Summary; . References; INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT, AND MAINTENANCE; . Security Requirements of Information Systems; . Correct Processing in Applications; . Cryptographic Controls; . Security of System Files; . Security in Development and Support Processes; . Technical Vulnerability Management; . Summary; . References; INFORMATION SECURITY INCIDENT MANAGEMENT; . Reporting Information Security Events and Weaknesses; . Management of Information Security Incidents and Improvements; . Summary; .
Responsibility: Timothy P. Layton.
More information:

Abstract:

Presents a perspective of the ISO/IEC 17799 Information Security Standard and provides an analysis of how to effectively measure an information security program using this standard. This book  Read more...

Reviews

User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...

Tags

Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Linked Data


Primary Entity

<http://www.worldcat.org/oclc/85767153> # Information security : design, implementation, measurement, and compliance
    a schema:CreativeWork, schema:Book, schema:MediaObject ;
    library:oclcnum "85767153" ;
    library:placeOfPublication <http://id.loc.gov/vocabulary/countries/flu> ;
    library:placeOfPublication <http://experiment.worldcat.org/entity/work/data/797233052#Place/boca_raton> ; # Boca Raton
    schema:about <http://id.worldcat.org/fast/874699> ; # Confidential business information
    schema:about <http://id.worldcat.org/fast/842307> ; # Business--Data processing--Security measures
    schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_leadership> ; # BUSINESS & ECONOMICS--Leadership
    schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/protection_de_l_information_informatique> ; # Protection de l'information (Informatique)
    schema:about <http://experiment.worldcat.org/entity/work/data/797233052#CreativeWork/norme_iso_17799> ; # Norme ISO 17799.
    schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_organizational_development> ; # BUSINESS & ECONOMICS--Organizational Development
    schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_corporate_governance> ; # BUSINESS & ECONOMICS--Corporate Governance
    schema:about <http://id.worldcat.org/fast/887958> ; # Data protection
    schema:about <http://dewey.info/class/658.478/e22/> ;
    schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/databescherming> ; # Databescherming
    schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/computerbeveiliging> ; # Computerbeveiliging
    schema:about <http://id.worldcat.org/fast/872484> ; # Computer security
    schema:about <http://id.loc.gov/authorities/subjects/sh2009117958> ; # Business--Data processing--Security measures
    schema:about <http://id.loc.gov/authorities/subjects/sh95010367> ; # Business enterprises--Computer networks--Security measures
    schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/securite_informatique> ; # Sécurité informatique
    schema:about <http://id.worldcat.org/fast/842535> ; # Business enterprises--Computer networks--Security measures
    schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/informatietechnologie> ; # Informatietechnologie
    schema:about <http://id.worldcat.org/fast/1098146> ; # Risk assessment
    schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_workplace_culture> ; # BUSINESS & ECONOMICS--Workplace Culture
    schema:bookFormat schema:EBook ;
    schema:copyrightYear "2007" ;
    schema:creator <http://viaf.org/viaf/81106722> ; # Timothy P. Layton
    schema:datePublished "2007" ;
    schema:description "EVALUATING AND MEASURING AN INFORMATION SECURITY PROGRAM; ; INFORMATION SECURITY RISK ASSESSMENT MODEL (ISRAM™); . Background; . Linkage; . Risk Assessment Types; . Relationship to Other Models and Standards; . Terminology; . Risk Assessment Relationship; . Information Security Risk Assessment Model (ISRAM); . References; GLOBAL INFORMATION SECURITY ASSESSMENT METHODOLOGY (GISAM™); . GISAM and ISRAM Relationship; . GISAM Design Criteria; . General Assessment Types; . GISAM Components; . References; DEVELOPING AN INFORMATION SECURITY EVALUATION (ISE™) PROCESS; . The Culmination of ISRAM and GISAM; . Business Process; A SECURITY BASELINE; . KRI Security Baseline Controls; . Security Baseline; . Information Security Policy Document; . Management Commitment to Information Security; . Allocation of Information Security Responsibilities; . Independent Review of Information Security; ."@en ;
    schema:description "Reporting Information Security Events; . Including Information Security in the Business Continuity Process; . Identification of Applicable Legislation; . Data Protection and Privacy of Personal Information; . Technical Compliance Checking; . References; BACKGROUND OF THE ISO/IEC 17799 STANDARD; . History of the Standard; . Internals of the Standard; . Guidance for Use; . High-Level Objectives; . ISO/IEC Defined; . References; ISO/IEC 17799:2005 GAP ANALYSIS; . Overview; . Guidance for Use; . General Changes; . Security Policy; . Organization of Information Security; . Asset Management; . Human Resources Security; . Physical and Environmental Security; . Communications and Operations Management; . Access Control; . Information Systems Acquisition, Development, and Maintenance; . Information Security Incident Management; . Business Continuity Management; . Compliance; ."@en ;
    schema:description "Fortunately, Information Security: Design, Implementation, Measurement, and Compliance outlines a complete roadmap to successful adaptation and implementation of a security program based on the ISO/IEC 17799:2005 (27002) Code of Practice for Information Security Management. The book first describes a risk assessment model, a detailed risk assessment methodology, and an information security evaluation process. Upon this foundation, the author presents a proposed security baseline for all organizations, an executive summary of the ISO/IEC 17799 standard, and a gap analysis exposing the differenc."@en ;
    schema:description "Exchange of Information; . Electronic Commerce Services; . Monitoring; . Summary; . References; ACCESS CONTROL; . Business Requirements for Access Control; . User Access Management; . User Responsibilities; . Network Access Control; . Operating System Access Control; . Application and Information Access Control; . Mobile Computing and Teleworking; . Summary; . References; INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT, AND MAINTENANCE; . Security Requirements of Information Systems; . Correct Processing in Applications; . Cryptographic Controls; . Security of System Files; . Security in Development and Support Processes; . Technical Vulnerability Management; . Summary; . References; INFORMATION SECURITY INCIDENT MANAGEMENT; . Reporting Information Security Events and Weaknesses; . Management of Information Security Incidents and Improvements; . Summary; ."@en ;
    schema:description "Identification of Risks Related to External Parties; . Inventory of Assets; . Classification Guidelines; . Screening; . Information Security Awareness, Education, and Training; . Removal of Access Rights; . Physical Security Perimeter; . Protecting Against External and Environmental Threats; . Secure Disposal or Reuse of Equipment; . Documented Operating Procedures; . Change Management; . Segregation of Duties; . System Acceptance; . Controls against Malicious Code; . Management of Removable Media; . Information Handling Procedures; . Physical Media in Transit; . Electronic Commerce; . Access Control Policy; . User Registration; . Segregation in Networks; . Teleworking; . Security Requirements Analysis and Specification; . Policy on the Use of Cryptographic Controls; . Protection of System Test Data; . Control of Technical Vulnerabilities; ."@en ;
    schema:exampleOfWork <http://worldcat.org/entity/work/id/797233052> ;
    schema:genre "Electronic books"@en ;
    schema:inLanguage "en" ;
    schema:isSimilarTo <http://www.worldcat.org/oclc/70129222> ;
    schema:name "Information security : design, implementation, measurement, and compliance"@en ;
    schema:productID "85767153" ;
    schema:publication <http://www.worldcat.org/title/-/oclc/85767153#PublicationEvent/boca_raton_auerbach_publications_2007> ;
    schema:publisher <http://experiment.worldcat.org/entity/work/data/797233052#Agent/auerbach_publications> ; # Auerbach Publications
    schema:url <http://catalog.hathitrust.org/api/volumes/oclc/70129222.html> ;
    schema:url <http://public.eblib.com/choice/publicfullrecord.aspx?p=267956> ;
    schema:url <https://nls.ldls.org.uk/welcome.html?ark:/81055/vdc_100046677952.0x000001> ;
    schema:url <http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=165213> ;
    schema:url <http://itknowledgebase.net/books/5173/au7087_fm.pdf> ;
    schema:url <http://books.google.com/books?id=NC5PAAAAMAAJ> ;
    schema:url <http://www.crcnetbase.com/isbn/9781420013412> ;
    schema:url <http://www.crcnetbase.com/isbn/9780849370878> ;
    schema:url <http://site.ebrary.com/id/10150623> ;
    schema:url <http://www.myilibrary.com?id=65164&ref=toc> ;
    schema:url <http://proxy.library.carleton.ca/login?url=https://www.taylorfrancis.com/books/9781420013412> ;
    schema:url <http://www.myilibrary.com?id=65164> ;
    schema:workExample <http://worldcat.org/isbn/9781420013412> ;
    umbel:isLike <http://bnb.data.bl.uk/id/resource/GBB7D1358> ;
    wdrs:describedby <http://www.worldcat.org/title/-/oclc/85767153> ;
    .


Related Entities

<http://experiment.worldcat.org/entity/work/data/797233052#Agent/auerbach_publications> # Auerbach Publications
    a bgn:Agent ;
    schema:name "Auerbach Publications" ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_corporate_governance> # BUSINESS & ECONOMICS--Corporate Governance
    a schema:Intangible ;
    schema:name "BUSINESS & ECONOMICS--Corporate Governance"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_leadership> # BUSINESS & ECONOMICS--Leadership
    a schema:Intangible ;
    schema:name "BUSINESS & ECONOMICS--Leadership"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_organizational_development> # BUSINESS & ECONOMICS--Organizational Development
    a schema:Intangible ;
    schema:name "BUSINESS & ECONOMICS--Organizational Development"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_workplace_culture> # BUSINESS & ECONOMICS--Workplace Culture
    a schema:Intangible ;
    schema:name "BUSINESS & ECONOMICS--Workplace Culture"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/computerbeveiliging> # Computerbeveiliging
    a schema:Intangible ;
    schema:name "Computerbeveiliging"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/informatietechnologie> # Informatietechnologie
    a schema:Intangible ;
    schema:name "Informatietechnologie"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/protection_de_l_information_informatique> # Protection de l'information (Informatique)
    a schema:Intangible ;
    schema:name "Protection de l'information (Informatique)"@fr ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/securite_informatique> # Sécurité informatique
    a schema:Intangible ;
    schema:name "Sécurité informatique"@fr ;
    .

<http://id.loc.gov/authorities/subjects/sh2009117958> # Business--Data processing--Security measures
    a schema:Intangible ;
    schema:name "Business--Data processing--Security measures"@en ;
    .

<http://id.loc.gov/authorities/subjects/sh95010367> # Business enterprises--Computer networks--Security measures
    a schema:Intangible ;
    schema:name "Business enterprises--Computer networks--Security measures"@en ;
    .

<http://id.worldcat.org/fast/1098146> # Risk assessment
    a schema:Intangible ;
    schema:name "Risk assessment"@en ;
    .

<http://id.worldcat.org/fast/842307> # Business--Data processing--Security measures
    a schema:Intangible ;
    schema:name "Business--Data processing--Security measures"@en ;
    .

<http://id.worldcat.org/fast/842535> # Business enterprises--Computer networks--Security measures
    a schema:Intangible ;
    schema:name "Business enterprises--Computer networks--Security measures"@en ;
    .

<http://id.worldcat.org/fast/872484> # Computer security
    a schema:Intangible ;
    schema:name "Computer security"@en ;
    .

<http://id.worldcat.org/fast/874699> # Confidential business information
    a schema:Intangible ;
    schema:name "Confidential business information"@en ;
    .

<http://id.worldcat.org/fast/887958> # Data protection
    a schema:Intangible ;
    schema:name "Data protection"@en ;
    .

<http://viaf.org/viaf/81106722> # Timothy P. Layton
    a schema:Person ;
    schema:familyName "Layton" ;
    schema:givenName "Timothy P." ;
    schema:name "Timothy P. Layton" ;
    .

<http://worldcat.org/isbn/9781420013412>
    a schema:ProductModel ;
    schema:isbn "1420013416" ;
    schema:isbn "9781420013412" ;
    .

<http://www.worldcat.org/oclc/70129222>
    a schema:CreativeWork ;
    rdfs:label "Information security." ;
    schema:description "Print version:" ;
    schema:isSimilarTo <http://www.worldcat.org/oclc/85767153> ; # Information security : design, implementation, measurement, and compliance
    .

<http://www.worldcat.org/title/-/oclc/85767153>
    a genont:InformationResource, genont:ContentTypeGenericResource ;
    schema:about <http://www.worldcat.org/oclc/85767153> ; # Information security : design, implementation, measurement, and compliance
    schema:dateModified "2018-09-15" ;
    void:inDataset <http://purl.oclc.org/dataset/WorldCat> ;
    .


Content-negotiable representations

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.