skip to content
Information security : design, implementation, measurement, and compliance Preview this item
ClosePreview this item
Checking...

Information security : design, implementation, measurement, and compliance

Author: Timothy P Layton
Publisher: Boca Raton : Auerbach Publications, ©2007.
Edition/Format:   eBook : Document : EnglishView all editions and formats
Database:WorldCat
Summary:
Fortunately, Information Security: Design, Implementation, Measurement, and Compliance outlines a complete roadmap to successful adaptation and implementation of a security program based on the ISO/IEC 17799:2005 (27002) Code of Practice for Information Security Management. The book first describes a risk assessment model, a detailed risk assessment methodology, and an information security evaluation process. Upon  Read more...
Rating:

(not yet rated) 0 with reviews - Be the first.

Subjects
More like this

 

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...

Details

Genre/Form: Electronic books
Normes
Additional Physical Format: Print version:
Layton, Timothy P.
Information security.
Boca Raton : Auerbach Publications, ©2007
(DLC) 2006047620
(OCoLC)70129222
Material Type: Document, Internet resource
Document Type: Internet Resource, Computer File
All Authors / Contributors: Timothy P Layton
ISBN: 9781420013412 1420013416
OCLC Number: 85767153
Reproduction Notes: Electronic reproduction. [S.l.] : HathiTrust Digital Library, 2010. MiAaHDL
Description: 1 online resource (222 pages)
Details: Master and use copy. Digital master created according to Benchmark for Faithful Digital Reproductions of Monographs and Serials, Version 1. Digital Library Federation, December 2002.
Contents: EVALUATING AND MEASURING AN INFORMATION SECURITY PROGRAM INFORMATION SECURITY RISK ASSESSMENT MODEL (ISRAM(TM)) . Background . Linkage . Risk Assessment Types . Relationship to Other Models and Standards . Terminology . Risk Assessment Relationship . Information Security Risk Assessment Model (ISRAM) . References GLOBAL INFORMATION SECURITY ASSESSMENT METHODOLOGY (GISAM(TM)) . GISAM and ISRAM Relationship . GISAM Design Criteria . General Assessment Types . GISAM Components . References DEVELOPING AN INFORMATION SECURITY EVALUATION (ISE(TM)) PROCESS . The Culmination of ISRAM and GISAM . Business Process A SECURITY BASELINE . KRI Security Baseline Controls . Security Baseline . Information Security Policy Document . Management Commitment to Information Security . Allocation of Information Security Responsibilities . Independent Review of Information Security . Identification of Risks Related to External Parties . Inventory of Assets . Classification Guidelines . Screening . Information Security Awareness, Education, and Training . Removal of Access Rights . Physical Security Perimeter . Protecting Against External and Environmental Threats . Secure Disposal or Reuse of Equipment . Documented Operating Procedures . Change Management . Segregation of Duties . System Acceptance . Controls against Malicious Code . Management of Removable Media . Information Handling Procedures . Physical Media in Transit . Electronic Commerce . Access Control Policy . User Registration . Segregation in Networks . Teleworking . Security Requirements Analysis and Specification . Policy on the Use of Cryptographic Controls . Protection of System Test Data . Control of Technical Vulnerabilities . Reporting Information Security Events . Including Information Security in the Business Continuity Process . Identification of Applicable Legislation . Data Protection and Privacy of Personal Information . Technical Compliance Checking . References BACKGROUND OF THE ISO/IEC 17799 STANDARD . History of the Standard . Internals of the Standard . Guidance for Use . High-Level Objectives . ISO/IEC Defined . References ISO/IEC 17799:2005 GAP ANALYSIS . Overview . Guidance for Use . General Changes . Security Policy . Organization of Information Security . Asset Management . Human Resources Security . Physical and Environmental Security . Communications and Operations Management . Access Control . Information Systems Acquisition, Development, and Maintenance . Information Security Incident Management . Business Continuity Management . Compliance . References ANALYSIS OF ISO/IEC 17799:2005 (27002) CONTROLS SECURITY POLICY . Information Security Policy . Summary . References ORGANIZATION OF INFORMATION SECURITY . Internal Organization . External Parties . Summary . References ASSET MANAGEMENT . Responsibility for Assets . Information Classification . Summary . References HUMAN RESOURCES SECURITY . Prior to Employment . During Employment . Termination or Change of Employment . Summary . References PHYSICAL AND ENVIRONMENTAL SECURITY . Secure Areas . Equipment Security . Summary . References COMMUNICATIONS AND OPERATIONS MANAGEMENT . Operational Procedures and Responsibilities . Third-Party Service Delivery Management . System Planning and Acceptance . Protection against Malicious and Mobile Code . Backup . Network Security Management . Media Handling . Exchange of Information . Electronic Commerce Services . Monitoring . Summary . References ACCESS CONTROL . Business Requirements for Access Control . User Access Management . User Responsibilities . Network Access Control . Operating System Access Control . Application and Information Access Control . Mobile Computing and Teleworking . Summary . References INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT, AND MAINTENANCE . Security Requirements of Information Systems . Correct Processing in Applications . Cryptographic Controls . Security of System Files . Security in Development and Support Processes . Technical Vulnerability Management . Summary . References INFORMATION SECURITY INCIDENT MANAGEMENT . Reporting Information Security Events and Weaknesses . Management of Information Security Incidents and Improvements . Summary . References BUSINESS CONTINUITY MANAGEMENT . Information Security Aspects of Business Continuity Management . Summary . References COMPLIANCE . Compliance with Legal Requirements . Compliance with Security Policies and Standards, and Technical Compliance . Information Systems Audit Considerations . Summary . References APPENDIX A: ISO STANDARDS CITED IN ISO/IEC 17799:2005 APPENDIX B: GENERAL REFERENCES INDEX
Responsibility: Timothy P. Layton.
More information:

Abstract:

Presents a perspective of the ISO/IEC 17799 Information Security Standard and provides an analysis of how to effectively measure an information security program using this standard. This book  Read more...

Reviews

User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...

Tags

Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Linked Data


Primary Entity

<http://www.worldcat.org/oclc/85767153> # Information security : design, implementation, measurement, and compliance
    a schema:CreativeWork, schema:Book, schema:MediaObject ;
   library:oclcnum "85767153" ;
   library:placeOfPublication <http://id.loc.gov/vocabulary/countries/flu> ;
   library:placeOfPublication <http://experiment.worldcat.org/entity/work/data/797233052#Place/boca_raton> ; # Boca Raton
   schema:about <http://id.worldcat.org/fast/874699> ; # Confidential business information
   schema:about <http://id.worldcat.org/fast/842307> ; # Business--Data processing--Security measures
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_leadership> ; # BUSINESS & ECONOMICS--Leadership
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/protection_de_l_information_informatique> ; # Protection de l'information (Informatique)
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#CreativeWork/norme_iso_17799> ; # Norme ISO 17799.
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_organizational_development> ; # BUSINESS & ECONOMICS--Organizational Development
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_corporate_governance> ; # BUSINESS & ECONOMICS--Corporate Governance
   schema:about <http://id.worldcat.org/fast/887958> ; # Data protection
   schema:about <http://dewey.info/class/658.478/e22/> ;
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/databescherming> ; # Databescherming
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/computerbeveiliging> ; # Computerbeveiliging
   schema:about <http://id.worldcat.org/fast/872484> ; # Computer security
   schema:about <http://id.loc.gov/authorities/subjects/sh2009117958> ; # Business--Data processing--Security measures
   schema:about <http://id.loc.gov/authorities/subjects/sh95010367> ; # Business enterprises--Computer networks--Security measures
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/securite_informatique> ; # Sécurité informatique
   schema:about <http://id.worldcat.org/fast/842535> ; # Business enterprises--Computer networks--Security measures
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/informatietechnologie> ; # Informatietechnologie
   schema:about <http://id.worldcat.org/fast/1098146> ; # Risk assessment
   schema:about <http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_workplace_culture> ; # BUSINESS & ECONOMICS--Workplace Culture
   schema:bookFormat schema:EBook ;
   schema:copyrightYear "2007" ;
   schema:creator <http://viaf.org/viaf/81106722> ; # Timothy P. Layton
   schema:datePublished "2007" ;
   schema:description "Fortunately, Information Security: Design, Implementation, Measurement, and Compliance outlines a complete roadmap to successful adaptation and implementation of a security program based on the ISO/IEC 17799:2005 (27002) Code of Practice for Information Security Management. The book first describes a risk assessment model, a detailed risk assessment methodology, and an information security evaluation process. Upon this foundation, the author presents a proposed security baseline for all organizations, an executive summary of the ISO/IEC 17799 standard, and a gap analysis exposing the differenc."@en ;
   schema:exampleOfWork <http://worldcat.org/entity/work/id/797233052> ;
   schema:genre "Electronic books"@en ;
   schema:inLanguage "en" ;
   schema:isSimilarTo <http://www.worldcat.org/oclc/70129222> ;
   schema:name "Information security : design, implementation, measurement, and compliance"@en ;
   schema:productID "85767153" ;
   schema:publication <http://www.worldcat.org/title/-/oclc/85767153#PublicationEvent/boca_raton_auerbach_publications_2007> ;
   schema:publisher <http://experiment.worldcat.org/entity/work/data/797233052#Agent/auerbach_publications> ; # Auerbach Publications
   schema:url <http://catalog.hathitrust.org/api/volumes/oclc/70129222.html> ;
   schema:url <http://public.eblib.com/choice/publicfullrecord.aspx?p=267956> ;
   schema:url <http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=165213> ;
   schema:url <http://itknowledgebase.net/books/5173/au7087_fm.pdf> ;
   schema:url <http://books.google.com/books?id=NC5PAAAAMAAJ> ;
   schema:url <http://www.crcnetbase.com/isbn/9781420013412> ;
   schema:url <http://www.crcnetbase.com/isbn/9780849370878> ;
   schema:url <http://site.ebrary.com/id/10150623> ;
   schema:url <http://www.myilibrary.com?id=65164&ref=toc> ;
   schema:url <http://www.myilibrary.com?id=65164> ;
   schema:workExample <http://worldcat.org/isbn/9781420013412> ;
   wdrs:describedby <http://www.worldcat.org/title/-/oclc/85767153> ;
    .


Related Entities

<http://experiment.worldcat.org/entity/work/data/797233052#Agent/auerbach_publications> # Auerbach Publications
    a bgn:Agent ;
   schema:name "Auerbach Publications" ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_corporate_governance> # BUSINESS & ECONOMICS--Corporate Governance
    a schema:Intangible ;
   schema:name "BUSINESS & ECONOMICS--Corporate Governance"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_leadership> # BUSINESS & ECONOMICS--Leadership
    a schema:Intangible ;
   schema:name "BUSINESS & ECONOMICS--Leadership"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_organizational_development> # BUSINESS & ECONOMICS--Organizational Development
    a schema:Intangible ;
   schema:name "BUSINESS & ECONOMICS--Organizational Development"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/business_&_economics_workplace_culture> # BUSINESS & ECONOMICS--Workplace Culture
    a schema:Intangible ;
   schema:name "BUSINESS & ECONOMICS--Workplace Culture"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/computerbeveiliging> # Computerbeveiliging
    a schema:Intangible ;
   schema:name "Computerbeveiliging"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/informatietechnologie> # Informatietechnologie
    a schema:Intangible ;
   schema:name "Informatietechnologie"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/protection_de_l_information_informatique> # Protection de l'information (Informatique)
    a schema:Intangible ;
   schema:name "Protection de l'information (Informatique)"@fr ;
    .

<http://experiment.worldcat.org/entity/work/data/797233052#Topic/securite_informatique> # Sécurité informatique
    a schema:Intangible ;
   schema:name "Sécurité informatique"@fr ;
    .

<http://id.loc.gov/authorities/subjects/sh2009117958> # Business--Data processing--Security measures
    a schema:Intangible ;
   schema:name "Business--Data processing--Security measures"@en ;
    .

<http://id.loc.gov/authorities/subjects/sh95010367> # Business enterprises--Computer networks--Security measures
    a schema:Intangible ;
   schema:name "Business enterprises--Computer networks--Security measures"@en ;
    .

<http://id.worldcat.org/fast/1098146> # Risk assessment
    a schema:Intangible ;
   schema:name "Risk assessment"@en ;
    .

<http://id.worldcat.org/fast/842307> # Business--Data processing--Security measures
    a schema:Intangible ;
   schema:name "Business--Data processing--Security measures"@en ;
    .

<http://id.worldcat.org/fast/842535> # Business enterprises--Computer networks--Security measures
    a schema:Intangible ;
   schema:name "Business enterprises--Computer networks--Security measures"@en ;
    .

<http://id.worldcat.org/fast/872484> # Computer security
    a schema:Intangible ;
   schema:name "Computer security"@en ;
    .

<http://id.worldcat.org/fast/874699> # Confidential business information
    a schema:Intangible ;
   schema:name "Confidential business information"@en ;
    .

<http://id.worldcat.org/fast/887958> # Data protection
    a schema:Intangible ;
   schema:name "Data protection"@en ;
    .

<http://viaf.org/viaf/81106722> # Timothy P. Layton
    a schema:Person ;
   schema:familyName "Layton" ;
   schema:givenName "Timothy P." ;
   schema:name "Timothy P. Layton" ;
    .

<http://worldcat.org/isbn/9781420013412>
    a schema:ProductModel ;
   schema:isbn "1420013416" ;
   schema:isbn "9781420013412" ;
    .

<http://www.worldcat.org/oclc/70129222>
    a schema:CreativeWork ;
   rdfs:label "Information security." ;
   schema:description "Print version:" ;
   schema:isSimilarTo <http://www.worldcat.org/oclc/85767153> ; # Information security : design, implementation, measurement, and compliance
    .


Content-negotiable representations

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.