skip to content
IT security risk control management : an audit preparation plan Preview this item
ClosePreview this item
Checking...

IT security risk control management : an audit preparation plan

Author: Raymond Pompon
Publisher: Berkeley, CA : Apress, ©2016.
Edition/Format:   eBook : Document : EnglishView all editions and formats
Summary:
Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking. IT Security Risk Control Management provides step-by-step guidance for IT professionals on how to craft a successful security  Read more...
Rating:

(not yet rated) 0 with reviews - Be the first.

Subjects
More like this

 

Find a copy online

Links to this item

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...

Details

Genre/Form: Electronic books
Additional Physical Format: Printed edition:
Material Type: Document, Internet resource
Document Type: Internet Resource, Computer File
All Authors / Contributors: Raymond Pompon
ISBN: 9781484221402 1484221400 1484221397 9781484221396
OCLC Number: 959149786
Notes: Includes index.
Description: 1 online resource (328 pages)
Contents: Part I: Getting a Handle on Things --
Chapter 1: Why Audit. Chapter 2: Assume Breach. Chapter 3: Risk Analysis: Assets and Impacts. Chapter 4: Risk Analysis: Natural Threats. Chapter 5: Risk Analysis: Adversarial Risk. Part II: Wrangling the Organization --
Chapter 6: Scope. Chapter 7: Governance. Chapter 8: Talking to the Suits. Chapter 9: Talking to the Techs. Chapter 10: Talking to the Users. Part III: Managing Risk with Controls --
Chapter 11: Policy. Chapter 12: Control Design. Chapter 13: Administrative Controls. Chapter 14: Vulnerability Management. Chapter 15: People Controls. Chapter 16: Logical Access Control. Chapter 17: Network Security Controls. Chapter 18: More Technical Controls. Chapter 19: Physical Security Controls. Part IV: Being Audited.-C hapter 20: Response Controls. Chapter 21: Starting the Audit. Chapter 22: Internal Audit. Chapter 23: Third Party Security. Chapter 24: Post Audit Improvement.
Responsibility: Raymond Pompon.

Abstract:

Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking. IT Security Risk Control Management provides step-by-step guidance for IT professionals on how to craft a successful security program. Readers will identify with the paradoxes of information security and discover handy tools that hook security controls into business processes, including: Building a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constant changing threats Preparing for and passing such common audits as PCI-DSS, SSAE-16, and ISO 27001. Calibrating the scope, and customizing security controls to fit into an organization culture. Implementing the most challenging processes, pointing out common pitfalls and distractions. Framing security and risk issues to be clear and actionable so that decision makers, technical personnel, and users will listen and value your advice. With IT Security Risk Control Management, you will be able to construct an information security program, from inception to audit, with enduring, practical, hands-on advice, and actionable strategies for IT professionals.

Reviews

Editorial reviews

Publisher Synopsis

"Pompon provides step-by-step guidance for successfully establishing a security management system for an organization's IT systems. ... The introduction provides a good road map to the book, and each Read more...

 
User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...

Tags

Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Linked Data


Primary Entity

<http://www.worldcat.org/oclc/959149786> # IT security risk control management : an audit preparation plan
    a schema:Book, schema:MediaObject, schema:CreativeWork ;
    library:oclcnum "959149786" ;
    library:placeOfPublication <http://id.loc.gov/vocabulary/countries/cau> ;
    library:placeOfPublication <http://experiment.worldcat.org/entity/work/data/3747857004#Place/berkeley_ca> ; # Berkeley, CA
    schema:about <http://experiment.worldcat.org/entity/work/data/3747857004#Topic/computer_security> ; # Computer security
    schema:about <http://experiment.worldcat.org/entity/work/data/3747857004#Topic/computers_security_general> ; # COMPUTERS--Security--General
    schema:about <http://dewey.info/class/005.8/e23/> ;
    schema:about <http://experiment.worldcat.org/entity/work/data/3747857004#Topic/information_technology_security_measures_management> ; # Information technology--Security measures--Management
    schema:bookFormat schema:EBook ;
    schema:copyrightYear "2016" ;
    schema:creator <http://experiment.worldcat.org/entity/work/data/3747857004#Person/pompon_raymond> ; # Raymond Pompon
    schema:datePublished "2016" ;
    schema:description "Part I: Getting a Handle on Things -- Chapter 1: Why Audit. Chapter 2: Assume Breach. Chapter 3: Risk Analysis: Assets and Impacts. Chapter 4: Risk Analysis: Natural Threats. Chapter 5: Risk Analysis: Adversarial Risk. Part II: Wrangling the Organization -- Chapter 6: Scope. Chapter 7: Governance. Chapter 8: Talking to the Suits. Chapter 9: Talking to the Techs. Chapter 10: Talking to the Users. Part III: Managing Risk with Controls -- Chapter 11: Policy. Chapter 12: Control Design. Chapter 13: Administrative Controls. Chapter 14: Vulnerability Management. Chapter 15: People Controls. Chapter 16: Logical Access Control. Chapter 17: Network Security Controls. Chapter 18: More Technical Controls. Chapter 19: Physical Security Controls. Part IV: Being Audited.-C hapter 20: Response Controls. Chapter 21: Starting the Audit. Chapter 22: Internal Audit. Chapter 23: Third Party Security. Chapter 24: Post Audit Improvement."@en ;
    schema:description "Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking. IT Security Risk Control Management provides step-by-step guidance for IT professionals on how to craft a successful security program. Readers will identify with the paradoxes of information security and discover handy tools that hook security controls into business processes, including: Building a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constant changing threats Preparing for and passing such common audits as PCI-DSS, SSAE-16, and ISO 27001. Calibrating the scope, and customizing security controls to fit into an organization culture. Implementing the most challenging processes, pointing out common pitfalls and distractions. Framing security and risk issues to be clear and actionable so that decision makers, technical personnel, and users will listen and value your advice. With IT Security Risk Control Management, you will be able to construct an information security program, from inception to audit, with enduring, practical, hands-on advice, and actionable strategies for IT professionals."@en ;
    schema:exampleOfWork <http://worldcat.org/entity/work/id/3747857004> ;
    schema:genre "Electronic books"@en ;
    schema:inLanguage "en" ;
    schema:isSimilarTo <http://worldcat.org/entity/work/data/3747857004#CreativeWork/> ;
    schema:name "IT security risk control management : an audit preparation plan"@en ;
    schema:productID "959149786" ;
    schema:publication <http://www.worldcat.org/title/-/oclc/959149786#PublicationEvent/berkeley_ca_apress_2016> ;
    schema:publisher <http://experiment.worldcat.org/entity/work/data/3747857004#Agent/apress> ; # Apress
    schema:url <http://lib.myilibrary.com?id=956022> ;
    schema:url <http://www.myilibrary.com?id=956022> ;
    schema:url <http://link.springer.com/10.1007/978-1-4842-2140-2> ;
    schema:url <http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=1287848> ;
    schema:url <http://link.springer.com/openurl?genre=book&isbn=978-1-4842-2139-6> ;
    schema:url <https://link.springer.com/openurl?genre=book&isbn=978-1-4842-2139-6> ;
    schema:url <http://proquest.safaribooksonline.com/9781484221402> ;
    schema:url <http://sfx.carli.illinois.edu/sfxwhe/sfx_local?genre=book&sid=Voyager:WHE&sfx.ignore_date_threshold=1&svc.fulltext=yes&rft.isbn=978-1-4842-2140-2> ;
    schema:url <http://public.eblib.com/choice/publicfullrecord.aspx?p=4689348> ;
    schema:url <https://grinnell.idm.oclc.org/login?url=http://link.springer.com/10.1007/978-1-4842-2140-2> ;
    schema:url <https://0-link-springer-com.pugwash.lib.warwick.ac.uk/book/10.1007/978-1-4842-2140-2> ;
    schema:url <http://www.books24x7.com/marc.asp?bookid=117566> ;
    schema:url <http://public.ebookcentral.proquest.com/choice/publicfullrecord.aspx?p=4689348> ;
    schema:url <http://dx.doi.org/10.1007/978-1-4842-2140-2> ;
    schema:workExample <http://worldcat.org/isbn/9781484221396> ;
    schema:workExample <http://dx.doi.org/10.1007/978-1-4842-2140-2> ;
    schema:workExample <http://worldcat.org/isbn/9781484221402> ;
    wdrs:describedby <http://www.worldcat.org/title/-/oclc/959149786> ;
    .


Related Entities

<http://experiment.worldcat.org/entity/work/data/3747857004#Person/pompon_raymond> # Raymond Pompon
    a schema:Person ;
    schema:familyName "Pompon" ;
    schema:givenName "Raymond" ;
    schema:name "Raymond Pompon" ;
    .

<http://experiment.worldcat.org/entity/work/data/3747857004#Topic/computer_security> # Computer security
    a schema:Intangible ;
    schema:name "Computer security"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/3747857004#Topic/computers_security_general> # COMPUTERS--Security--General
    a schema:Intangible ;
    schema:name "COMPUTERS--Security--General"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/3747857004#Topic/information_technology_security_measures_management> # Information technology--Security measures--Management
    a schema:Intangible ;
    schema:name "Information technology--Security measures--Management"@en ;
    .

<http://lib.myilibrary.com?id=956022>
    rdfs:comment "Connect to MyiLibrary resource." ;
    .

<http://worldcat.org/entity/work/data/3747857004#CreativeWork/>
    a schema:CreativeWork ;
    schema:description "Printed edition:" ;
    schema:isSimilarTo <http://www.worldcat.org/oclc/959149786> ; # IT security risk control management : an audit preparation plan
    .

<http://worldcat.org/isbn/9781484221396>
    a schema:ProductModel ;
    schema:isbn "1484221397" ;
    schema:isbn "9781484221396" ;
    .

<http://worldcat.org/isbn/9781484221402>
    a schema:ProductModel ;
    schema:isbn "1484221400" ;
    schema:isbn "9781484221402" ;
    .


Content-negotiable representations

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.