Actions for Information protection playbook

Email RIS file
Bookmark
Report an Issue

Information protection playbook / edited by Greg Kane, Lorna Koppel

Published
Kidlington, Oxford : Elsevier, 2013.
Physical Description
1 online resource
Additional Creators
Kane, Greg and Koppel, Lorna
Access Online

Availability

I Want It
I Want It

Finding items...

Contents
Machine generated contents note: ch. 1 Information Protection Function One: Governance -- Implementation One Strategic Management -- Implementation Two Reporting and Communication -- Implementation Three Policies -- Implementation Four Regulations and Compliance Management -- Implementation Five Roles and Responsibilities -- Implementation Six Procedures and Guidelines -- Implementation Seven Portfolio Management -- Governance Improvement -- Additional Information -- ch. 2 Information Protection Function Two: Program Planning -- Baselines, Standards, Procedures, and Guidelines -- Accountability and Resources -- Metrics -- For More Information -- ch. 3 Information Protection Function Three: Risk Management -- Risk Assessment -- Risk Communication Procedure -- Risk Management Methodologies -- For More Information -- ch. 4 Information Protection Function Four: Incident Response Management -- Process -- Plans, Exercises, Activation, Documentation, and Improvement -- For More Information -- ch. 5 Information Protection Function Five: Program Administration -- Compliance -- Metrics -- Change Management -- Awareness -- Key Points -- For More Information.
Summary
The primary goal of the Information Protection Playbook is to serve as a comprehensive resource for information protection (IP) professionals who must provide adequate information security at a reasonable cost. It emphasizes a holistic view of IP: one that protects the applications, systems, and networks that deliver business information from failures of confidentiality, integrity, availability, trust and accountability, and privacy. Using the guidelines provided in the Information Protection Playbook, security and information technology (IT) managers will learn how to implement the five functions of an IP framework: governance, program planning, risk management, incident response management, and program administration. These functions are based on a model promoted by the Information Systems Audit and Control Association (ISACA) and validated by thousands of Certified Information Security Managers. The five functions are further broken down into a series of objectives or milestones to be achieved in order to implement an IP framework. The extensive appendices included at the end of the book make for an excellent resource for the security or IT manager building an IP program from the ground up. They include, for example, a board of directors presentation complete with sample slides; an IP policy document checklist; a risk prioritization procedure matrix, which illustrates how to classify a threat based on a scale of high, medium, and low; a facility management self-assessment questionnaire; and a list of representative job descriptions for roles in IP. Emphasizes information protection guidelines that are driven by business objectives, laws, regulations, and industry standardsDraws from successful practices in global organizations, benchmarking, advice from a variety of subject-matter experts, and feedback from the organizations involved with the Security Executive CouncilIncludes 11 appendices full of the sample checklists, matrices, and forms that are discussed in the book.
Subject(s)
ISBN
9780124172326 (electronic bk.)
0124172326 (electronic bk.)
Note
AVAILABLE ONLINE TO AUTHORIZED PSU USERS.
View MARC record | catkey: 11930106