Adaptive Security Management Architecture: 1st Edition (Hardback) book cover

Adaptive Security Management Architecture

1st Edition

By James S. Tiller

Auerbach Publications

482 pages | 33 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9780849370526
pub: 2010-11-17
SAVE ~$20.00
$100.00
$80.00
x
eBook (VitalSource) : 9780429119095
pub: 2010-11-17
from $37.48


FREE Standard Shipping!

Description

For an organization to function effectively, its security controls must not be so restrictive that the business is denied the ability to be innovative and flexible. But increasingly pervasive threats mandate vigilance in unlikely areas. Adaptive Security Management Architecture enables security professionals to structure the best program designed to meet the complex needs of an entire organization, taking into account the organization’s business goals as well as the surrounding controls, processes, and units already in existence.

Security aligned with business needs

Introducing the concept of Adaptive Security Management Architecture (ASMA), the book explains how an organization can develop an adaptive security program closely aligned to business needs, making it an enabling force that helps the organization achieve its goals and objectives. Describing how to achieve this adaptability, the book cites several examples and concepts to demonstrate aspects of managing change. It presents the end product of a successful security management system and examines the finer points of how it can be accomplished.

Risk management and governance

The book explores the security and business attributes that must be considered in the development of services and discusses the importance of consistency of management of services. In a section on risk management, the author explains how this important component is directly integrated with the ASMA model. He also discusses the critical element of governance and its importance to demonstrating value and ensuring effective adaptation. Lastly, the book examines how proper organizational management can give the executive and leadership team the necessary oversight to ensure the entire security program meets stated expectations. It also describes the capability maturity model, which ensures that all the co-dependent features of the program are managed with a common approach, thus ensuring that the organization and its security program function as a unified, cohesive system.

Reviews

… readers of the book, have a great chance to learn professional structures and program designs … . This book can be recommended for researchers and university students in information security systems. Also, engineers, security system designers, and developers will find in it interesting and useful … .

—Nicholas Sklavos, in Greece IEEE, April 2011, Vol. 2, No. 2

Table of Contents

Introduction

Security and Business

Why a New Architecture?

The Conflict of Change

The Four Influencers

Now Is the Time

Adaptive Security Management Architecture Overview

The Interconnects

About the Book

Achieving Adaptability

Security Adaptation

Compensating Controls Theory

The Depth and Granularity of Security

The Commonality of Security

Adaptability and Services

Exploiting Adaptability

Defining Security Services

Service Characteristics

Services Management

Management Structure

Service Coordination

Service Planning

Delivery Management

Closeout

Measurements

Risk Management

Risk Management as a Feature

Risk as Communications

Role of Risk Management

Rapid Risk Assessment

Compliance Management

Adaptive Architecture Compliance

Corporate Compliance

Governance

Governance Observation and Communications

Governance Influence

Operational Characteristics of Governance

Organizational Management

Organizational Structure

Defining the Customer

Service Catalog and Life Cycle Management

Security Functions

Security Personnel Training

Capability Maturity Management

Expectations and Results

Assessing Capability Maturity

Management

Adaptive Architecture Capability Maturity Model

Conclusion

Index

About the Author

  • Presents IT security status using managerial measures of performance such as balanced scorecards
  • Shows how the security of IT relates to risk business analysis
  • Demonstrates how to align the practices of each facet of business so they work together using the same strategies
  • Describes how the facets of a secure IT system are related to the security of suppliers and customers
  • Subject Categories

    BISAC Subject Codes/Headings:
    BUS073000
    BUSINESS & ECONOMICS / Commerce
    COM032000
    COMPUTERS / Information Technology
    COM053000
    COMPUTERS / Security / General