Information Security Cost Management: 1st Edition (Hardback) book cover

Information Security Cost Management

1st Edition

By Ioana V. Bazavan, Ian Lim

Auerbach Publications

255 pages | 13 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9780849392757
pub: 2006-08-30
SAVE ~$19.50
Currently out of stock
$130.00
$110.50
x
eBook (VitalSource) : 9780429115837
pub: 2006-08-30
from $28.98


FREE Standard Shipping!

Description

While information security is an ever-present challenge for all types of organizations today, most focus on providing security without addressing the necessities of staff, time, or budget in a practical manner.

Information Security Cost Management offers a pragmatic approach to implementing information security, taking budgetary and real-world constraints into consideration. By providing frameworks, step-by-step processes, and project management breakdowns, this book demonstrates how to design the best security strategy with the resources you have available.

Organized into five sections, the book-

  • Focuses on setting the right road map so that you can be most effective in your information security implementations

  • Discusses cost-effective staffing, the single biggest expense to the security organization

  • Presents practical ways to build and manage the documentation that details strategy, provides resources for operating annual audits, and illustrates how to advertise accomplishments to senior management effectively

  • Identifies high-risk areas, focusing limited resources on the most imminent and severe threats

  • Describes how to manage the key access controls when faced with manual user management, how to automate user management tasks in a cost effective manner, and how to deal with security breaches

    Demonstrating strategies to maximize a limited security budget without compromising the quality of risk management initiatives, Information Security Cost Management helps you save your organization time and money. It provides the tools required to implement policies, processes, and training that are crucial to the success of a company's security.

  • Table of Contents

    SECTION 1: SECURITY STRATEGY-THINKING PRACTICALLY

    Goals and Filters

    You Cannot Secure Everything. What Is Information Security? The Three Pragmatic Filters. Filter One: Focus on High-Risk Areas. Eye on the Ball. References

    Building Your Strategy

    Creating a Risk-Based Security Strategy. Creating and Showing Value

    High-Impact Initiatives. Taking the Next Steps. Reference

    SECTION 2: SECURITY ORGANIZATION DESIGN-

    COST-EFFECTIVE STAFFING

    The Right People for the Right Jobs

    Introduction. The Essentials of a Security Organization. Security Functions. Security Roles. Start at the Top-CISO. Supporting the CISO-Security Management. Technical Heavyweights-Security Architect and Security Engineers. Process Excellence-Security Analysts and Security Specialists. Operational Maturity-the Key to Successful Security. Looking at the Bigger Picture-Positioning

    Information Security. What about Physical Security?

    Sourcing Solutions

    Reducing Costs for Routine Tasks. Insourcing versus Outsourcing. Onshoring versus Offshoring. Common Considerations

    SECTION 3: SECURITY MANAGEMENT-EFFECTIVELY ENFORCING YOUR STRATEGY

    Policies, Standards, and Procedures

    Introduction. Terminology Primer. Organizational Tips. Managing Exceptions. A Question of Authority

    Training and Awareness

    Introduction. Determine Your Key Messages and Target Audiences. Create an Awareness Road Map. Keep it Creative, Simple, and Loud

    Maximize Channels of Communication. Use Positive Reinforcement

    Be Opportunistic. Make Awareness Everyone's Responsibility

    Cost-Effective Audit Management

    Introduction. Step 1-Set Expectations. Step 2-Prepare Your Workspace. Step 3-Document, Document, Document. Winning "Comfort" Points

    Reporting Your Value

    Introduction. How to Make Reports Relevant. How to Make Reports Consistent. How to Make Reports Comprehensible

    SECTION 4: SECURITY TECHNOLOGIES-ESTABLISHING A SOUND FOUNDATION

    Risk Assessment

    Introduction: The Truth about Risk Assessments. Strategy for Conducting Annual Internal. Risk Assessments. Tactical Perspective for Security Assessment. Remediation Strategy

    Security Design Review

    Introduction. The Analysis Phase. The Requirements Phase. Define Information Protection Requirements. The Design Phase. The Build and Test Phases. The Deployment Phase. The Postproduction Phase.

    Exploit Protection

    What Is Exploit Protection? Security Incidents and the Business. Loss of Information Assets. Disruptions to the Business. Anatomy of Security Threats. Outsider Threat. Insider Threats. Automated Attacks. Cost Management and Exploit ProtectionExploit Protection and Security Operations. References

    SECTION 5: SECURITY OPERATIONS-MAINTAINING

    SECURITY EFFICIENTLY

    Identity and Access Management

    Introduction. The Big Picture. Key Control Points. Implementation Problems and Pitfalls. Making User Management Operational in its Current State. Getting Off to the Right Start-Approvals. Keeping it Clean-Terminations. Managing the User's Life Cycle-Transfers. Mitigating Control-User Recertification. Monitor Solutions. What about Nonuser Accounts? Summary

    Cost-Effective Incident Response

    Introduction. The Price of Not Planning. Start with Objectives. Assembling the CSIRT. The Big Picture. The Frontline. Initial Response Team (IRT)-the Primary Experts. Executive Incident Team (EIT)-the Decision Makers. Responders-the Recovery Experts. Investigators-the Root Cause Analysts. Postmortem of an Incident. Recap of the Incident Response Process.

    Subject Categories

    BISAC Subject Codes/Headings:
    BUS073000
    BUSINESS & ECONOMICS / Commerce
    COM032000
    COMPUTERS / Information Technology
    COM053000
    COMPUTERS / Security / General