The new emphasis on physical security resulting from the terrorist threat has forced many information security professionals to struggle to maintain their organization's focus on protecting information assets. In order to command attention, they need to emphasize the broader role of information security in the strategy of their companies. Until now, however, most books about strategy and planning have focused on the production side of the business, rather than operations.
Strategic Information Security integrates the importance of sound security policy with the strategic goals of an organization. It provides IT professionals and management with insight into the issues surrounding the goals of protecting valuable information assets. This text reiterates that an effective information security program relies on more than policies or hardware and software, instead it hinges on having a mindset that security is a core part of the business and not just an afterthought.
Armed with the content contained in this book, security specialists can redirect the discussion of security towards the terms and concepts that management understands. This increases the likelihood of obtaining the funding and managerial support that is needed to build and maintain airtight security programs.
Table of Contents
Introduction to Strategic Information Security. ORGANIZATIONAL ISSUES. The Life Cycle of Security Managers. Chief Security Officer or Chief Information Security Officer. RISK MANAGEMENT TOPICS. Information Security and Risk Management. Establishing Information Ownership. The Network as the Enterprise Database. Risk Reduction Strategies. Improving Security from the Bottom Up: Moving Toward a New Way of Enforcing Security Policy. Authentication Models and Strategies. INFORMATION SECURITY PRINCIPLES AND PRACTICES. Single Sign-On Security. Crisis Management: A Strategic Viewpoint. Business Continuity Planning. Security Monitoring: Advanced Security Management. Auditing and Testing a Strategic Control Process. Outsourcing Security: Strategic Management Issues. Final Thoughts on Strategic Security.