The Executive MBA in Information Security: 1st Edition (e-Book) book cover

The Executive MBA in Information Security

1st Edition

By Jr., John J. Trinckes

CRC Press

352 pages

Purchasing Options:$ = USD
Hardback: 9781439810071
pub: 2009-10-09
SAVE ~$16.79
$83.95
$67.16
x
eBook (VitalSource) : 9780429133886
pub: 2009-10-09
from $41.98


FREE Standard Shipping!

Description

According to the Brookings Institute, an organization's information and other intangible assets account for over 80 percent of its market value. As the primary sponsors and implementers of information security programs, it is essential for those in key leadership positions to possess a solid understanding of the constantly evolving fundamental conc

Table of Contents

Information Security Management Overview. What is Information Security? Responsibilities. Organization. Functions. Ideal Traits of an Information Security Professional. Certification Requirements. Recruiting. Screening. Interviewing. Reference Checks. Retention. Trust and Loyalty. Why is Information Security Important? Information Security Concepts. Interrelationship between Regulations, Policies, Standards, Procedures, and Guidelines. Regulations. Sarbanes-Oxley Act of 2002. The Gramm-Leach-Bliley Act (GLBA). The Health Insurance Portability and Accountability Act (HIPAA). Federal Financial Institutions Examination Council (FFIEC). Payment Card Industry (PCI) Data Security Standard (DSS). Common Elements of Compliance. Security Controls. Industry Best Practice Guidelines. Information Security for Executives Page 2. Standards. Measurement Techniques. Control Objectives for Information and Related Technology (COBIT). ISO 27002 Overview. Capability Maturity Model (CMM). Generally Accepted Information Security Principles (GAISP). Common Pitfalls to an Effective Information Security Program. Overconfidence. Optimism. Anchoring. The Status Quo Bias. Mental Accounting. The Herding Instinct. False Consensus. Defense in Depth. Risk Management. Step 1 - System Characterization. Step 2 - Threat Identification Human Threats. Environmental Threats. Software/Hardware Threats. Regulatory Threats. Emerging Threats. Threat Source References. Step 3 - Vulnerability Identification and Categorization. Step 4 - Control Analysis. Step 5 - Likelihood Rating. Step 6 - Impact Rating - Pre-mitigation Traceability Matrix Development. Loss of Confidentiality, Integrity, Availability Risk Mitigated, Residual Risk, and Adjusted Impact Rating. Step 7 - Risk Determination Impact Rating - Post Mitigation Effort Matrix. Step 8 - Recommendations. Technical Evaluation Plan (TEP). Methodology Overview. Port Scanning. SNMP Scanning. Enumeration and Banner Grabbing. Wireless Enumeration. Vulnerabilit

Subject Categories

BISAC Subject Codes/Headings:
BUS073000
BUSINESS & ECONOMICS / Commerce
COM032000
COMPUTERS / Information Technology
COM053000
COMPUTERS / Security / General