TY - BOOK AU - Raggad,Bel G. TI - Information security management: concepts and practice SN - 9781420078541 (hardcover : alk. paper) U1 - 005.8 22 PY - 2010/// CY - Boca Raton, FL PB - CRC Press/Taylor & Francis KW - Computer security KW - Management KW - Data protection N1 - "An Auerbach book."; INTRODUCTIONIntroduction to Information Security ManagementWhy Information Security MattersInformation Sensitivity ClassificationInformation Security GovernanceThe Computing EnvironmentSecurity of Various Components in the ComputingEnvironmentSecurity InterdependenceCIA TriadSecurity Goals versus Business GoalsThe Security StarParker's View of Information SecurityWhat Is Information Security Management?Defense-In-Depth SecuritySecurity ControlsThe NSA Triad for Security AssessmentIntroduction to Management ConceptsBrief History of ManagementTraditional Management Skills and Security LiteracyManagerial SkillsRedefining Mintzberg's Managerial RolesStrategic Management ConceptsIS Security Management ActivitiesDo We Really Need an Independent Information Security Functional Unit?The Information Security Management CycleIS Security Management versus Functional ManagementThe Information Security Life CycleSecurity Planning in the SLCSecurity AnalysisSecurity DesignSecurity ImplementationSecurity ReviewContinual SecuritySECURITY PLANSecurity PlanSP Development GuidelinesSP MethodologySecurity PolicySecurity Policy, Standards, and GuidelinesSecurity Policy MethodologiesBusiness Continuity PlanningBusiness DisruptionsBusiness ContinuityDisaster RecoveryResponding to Business DisruptionsDeveloping a BCPSECURITY ANALYSISSecurity Risk ManagementThe Risk Management Life CycleThe Preparation Effort for Risk ManagementA Sustainable Security CultureInformation Needed to Manage RisksFactors Affecting Security RiskThe ALE Risk MethodologyOperational, Functional, and Strategic RisksOperational Risk Management: Case of the Naval Safety CenterThe ABLE MethodologyContinual Security: Integrated Fault-Event Analysis and Response Framework (IFEAR)IFEAR MethodologyFault Tree AnalysisEvent Tree AnalysisFTA-ETA IntegrationRisk Management|Simulation and Sensitivity AnalysisActive Security AssessmentStandards for Active Security AssessmentLimits of Active Security AssessmentCan You Hack Your Own System?Ethical Hacking of a Computing EnvironmentEthics in Ethical HackingASA through Penetration TestingStrategies for Active Security AssessmentGuidelines and Terms between Testers and the OrganizationThe Active Security Assessment ProjectSystem AvailabilityComputer ClusteringReview of Cluster ConceptsTypes of ClustersWeb Site AvailabilityApplication Centers No Longer the Only Sound ImplementationComputation of Availability in High-Availability ClusterRelated Availability DefinitionsHow to Obtain Higher Availability: The Cisco Process Nines' AvailabilityCommon Configurations for ClustersSelf-Healing and AvailabilitySECURITY DESIGNNominal Security Enhancement Design Based on ISO/IEC 27002History of the ISO/IEC 27002ISO/IEC 27002How to Use the ISO/IEC 27002 to Enhance SecurityMeasurement and ImplementationsStrategies to Enhance the ISO/IEC 27002-Based Security PostureComparing the ISO/IEC 27002-Based Security Posture Enhancement StrategiesTechnical Security Enhancement Based on ISO/IEC 27001How Organizations Interact with the StandardsGeneral ISMS FrameworkThe ISMS ModelThe Process Approach Ensures the Continual Improvement of the ISMSDevelopment of the Information Security Management SystemDesign of the ISMSSecurity Inventory NeedsThe Integration of ISMS SubsystemsSelf-Assessment for ComplianceRevisiting ISMS ScopingSECURITY IMPLEMENTATIONSecurity SolutionsSecurity SolutionsThe NIST Security Solution TaxonomyThe ISO Security Solution TaxonomyThe Common CriteriaThe Birth of the Common CriteriaCommon Uses of the CCThe CC DocumentThe CC Security ApproachInformation Resource Evaluation MethodologyCC Security Evaluation ProgramsThe American Model of CC Evaluation ProgramsA National ModelSome Other CC Evaluation RequirementsMinicaseSECURITY REVIEWSecurity Review through Security AuditSecurity Audit Means Different Things to Different PeopleSome Security Audit ActivitiesOur Definition of Security AuditMain Features in Security AuditApplication AuditHow Does Security Audit Relate to the Corporate Security Policy?Structure of a Security AuditSecurity Audit versus IT AuditingApplicable Security-Related StandardsSecurity Audit GradesPrivacy Rights, Information Technology, and HIPAAThe Problem of PrivacyThe Meaning of PrivacyHIPAARegulatory Standards: The Privacy RuleThe HIPAA Security RuleAdministrative SafeguardsNIST on HIPAAConducting Effective Risk AnalysisCONTINUAL SECURITYThe Sarbanes-Oxley Act and IT ComplianceMethods of Doing BusinessBackground of the SarbanesOxley ActSarbanesOxley Act of 2002Major Provisions of SOManagement Assessment of Internal Controls and ITComplianceIT ComplianceInternational ResponsesAdvantages to SOX ComplianceForeign Whistleblowers and SOXReconciling SOX and European Conflicting StandardsEU Corporate Governance Initiatives E.U.'s Eighth DirectivePlanning IT Management for SOX: Delayed SOX ImpactCyberterrorism and Homeland SecuritySecurity Economic IntelligenceHomeland SecurityCyberterrorism in the LiteratureCyberterrorism in the Real World: The FBI PerspectiveU.S. Legislative Enactments and Proposed ProgramsU.S. Criminal Statutes Affecting the InternetStatutes and Executive Orders Concerned with CyberterrorismInternational InitiativesIndividual European State Approaches to Security and CounterterrorismOther International EffortsIndexEach chapter begins with an Introduction and concludes with a Summary, Review Questions, Workshops, and References ER -