Skip to Main Content
Learn for Less – Enhance your auditing expertise today. Certify with confidence and save 25%. Find out more
Information Security Management Principles – Third Edition

Information Security Management Principles – Third Edition

SKU: 5522
Authors: Andy Taylor, David Alexander, Amanda Finch and David Sutton
Publishers: BCS
Format: Softcover
ISBN13: 9781780175188
Pages: 268
Published: 31 Jan 2020
Availability: Available now

This guide from the BCS (British Computer Society (BCS) offers a practical guide to information assurance for both business professionals and technical experts.

The third edition has been updated to reflect changes in the IT security landscape and updates to the BCS Certification in Information Security Management Principles, which this book supports.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our service centre team on +44 (0)333 800 7000.

Price: £39.99
Description

Information is one of the currencies of today’s society. As access to fast, reliable data at work and at home becomes increasingly essential for day-to-day operations, new risks emerge that threaten the very information that enables businesses and helps society to function.

By focusing on the three main areas of information assurance – confidentiality, integrity and availability – this book gives you the skills to identify information security threats and protect yourself and your business against them.


Why read this book?

  • Understand information threats and vulnerabilities, and implement countermeasures.
  • Manage emerging risks to your data.
  • Learn information assurance best practice from experienced authors.
  • Supports the BCS Certification in Information Security Management Principles.

Full contents

1.INFORMATION SECURITY PRINCIPLES

  • Concepts and definitions
  • The need for, and benefits of information security
  • Sample questions

2. INFORMATION RISK

  • Threats to, and vulnerabilities in information systems
  • Risk management
  • Sample questions
  • References and further reading

3. INFORMATION SECURITY FRAMEWORK

  • Organisation and responsibilities
  • Organisational policy, standards and procedures
  • Information security governance
  • Information assurance programme implementation
  • Security incident management
  • Legal framework
  • Security standards and procedures
  • Sample questions
  • References

4. SECURITY LIFECYCLES

  • The information lifecycle
  • Testing, audit and review
  • Systems development and support
  • Sample questions
  • Reference

5. PROCEDURAL AND PEOPLE SECURITY CONTROLS

  • General controls
  • People security
  • User access controls
  • Training and awareness
  • Sample questions

6. TECHNICAL SECURITY CONTROLS

  • Technical security
  • Protection from malicious software
  • Networks and communications
  • Operational technology
  • External services
  • Cloud computing
  • IT infrastructure
  • Sample questions

7. PHYSICAL AND ENVIRONMENTAL SECURITY

  • Physical security
  • Different uses of controls
  • Sample questions

8. DISASTER RECOVERY AND BUSINESS CONTINUITY MANAGEMENT

  • Relationship between DR/BCP, risk assessment and impact analysis
  • Resilience and redundancy
  • Approaches to writing plans and implementing plans
  • The need for documentation, maintenance and testing
  • The need for links to managed service provision and outsourcing
  • The need for secure off-site storage of vital material
  • The need to involve personnel, suppliers and IT systems providers
  • Relationship with security incident management
  • Compliance with standards
  • Sample questions

9. OTHER TECHNICAL ASPECTS

  • Investigations and forensics
  • Role of cryptography
  • Threat intelligence
  • Conclusion
  • Sample questions
  • References and further reading

APPENDIX A

  • Activity solution pointers
  • Sample question answers
  • Glossary

Customer Reviews

LEARN
FOR LESS
SAVE 25%
Loading...