Information Security Management Principles – Third Edition

SKU: 5522

Authors: Andy Taylor, David Alexander, Amanda Finch and David Sutton
Publishers: BCS

Format: Softcover
ISBN13: 9781780175188
Pages: 268
Published: 31 Jan 2020
Availability: Available now

This guide from the BCS (British Computer Society (BCS) offers a practical guide to information assurance for both business professionals and technical experts.

The third edition has been updated to reflect changes in the IT security landscape and updates to the BCS Certification in Information Security Management Principles, which this book supports.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our service centre team on +44 (0)333 800 7000.

Price: £39.99

Description

Information is one of the currencies of today’s society. As access to fast, reliable data at work and at home becomes increasingly essential for day-to-day operations, new risks emerge that threaten the very information that enables businesses and helps society to function.

By focusing on the three main areas of information assurance – confidentiality, integrity and availability – this book gives you the skills to identify information security threats and protect yourself and your business against them.

Why read this book?

Understand information threats and vulnerabilities, and implement countermeasures.
Manage emerging risks to your data.
Learn information assurance best practice from experienced authors.
Supports the BCS Certification in Information Security Management Principles.

Full contents

1.INFORMATION SECURITY PRINCIPLES

Concepts and definitions
The need for, and benefits of information security
Sample questions

2. INFORMATION RISK

Threats to, and vulnerabilities in information systems
Risk management
Sample questions
References and further reading

3. INFORMATION SECURITY FRAMEWORK

Organisation and responsibilities
Organisational policy, standards and procedures
Information security governance
Information assurance programme implementation
Security incident management
Legal framework
Security standards and procedures
Sample questions
References

4. SECURITY LIFECYCLES

The information lifecycle
Testing, audit and review
Systems development and support
Sample questions
Reference

5. PROCEDURAL AND PEOPLE SECURITY CONTROLS

General controls
People security
User access controls
Training and awareness
Sample questions

6. TECHNICAL SECURITY CONTROLS

Technical security
Protection from malicious software
Networks and communications
Operational technology
External services
Cloud computing
IT infrastructure
Sample questions

7. PHYSICAL AND ENVIRONMENTAL SECURITY

Physical security
Different uses of controls
Sample questions

8. DISASTER RECOVERY AND BUSINESS CONTINUITY MANAGEMENT

Relationship between DR/BCP, risk assessment and impact analysis
Resilience and redundancy
Approaches to writing plans and implementing plans
The need for documentation, maintenance and testing
The need for links to managed service provision and outsourcing
The need for secure off-site storage of vital material
The need to involve personnel, suppliers and IT systems providers
Relationship with security incident management
Compliance with standards
Sample questions

9. OTHER TECHNICAL ASPECTS

Investigations and forensics
Role of cryptography
Threat intelligence
Conclusion
Sample questions
References and further reading

APPENDIX A

Activity solution pointers
Sample question answers
Glossary

Customer Reviews

Please login to your account to leave a review.