Security practitioners must be able to build a cost-effective security program while at the same time meet the requirements of government regulations. This book lays out these regulations in simple terms and explains how to use the control frameworks to build an effective information security program and governance structure. It discusses how organizations can best ensure that the information is protected and examines all positions from the board of directors to the end user, delineating the role each plays in protecting the security of the organization.

chapter 1|10 pages

Getting Information Security Right

Top to Bottom
Size: 0.65 MB

chapter 2|26 pages

Developing Information Security Strategy

Size: 1.53 MB
Size: 0.35 MB

chapter 4|41 pages

Interacting with the C-Suite

Size: 0.33 MB

chapter 5|19 pages

Managing Risk to an Acceptable Level

Size: 0.36 MB
Size: 0.27 MB
Size: 0.25 MB

chapter 8|27 pages

Managerial Controls

Practical Security Considerations
Size: 0.35 MB

chapter 9|26 pages

Technical Controls

Practical Security Considerations
Size: 0.23 MB

chapter 10|38 pages

Operational Controls

Practical Security Considerations
Size: 0.26 MB

chapter 11|28 pages

The Auditors Have Arrived, Now What?

Size: 0.41 MB

chapter 12|31 pages

Effective Security Communications

Size: 0.27 MB

chapter 13|15 pages

The Law and Information Security

Size: 0.39 MB

chapter 14|15 pages

Learning from Information Security Incidents

Size: 0.19 MB
Size: 0.17 MB