Everything you need to know about information security programs and policies, in one book Clearly explains all facets of InfoSec program and policy planning, development, deployment, and management Thoroughly updated for todayas challenges, laws, regulations, and best practices The perfect resource for anyone pursuing an information security management career Ai In todayas dangerous world, failures in information security can be catastrophic. Organizations must protect themselves. Protection begins with comprehensive, realistic policies. This up-to-date guide will help you create, deploy, and manage them. Complete and easy to understand, it explains key concepts and techniques through real-life examples. Youall master modern information security regulations and frameworks, and learn specific best-practice policies for key industry sectors, including finance, healthcare, online commerce, and small business. Ai If you understand basic information security, youare ready to succeed with this book. Youall find projects, questions, exercises, examples, links to valuable easy-to-adapt information security policies...everything you need to implement a successful information security program. Ai Learn how to AmAiAiAiAiAiAiAiAi Establish program objectives, elements, domains, and governance AmAiAiAiAiAiAiAiAi Understand policies, standards, procedures, guidelines, and plansaand the differences among them AmAiAiAiAiAiAiAiAi Write policies in aplain language, a with the right level of detail AmAiAiAiAiAiAiAiAi Apply the Confidentiality, Integrity a Availability (CIA) security model AmAiAiAiAiAiAiAiAi Use NIST resources and ISO/IEC 27000-series standards AmAiAiAiAiAiAiAiAi Align security with business strategy AmAiAiAiAiAiAiAiAi Define, inventory, and classify your information and systems AmAiAiAiAiAiAiAiAi Systematically identify, prioritize, and manage InfoSec risks AmAiAiAiAiAiAiAiAi Reduce apeople-relateda risks with role-based Security Education, Awareness, and Training (SETA) AmAiAiAiAiAiAiAiAi Implement effective physical, environmental, communications, and operational security AmAiAiAiAiAiAiAiAi Effectively manage access control AmAiAiAiAiAiAiAiAi Secure the entire system development lifecycle AmAiAiAiAiAiAiAiAi Respond to incidents and ensure continuity of operations AmAiAiAiAiAiAiAiAi Comply with laws and regulations, including GLBA, HIPAA/HITECH, FISMA, state data security and notification rules, and PCI DSS Aidistribution, 568 incident detection/reporting, 573 Internet, 572 messaging, 571 mobile devices, 572 password controls, 570 remote ... 283 importance, 282 monitoring, 284-285 policy statement, 282 Yahoo! password compromise, 267, 297 accidents, 371 accountability, ... accounting, 71 acquisition/development phase (SDLC), 302 Active Directory domain controller recovery procedure, accounting 575.
|Title||:||Security Program and Policies|
|Publisher||:||Pearson IT Certification - 2014-03-20|