A practical guide to security assessments / Sudhanshu Kairab.

Format:

Book

Author/Creator:

Kairab, Sudhanshu.

Language:

English

Subjects (All):

Business--Data processing--Security measures--Evaluation.

Business.

Information technology--Security measures--Evaluation.

Information technology.

Computer networks--Security measures--Evaluation.

Computer networks.

Data protection.

Computer security.

Electronic data processing departments--Safety measures--Planning.

Electronic data processing departments.

Physical Description:

1 online resource (294 p.)

Edition:

1st edition

Other Title:

Security assessments

Place of Publication:

Boca Raton, Fla. : Auerbach Publications, c2005.

Language Note:

English

System Details:

text file

Summary:

The modern dependence upon information technology and the corresponding information security regulations and requirements force companies to evaluate the security of their core business processes, mission critical data, and supporting IT environment. Combine this with a slowdown in IT spending resulting in justifications of every purchase, and security professionals are forced to scramble to find comprehensive and effective ways to assess their environment in order to discover and prioritize vulnerabilities, and to develop cost-effective solutions that show benefit to the business.A Pr

Contents:

Book Cover; Half-Title; Title; Copyright; About the Author; Preface; Table of Contents; 1 Introduction; 2 Evolution of Information Security; 3 The Information Security Program and How a Security Assessment Fits In; 4 Planning; 5 Initial Information Gathering; 6 Business Process Evaluation; 7 Technology Evaluation; 8 Risk Analysis and Final Presentation; 9 Information Security Standards; 10 Information Security Legislation; Appendices Security Questionnaires and Checklists; Appendix A Preliminary Checklist to Gather Information

Appendix B Generic Questionnaire for Meetings with Business Process OwnersAppendix C Generic Questionnaire for Meetings with Technology Owners; Appendix D Data Classification; Appendix E Data Retention; Appendix F Backup and Recovery; Appendix G Externally Hosted Services; Appendix H Physical Security; Appendix I Employee Termination; Appendix J Incident Handling; Appendix K Business to Business (B2B); Appendix L Business to Consumer (B2C); Appendix M Change Management; Appendix N User ID Administration; Appendix O Managed Security; Appendix P Media Handling; Appendix Q HIPAA Security; Index

Notes:

Description based upon print version of record.

Includes bibliographical references and index.

ISBN:

0-429-21137-6

1-135-50031-2

1-280-16435-2

9786610164356

0-203-50723-1

9780429211379

OCLC:

437057816