Download PDF Information Security Fundamentals Second Edition by Peltier Thomas R

Sinopsis

The purpose of information security is to protect an organization’s valuable resources, such as information, computer hardware, and software. Through the selection and application of appropriate safeguards, security helps an organization’s mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets. To many, security is sometimes viewed as thwarting the business objectives of an organization by imposing poorly selected, bothersome rules and procedures on users, managers, and systems. Well-chosen security rules and procedures do not exist for their own sake—they are put in place to protect important assets and thereby support the overall business objectives.

Developing an information security program that adheres to the principle of security as a business enabler is the first step in an enterprise’s effort to build an effective security program. Organizations must continually (1) explore and assess information security risks to business operations; (2) determine what policies, standards, and controls are worth implementing to reduce these risks; (3) promote awareness and understanding among the staff; and (4) assess compliance and control effectiveness. As with other types of internal controls, this is a cycle of activity, not an exercise with a defined beginning and end.

This book has been designed to give the information security professional a solid understanding of the fundamentals of security and the entire range of issues the practitioner must address. We hope that you will be able to take the key elements that comprise a successful information security program and implement the concepts into your own successful program. Each chapter has been written by a different author

Content

1. Developing Policies
2. Organization of Information
3. Cryptology
4. Risk Management: The Facilitated Risk Analysis and Assessment Process
5. Building and Maintaining an Effective Security Awareness Program
6. Physical Security
7. Disaster Recovery and Business Continuity Planning
8. Continuity of Operations Planning
9. Access Controls
10. Information System Development, Acquisition, and Maintenance
11. Information Security Incident Management
12. Asset Classification
13. Threats to Information Security.
14. Information Security Policies: A Practitioner’s View

Click here to download