1
1
IT Governance

IT Governance

Höfundur Alan Calder; Steve Watkins

Útgefandi Kogan Page

Snið ePub

Print ISBN 9780749496951

Útgáfa 7

Útgáfuár 2020

8.890 kr.

Description

Efnisyfirlit

  • Cover
  • Halftitle Page
  • Title Page
  • Table of Contents
  • About the author
  • Introduction
  • The information economy
  • What is IT governance?
  • Information security
  • 01 Why is information security necessary?
  • The nature of information security threats
  • Information insecurity
  • Impacts of information security threats
  • Cybercrime
  • Cyberwar
  • Advanced persistent threat
  • Future risks
  • Legislation
  • Benefits of an information security management system
  • 02 The Corporate Governance Code, the FRC Risk Guidance and Sarbanes–Oxley
  • The Combined Code
  • The Turnbull Report
  • The Corporate Governance Code
  • Sarbanes–Oxley
  • Enterprise risk management
  • Regulatory compliance
  • IT governance
  • 03 ISO27001
  • Benefits of certification
  • The history of ISO27001 and ISO27002
  • The ISO/IEC 27000 series of standards
  • Use of the standard
  • ISO/IEC 27002
  • Continual improvement, Plan–Do–Check–Act, and process approach
  • Structured approach to implementation
  • Management system integration
  • Documentation
  • Continual improvement and metrics
  • 04 Organizing information security
  • Internal organization
  • Management review
  • The information security manager
  • The cross-functional management forum
  • The ISO27001 project group
  • Specialist information security advice
  • Segregation of duties
  • Contact with special interest groups
  • Contact with authorities
  • Information security in project management
  • Independent review of information security
  • Summary
  • 05 Information security policy and scope
  • Context of the organization
  • Information security policy
  • A policy statement
  • Costs and the monitoring of progress
  • 06 The risk assessment and Statement of Applicability
  • Establishing security requirements
  • Risks, impacts and risk management
  • Cyber Essentials
  • Selection of controls and Statement of Applicability
  • Statement of Applicability Example
  • Gap analysis
  • Risk assessment tools
  • Risk treatment plan
  • Measures of effectiveness
  • 07 Mobile devices
  • Mobile devices and teleworking
  • Teleworking
  • 08 Human resources security
  • Job descriptions and competency requirements
  • Screening
  • Terms and conditions of employment
  • During employment
  • Disciplinary process
  • Termination or change of employment
  • 09 Asset management
  • Asset owners
  • Inventory
  • Acceptable use of assets
  • Information classification
  • Unified classification markings
  • Government classification markings
  • Information lifecycle
  • Information labelling and handling
  • Non-disclosure agreements and trusted partners
  • 10 Media handling
  • Physical media in transit
  • 11 Access control
  • Hackers
  • Hacker techniques
  • System configuration
  • Access control policy
  • Network Access Control
  • 12 User access management
  • User access provisioning
  • 13 System and application access control
  • Secure log-on procedures
  • Password management system
  • Use of privileged utility programs
  • Access control to program source code
  • 14 Cryptography
  • Encryption
  • Public key infrastructure
  • Digital signatures
  • Non-repudiation services
  • Key management
  • 15 Physical and environmental security
  • Secure areas
  • Delivery and loading areas
  • 16 Equipment security
  • Equipment siting and protection
  • Supporting utilities
  • Cabling security
  • Equipment maintenance
  • Removal of assets
  • Security of equipment and assets off-premises
  • Secure disposal or reuse of equipment
  • Clear desk and clear screen policy
  • 17 Operations security
  • Documented operating procedures
  • Change management
  • Separation of development, testing and operational environments
  • Back-up
  • 18 Controls against malicious software (malware)
  • Viruses, worms, Trojans and rootkits
  • Spyware
  • Anti-malware software
  • Hoax messages and Ransomware
  • Phishing and pharming
  • Anti-malware controls
  • Airborne viruses
  • Technical vulnerability management
  • Information Systems Audits
  • 19 Communications management
  • Network security management
  • 20 Exchanges of information
  • Information transfer policies and procedures
  • Agreements on information transfers
  • E-mail and social media
  • Security risks in e-mail
  • Spam
  • Misuse of the internet
  • Internet acceptable use policy
  • Social media
  • 21 System acquisition, development and maintenance
  • Security requirements analysis and specification
  • Securing application services on public networks
  • E-commerce issues
  • Security technologies
  • Server security
  • Server virtualization
  • Protecting application services transactions
  • 22 Development and support processes
  • Secure development policy
  • Secure systems engineering principles
  • Secure development environment
  • Security and acceptance testing
  • 23 Supplier relationships
  • Information security policy for supplier relationships
  • Addressing security within supplier agreements
  • ICT supply chain
  • Monitoring and review of supplier services
  • Managing changes to supplier services
  • 24 Monitoring and information security incident management
  • Logging and monitoring
  • Information security events and incidents
  • Incident management – responsibilities and procedures
  • Reporting information security events
  • Reporting software malfunctions
  • Assessment of and decision on information security events
  • Response to information security incidents
  • Legal admissibility
  • 25 Business and information security continuity management
  • ISO22301
  • The business continuity management process
  • Business continuity and risk assessment
  • Developing and implementing continuity plans
  • Business continuity planning framework
  • Testing, maintaining and reassessing business continuity plans
  • Information security continuity
  • 26 Compliance
  • Identification of applicable legislation
  • Intellectual property rights
  • Protection of organizational records
  • Privacy and protection of personally identifiable information
  • Regulation of cryptographic controls
  • Compliance with security policies and standards
  • Information systems audit considerations
  • 27 The ISO27001 audit
  • Selection of auditors
  • Initial audit
  • Preparation for audit
  • Terminology
  • Appendix 1: Useful websites
  • IT Governance Ltd
  • ISO27001 certification-related organizations
  • Microsoft
  • Information security
  • Appendix 2: Further reading
  • ISO27000 family of standards includes:
  • Books
  • Toolkits
  • Index
  • Copyright
Show More

Additional information

Veldu vöru

Rafbók til eignar

Aðrar vörur

Related products

Bókakaup sérhæfir sig í þjónustu og sölu á rafbókum til nemenda á Íslandi.

Bókakaup

Um okkur

Skráðu þig á póstlistann okkar

1
    1
    Karfan þín
    Archaeological Situations
    Archaeological Situations
    Veldu vöru:

    Rafbók til eignar

    1 X 6.090 kr. = 6.090 kr.
    Samtals 6.090 kr.
    Ganga frá kaupum6.090 kr.