This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers:
Fundamentals of information security - providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors.
Fundamentals of management of information security - explains what information security management is about and its objectives. Details are also given on implementing the process and the continuous effort required to maintain its quality.
ITIL V3 and Information Security Management - shows the links with the other ITIL processes. Shows how integrating the Information Security Management activities into existing processes and activities not only supports efficiencies but ultimately is the key way to achieve effective Information Security Management.
Implementing Information Security Management - gives practical advice how to put Information Security Management into practice. From awareness in the organization via documentation required to maturity models; this guidance describes best practices for realizing Information Security Management.
Reihe
Sprache
Verlagsort
Zielgruppe
Dateigröße
ISBN-13
978-90-8753-553-7 (9789087535537)
Schweitzer Klassifikation
1 - About the authors [Seite 7]
2 - Acknowledgements [Seite 7]
3 - Executive summary [Seite 9]
4 - 1Introduction [Seite 12]
4.1 - 1.1This book [Seite 12]
5 - 2Fundamentals of information security [Seite 20]
5.1 - 2.1Perspectives on information security [Seite 20]
5.2 - 2.2Security architectures [Seite 31]
6 - 3Fundamentals of management of information security [Seite 38]
6.1 - 3.1Information Security Management - the continuous effort [Seite 39]
6.2 - 3.2Information Security Management as a PDCA cycle [Seite 39]
7 - 4ITIL version 3 and information security [Seite 48]
7.1 - 4.1Service Strategy [Seite 52]
7.2 - 4.2Service Design [Seite 65]
7.3 - 4.3Service Transition [Seite 70]
7.4 - 4.4Continual Service Improvement [Seite 79]
7.5 - 4.5Service Operation [Seite 88]
7.6 - 4.6Brief reflection on ITIL v3 [Seite 101]
8 - 5Guidelines for implementing Information Security Management [Seite 102]
8.1 - 5.1Implementing or improving ITIL Information Security Management [Seite 102]
8.2 - 5.2Awareness [Seite 105]
8.3 - 5.3Organization of Information Security Management [Seite 107]
8.4 - 5.4Documentation [Seite 113]
8.5 - 5.5Natural growth path through maturity levels [Seite 115]
8.6 - 5.6Pitfalls and success factors [Seite 124]
8.7 - 5.7Partnerships and outsourcing [Seite 125]
9 - Annex A: Information Security Management and standardization [Seite 128]
9.1 - A.1 ISO/IEC 27000 series [Seite 127]
9.2 - A.2 ISO/IEC 13335:2004 - Management of information andcommunications technology security [Seite 129]
9.3 - A.3 ISO 7498-2 - OSI Security Architecture [Seite 129]
9.4 - A.4 ISO/IEC 20000:2005 - Service Management [Seite 131]
9.5 - A.5 ISF: The standard of Good Practice for InformationSecurity [Seite 133]
9.6 - A.6 SABSA [Seite 133]
9.7 - A.7 COBIT [Seite 135]
9.8 - A.8 PCI/DSS [Seite 137]
9.9 - A.9 Information Security Management and certification [Seite 139]
10 - Annex B: Cross-references for ISO/IEC 27002 and ITIL Information Security Management [Seite 140]
11 - Annex C: Literature and links [Seite 142]
