Enterprise Information Security
Information security for non-technical decision makers
Published on 7. August 2002
Book
Paperback/Softback
168 pages
978-0-273-66157-3 (ISBN)
Description
Terrorist attacks against the United States, rumours of cyberterrorism, high-profile virulent worms such as NIMDA and Code Red - all of these have thrust information security to centre stage in the business world.
Information security is no longer the exclusive domain of IT security practitioners - now all business executives need to be familiar with the high level concepts and issues surrounding the security of their enterprise. Whilst many publications exist for security practitioners and technologists they offer little business case or contextual information to high-level decision-makers.
Written in user-friendly terms but using a vocabulary that security practitioners also understand, this briefing will enable you to get to grips with security issues so you can make informed decisions on threats and risks facing your business.
Contents include:
Executive summary
Security is on centre stage
Security concepts - the principles everyone needs to know
Security mechanisms - the components that protect the enterprise
Security policies - defining the standard of architecture and behaviour
Security requirement - defining the behaviour of systems and applications
Protecting corporate information beyond the corporate boundaries
Privacy
Conclusion
Information security is no longer the exclusive domain of IT security practitioners - now all business executives need to be familiar with the high level concepts and issues surrounding the security of their enterprise. Whilst many publications exist for security practitioners and technologists they offer little business case or contextual information to high-level decision-makers.
Written in user-friendly terms but using a vocabulary that security practitioners also understand, this briefing will enable you to get to grips with security issues so you can make informed decisions on threats and risks facing your business.
Contents include:
Executive summary
Security is on centre stage
Security concepts - the principles everyone needs to know
Security mechanisms - the components that protect the enterprise
Security policies - defining the standard of architecture and behaviour
Security requirement - defining the behaviour of systems and applications
Protecting corporate information beyond the corporate boundaries
Privacy
Conclusion
More details
Series
Language
English
Place of publication
Harlow
United Kingdom
Publishing group
Pearson Education Limited
Target group
Professional and scholarly
Dimensions
Height: 297 mm
Width: 210 mm
Thickness: 12 mm
Weight
640 gr
ISBN-13
978-0-273-66157-3 (9780273661573)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Content
List of tables
List of figures
Executive summary
Introduction
Security is on centre stage
The priority of information security
Impact of 2001 events
Proliferation of extranets
Insiders the real threat
Unprecedented dependence on information technology
Summary
Threats and vulnerabilities
Introduction
Threats
Vulnerabilities
Summary
Security fundamentals - the principles and the mechanisms behind them
Introduction
Identification and authentication
Authenticating other systems
Authorization
Access control
Encryption
Non-repudiation
Integrity
Audit
Availability
Security mechanisms work together
Summary
Security policies and requirements - defining the standard of architecture and behaviour
Introduction
What are information security policies?
Who writes security policies?
Audience
Policy development
Awareness
Enforcement and effectiveness
Summary
Security is about people's behaviour
Introduction
Technology is not the solution
The 'people threat'
Mitigating the threat
Trust
Summary
Protecting corporate information beyond the corporate boundaries
Introduction
The new world
Regaining control
Summary
Privacy
Introduction
What is personal information?
It's all about trust
Privacy policy
How security supports privacy
Privacy certifications
Summary
Action items
Most important and urgent action items (Quadrant I)
Most important but less urgent action items (Quadrant II)
Important and urgent action items (Quadrant III)
Important and less urgent action items (Quadrant IV)
Epilogue
References/sources for additional information
List of figures
Executive summary
Introduction
Security is on centre stage
The priority of information security
Impact of 2001 events
Proliferation of extranets
Insiders the real threat
Unprecedented dependence on information technology
Summary
Threats and vulnerabilities
Introduction
Threats
Vulnerabilities
Summary
Security fundamentals - the principles and the mechanisms behind them
Introduction
Identification and authentication
Authenticating other systems
Authorization
Access control
Encryption
Non-repudiation
Integrity
Audit
Availability
Security mechanisms work together
Summary
Security policies and requirements - defining the standard of architecture and behaviour
Introduction
What are information security policies?
Who writes security policies?
Audience
Policy development
Awareness
Enforcement and effectiveness
Summary
Security is about people's behaviour
Introduction
Technology is not the solution
The 'people threat'
Mitigating the threat
Trust
Summary
Protecting corporate information beyond the corporate boundaries
Introduction
The new world
Regaining control
Summary
Privacy
Introduction
What is personal information?
It's all about trust
Privacy policy
How security supports privacy
Privacy certifications
Summary
Action items
Most important and urgent action items (Quadrant I)
Most important but less urgent action items (Quadrant II)
Important and urgent action items (Quadrant III)
Important and less urgent action items (Quadrant IV)
Epilogue
References/sources for additional information