Information Security Governance: A Practical Development and by Krag Brotby

By Krag Brotby

The transforming into valuable want for powerful info protection Governance

With monotonous regularity, headlines announce ever extra extraordinary disasters of knowledge safety and mounting losses. The succession of company debacles and dramatic regulate disasters in recent times underscores the need for info safeguard to be tightly built-in into the cloth of each association. the safety of an organization's most precious asset details can now not be relegated to low-level technical group of workers, yet has to be thought of a vital part of company governance that's serious to organizational good fortune and survival.

Written by means of an professional, details safety Governance is the 1st book-length remedy of this crucial subject, offering readers with a step by step method of constructing and dealing with a good info defense application.

Beginning with a common assessment of governance, the ebook covers:
• The company case for info security
• Defining roles and responsibilities
• constructing strategic metrics
• making a choice on details defense outcomes
• atmosphere defense governance objectives
• setting up danger administration objectives
• constructing an economical safeguard strategy
• A pattern method development
• the stairs for imposing a good strategy
• constructing significant safety application improvement metrics
• Designing appropriate info protection administration metrics
• Defining incident administration and reaction metrics

Complemented with motion plans and pattern guidelines that display to readers the right way to placed those rules into perform, info safeguard Governance is crucial analyzing for any expert who's serious about details defense and coverage.

Show description

Read or Download Information Security Governance: A Practical Development and Implementation Approach PDF

Best security books

Simple Steps to Data Encryption: A Practical Guide to Secure Computing

Everybody wishes privateness and safety on-line, anything that the majority machine clients have roughly given up on so far as their own info is anxious. there's no scarcity of excellent encryption software program, and no scarcity of books, articles and essays that purport to be approximately the best way to use it. but there's worthy little for traditional clients who wish barely enough information regarding encryption to exploit it effectively and securely and appropriately--WITHOUT having to develop into specialists in cryptography.

Comprehensive Security in Asia: Views from Asia and the West on a Changing Security Environment

This can be an exam of "Comprehensive protection" as a coverage that is going past the necessities of army defence opposed to a specific "enemy" to emphasize the necessity to take into consideration different facets very important to nationwide balance: nutrients, strength, atmosphere, communique and social protection.

Protecting Human Security in Africa

Keeping Human safety in Africa discusses probably the most powerful threats to human safety in Africa. It offers specially with these threats to the safety of African humans that are least understood or explored. In topics various from corruption, the proliferation of small fingers and light-weight guns, nutrients defense, the devastation of inner displacement in Africa, the hyperlink among typical assets and human safeguard, to the issues of pressured labour, threatsto women's safeguard, and environmental protection, the publication examines the criminal and coverage demanding situations of defending human defense in Africa.

Additional resources for Information Security Governance: A Practical Development and Implementation Approach

Sample text

Security activities provide predictable operations. Predictability is good for business. A KGI could be the extent that incidents and impacts fall within an anticipated and acceptable range. 36 Information Security Outcomes ț Security resources are allocated in proportion to business criticality. Alignment with business objectives suggests that the most critical business operations receive the greatest protection. The KGI could be demonstrable proportionality of resource allocation and asset criticality and/or sensitivity.

1. This approach can provide a number of benefits including a forum for identifying and prioritizing current and emerging risks, an invaluable channel for gathering organizational intelligence, as well as an avenue for disseminating important security-related information. The committee can be instrumental in gaining consensus to aid security program activities as well as serving as a forum for dispute resolution. 4 THE CISO The responsibilities of information security managers varies widely as does their position in the organizational structure.

The premium ranged from 11 to 16 percent in 1996 to 18 to 28 percent in 2000. With the advent of regulations, such as those imposed by Sarbanes–Oxley requiring disclosure of the effectiveness of controls and attestation to the accuracy of financial reporting, these studies suggest obvious implications for adequate and effective security governance. 7 Reducing Liability for Information Inaccuracy or Lack of Due Care in Protection There are many chapters yet to be written in jurisprudence regarding information security issues, but some aspects have emerged that must be considered in terms of organizational liability for inaccurate information.

Download PDF sample

Rated 4.18 of 5 – based on 35 votes