Master your Minecraft
 
 

Special Offers see all

Enter to WIN a $100 Credit

Subscribe to PowellsBooks.news
for a chance to win.
Privacy Policy

Tour our stores


    Recently Viewed clear list


    Original Essays | November 7, 2014

    Karelia Stetz-Waters: IMG The Hot Sex Tip Cosmo Won't Tell You



    Cosmopolitan Magazine recently released an article titled "28 Mind-Blowing Lesbian Sex Positions." Where was this vital information when I was a... Continue »

    spacer
Qualifying orders ship free.
$80.00
New Trade Paper
Ships in 1 to 3 days
Add to Wishlist
available for shipping or prepaid pickup only
Available for In-store Pickup
in 7 to 12 days
Qty Store Section
1 Remote Warehouse Internet- General

Security Program and Policies: Principles and Practices (Certification/Training)

by

Security Program and Policies: Principles and Practices (Certification/Training) Cover

 

Synopses & Reviews

Publisher Comments:

Everything you need to know about information security programs and policies, in one book

  • Clearly explains all facets of InfoSec program and policy planning, development, deployment, and management
  • Thoroughly updated for today’s challenges, laws, regulations, and best practices
  • The perfect resource for anyone pursuing an information security management career

 

In today’s dangerous world, failures in information security can be catastrophic. Organizations must protect themselves. Protection begins with comprehensive, realistic policies. This up-to-date guide will help you create, deploy, and manage them.

Complete and easy to understand, it explains key concepts and techniques through real-life examples. You’ll master modern information security regulations and frameworks, and learn specific best-practice policies for key industry sectors, including finance, healthcare, online commerce, and small business.

 

If you understand basic information security, you’re ready to succeed with this book. You’ll find projects, questions, exercises, examples, links to valuable easy-to-adapt information security policies...everything you need to implement a successful information security program.

 

Sari Stern Greene, CISSP, CRISC, CISM, NSA/IAM, is an information security practitioner, author, and entrepreneur. She is passionate about the importance of protecting information and critical infrastructure. Sari founded Sage Data Security in 2002 and has amassed thousands of hours in the field working with a spectrum of technical, operational, and management personnel, as  well as boards of directors, regulators, and service providers. Her first text was Tools and Techniques for Securing Microsoft Networks, commissioned by Microsoft to train its partner channel, which was soon followed by the first edition of Security Policies and Procedures: Principles and Practices. She is actively involved in the security community, and speaks regularly at security conferences and workshops. She has been quoted in The New York Times, Wall Street Journal, and on CNN, and CNBC. Since 2010, Sari has served as the chair of the annual Cybercrime Symposium.

 

Learn how to

·         Establish program objectives, elements, domains, and governance

·         Understand policies, standards, procedures, guidelines, and plans—and the differences among them

·         Write policies in “plain language,” with the right level of detail

·         Apply the Confidentiality, Integrity & Availability (CIA) security model

·         Use NIST resources and ISO/IEC 27000-series standards

·         Align security with business strategy

·         Define, inventory, and classify your information and systems

·         Systematically identify, prioritize, and manage InfoSec risks

·         Reduce “people-related” risks with role-based Security Education, Awareness, and Training (SETA)

·         Implement effective physical, environmental, communications, and operational security

·         Effectively manage access control

·         Secure the entire system development lifecycle

·         Respond to incidents and ensure continuity of operations

·         Comply with laws and regulations, including GLBA, HIPAA/HITECH, FISMA, state data security and notification rules, and PCI DSS

 

Synopsis:

This is the first complete, up-to-date, hands-on guide to creating effective information security policies and procedures. It introduces essential security policy concepts and their rationale, thoroughly covers information security regulations and frameworks, and presents best-practice policies specific to industry sectors, including finance, healthcare and small business. Ideal for both InfoSec students and practitioners, it covers all facets of Security Education, Training & Awareness (SETA), illuminates key concepts through real-life examples. Coverage includes: 

  • InfoSec program objectives, elements, domains, and governance
  • A complete introduction to risk management
  • Proven techniques for policy development and implementation
  • Establishing a layered defense
  • Implementing operational, personnel, and vendor security
  • Responding to incidents and ensuring continuation of operations
  • Auditing and monitoring security on an ongoing basis
  • Meeting unique legal and regulatory environments, including GLBA, HIPAA/HITECH, FISMA, state data security and notification rules, and PCI-DSS

This guide also contains easily-adapted sample Employee Affirmation Statements, and links to authoritative, up-to-date additional resources.

About the Author

Sari Greene is an information security practitioner, author, and entrepreneur. She founded Sage Data Security in 2002 and has amassed thousands of hours in the field working with a spectrum of technical, operational, and management personnel as well as board of directors, regulators, and service providers. Sari provided expert witness testimony in the groundbreaking PATCO v. Ocean National Bank case. From 2006 through 2010, she served as the managing director for the MEAPC, a coalition of 24 financial institutions that embrace a mission of preventing information theft and fraud through public education and awareness. Since 2010, she has served as the chair of the annual Cybercrime Symposium held in Portsmouth, New Hampshire. Sari’s first text was Tools and Techniques for Securing Microsoft Networks, commissioned by Microsoft to train its partner channel, followed soon after by the first edition of Security Policies and Procedures: Principles and Practices. She has published a number of articles and whitepapers related to information security and has been quoted in The New York Times, Wall Street Journal, CNN, and on CNBC. She speaks regularly at security conferences and workshops around the country and is a frequent guest lecturer. Sari has an MBA from the University of New Hampshire system and has earned an array of government and industry certifications and accreditations, including ISACA Certification in Risk and Information Systems Control (CRISC), ISACA Certification in Security Management (CISM), ISC2 Certification in Information Systems Security (CISSP), and Microsoft Certified Network Engineer (MCSE), and is certified by the National Security Agency to conduct NSA-IAM assessments for federal government agencies and contractors. You can contact Sari at sari@sarigreene.com or follow her on Twitter @sari_greene.

Table of Contents

Part I. Introduction to an Information Security Program

1. Information Security Program Objectives

2. Information Security Program Elements

 

Part II. Information Security Program Domains

3. Governance (Organizational Structure, Roles and Responsibilities)

4. Risk Management

5. Policy Development and Implementation

6. Layered Defense (Authentication, Authorization and Access Controls)

7. Operation Security

8. Personnel Security (Employee Lifecycle Including Training and Awareness)

9. Incident Response

10. Continuity of Operations

11. Vendor Management

12. Audit and Monitoring

 

Part III. Regulatory Compliance

13. Federal Regulations (GLBA, HIPAA/HITECH, FISMA)

14. State Data Security and Notification Requirements

15. PCI-DSS

 

Appendix A. Adapting an Infosec Program for Small Business Implementation.

 

Product Details

ISBN:
9780789751676
Author:
Greene, Sari Stern
Publisher:
Pearson It Certification
Author:
Greene, Sari
Subject:
Internet - General
Subject:
Internet - Security
Subject:
information security programs; InfoSec program; security education; security training; SETA; advanced information security; layered security
Subject:
information security programs; InfoSec program; security education; security training; SETA; advanced information security; layered security; cybersecurity
Copyright:
Edition Description:
Trade paper
Series:
Certification/Training
Publication Date:
20131130
Binding:
TRADE PAPER
Language:
English
Pages:
648
Dimensions:
9 x 7 x 1.5 in 993 gr

Related Subjects

Business » General
Business » Management
Business » Writing
Computers and Internet » Internet » General
Computers and Internet » Internet » Information
Computers and Internet » Networking » Computer Security
Computers and Internet » Networking » General
Computers and Internet » Networking » Vendor Specific
Science and Mathematics » Agriculture » Aquaculture

Security Program and Policies: Principles and Practices (Certification/Training) New Trade Paper
0 stars - 0 reviews
$80.00 In Stock
Product details 648 pages Pearson It Certification - English 9780789751676 Reviews:
"Synopsis" by ,

This is the first complete, up-to-date, hands-on guide to creating effective information security policies and procedures. It introduces essential security policy concepts and their rationale, thoroughly covers information security regulations and frameworks, and presents best-practice policies specific to industry sectors, including finance, healthcare and small business. Ideal for both InfoSec students and practitioners, it covers all facets of Security Education, Training & Awareness (SETA), illuminates key concepts through real-life examples. Coverage includes: 

  • InfoSec program objectives, elements, domains, and governance
  • A complete introduction to risk management
  • Proven techniques for policy development and implementation
  • Establishing a layered defense
  • Implementing operational, personnel, and vendor security
  • Responding to incidents and ensuring continuation of operations
  • Auditing and monitoring security on an ongoing basis
  • Meeting unique legal and regulatory environments, including GLBA, HIPAA/HITECH, FISMA, state data security and notification rules, and PCI-DSS

This guide also contains easily-adapted sample Employee Affirmation Statements, and links to authoritative, up-to-date additional resources.

spacer
spacer
  • back to top

FOLLOW US ON...

     
Powell's City of Books is an independent bookstore in Portland, Oregon, that fills a whole city block with more than a million new, used, and out of print books. Shop those shelves — plus literally millions more books, DVDs, and gifts — here at Powells.com.