東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

IT security risk control management ...

Pompon, Raymond.

FindBook

Google Book

Amazon

博客來

IT security risk control management = an audit preparation plan /

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	IT security risk control management/ by Raymond Pompon.
其他題名:	an audit preparation plan /
作者:	Pompon, Raymond.
出版者:	Berkeley, CA :Apress : : 2016.,
面頁冊數:	xxxi, 311 p. :ill., digital ;24 cm.
內容註:	Part I: Getting a Handle on Things -- Chapter 1: Why Audit. Chapter 2: Assume Breach. Chapter 3: Risk Analysis: Assets and Impacts. Chapter 4: Risk Analysis: Natural Threats. Chapter 5: Risk Analysis: Adversarial Risk. Part II: Wrangling the Organization -- Chapter 6: Scope. Chapter 7: Governance. Chapter 8: Talking to the Suits. Chapter 9: Talking to the Techs. Chapter 10: Talking to the Users. Part III: Managing Risk with Controls -- Chapter 11: Policy. Chapter 12: Control Design. Chapter 13: Administrative Controls. Chapter 14: Vulnerability Management. Chapter 15: People Controls. Chapter 16: Logical Access Control. Chapter 17: Network Security Controls. Chapter 18: More Technical Controls. Chapter 19: Physical Security Controls. Part IV: Being Audited.-C hapter 20: Response Controls. Chapter 21: Starting the Audit. Chapter 22: Internal Audit. Chapter 23: Third Party Security. Chapter 24: Post Audit Improvement.
Contained By:	Springer eBooks
標題:	Information Systems Applications (incl. Internet) -
電子資源:	http://dx.doi.org/10.1007/978-1-4842-2140-2
ISBN:	9781484221402$q(electronic bk.)

IT security risk control management = an audit preparation plan /
Pompon, Raymond.

IT security risk control managementan audit preparation plan /[electronic resource] :by Raymond Pompon. - Berkeley, CA :Apress :2016. - xxxi, 311 p. :ill., digital ;24 cm.

Part I: Getting a Handle on Things -- Chapter 1: Why Audit. Chapter 2: Assume Breach. Chapter 3: Risk Analysis: Assets and Impacts. Chapter 4: Risk Analysis: Natural Threats. Chapter 5: Risk Analysis: Adversarial Risk. Part II: Wrangling the Organization -- Chapter 6: Scope. Chapter 7: Governance. Chapter 8: Talking to the Suits. Chapter 9: Talking to the Techs. Chapter 10: Talking to the Users. Part III: Managing Risk with Controls -- Chapter 11: Policy. Chapter 12: Control Design. Chapter 13: Administrative Controls. Chapter 14: Vulnerability Management. Chapter 15: People Controls. Chapter 16: Logical Access Control. Chapter 17: Network Security Controls. Chapter 18: More Technical Controls. Chapter 19: Physical Security Controls. Part IV: Being Audited.-C hapter 20: Response Controls. Chapter 21: Starting the Audit. Chapter 22: Internal Audit. Chapter 23: Third Party Security. Chapter 24: Post Audit Improvement.

Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking. IT Security Risk Control Management provides step-by-step guidance for IT professionals on how to craft a successful security program. Readers will identify with the paradoxes of information security and discover handy tools that hook security controls into business processes, including: Building a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constant changing threats Preparing for and passing such common audits as PCI-DSS, SSAE-16, and ISO 27001. Calibrating the scope, and customizing security controls to fit into an organization's culture. Implementing the most challenging processes, pointing out common pitfalls and distractions. Framing security and risk issues to be clear and actionable so that decision makers, technical personnel, and users will listen and value your advice. With IT Security Risk Control Management, you will be able to construct an information security program, from inception to audit, with enduring, practical, hands-on advice, and actionable strategies for IT professionals.

ISBN: 9781484221402$q(electronic bk.)

Standard No.: 10.1007/978-1-4842-2140-2doiSubjects--Topical Terms:

1565452
Information Systems Applications (incl. Internet)

LC Class. No.: QA76.9.A25

Dewey Class. No.: 005.8

IT security risk control management = an audit preparation plan /
LDR:03223nmm a2200289 a 4500 001 2051996
003 DE-He213
005 20170308093742.0
006 m d
007 cr nn 008maaau
008 170421s2016 cau s 0 eng d
020 $a 9781484221402$q(electronic bk.)
020 $a 9781484221396$q(paper)
024 7 $a 10.1007/978-1-4842-2140-2 $2 doi
035 $a 978-1-4842-2140-2
040 $a GP $c GP
041 0 $a eng
050 4 $a QA76.9.A25
082 0 4 $a 005.8 $2 23
090 $a QA76.9.A25 $b P791 2016
100 1 $a Pompon, Raymond. $3 3134863
245 1 0 $a IT security risk control management $h [electronic resource] : $b an audit preparation plan / $c by Raymond Pompon.
260 $a Berkeley, CA : $b Apress : $b Imprint: Apress, $c 2016.
300 $a xxxi, 311 p. : $b ill., digital ; $c 24 cm.
505 0 $a Part I: Getting a Handle on Things -- Chapter 1: Why Audit. Chapter 2: Assume Breach. Chapter 3: Risk Analysis: Assets and Impacts. Chapter 4: Risk Analysis: Natural Threats. Chapter 5: Risk Analysis: Adversarial Risk. Part II: Wrangling the Organization -- Chapter 6: Scope. Chapter 7: Governance. Chapter 8: Talking to the Suits. Chapter 9: Talking to the Techs. Chapter 10: Talking to the Users. Part III: Managing Risk with Controls -- Chapter 11: Policy. Chapter 12: Control Design. Chapter 13: Administrative Controls. Chapter 14: Vulnerability Management. Chapter 15: People Controls. Chapter 16: Logical Access Control. Chapter 17: Network Security Controls. Chapter 18: More Technical Controls. Chapter 19: Physical Security Controls. Part IV: Being Audited.-C hapter 20: Response Controls. Chapter 21: Starting the Audit. Chapter 22: Internal Audit. Chapter 23: Third Party Security. Chapter 24: Post Audit Improvement.
520 $a Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking. IT Security Risk Control Management provides step-by-step guidance for IT professionals on how to craft a successful security program. Readers will identify with the paradoxes of information security and discover handy tools that hook security controls into business processes, including: Building a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constant changing threats Preparing for and passing such common audits as PCI-DSS, SSAE-16, and ISO 27001. Calibrating the scope, and customizing security controls to fit into an organization's culture. Implementing the most challenging processes, pointing out common pitfalls and distractions. Framing security and risk issues to be clear and actionable so that decision makers, technical personnel, and users will listen and value your advice. With IT Security Risk Control Management, you will be able to construct an information security program, from inception to audit, with enduring, practical, hands-on advice, and actionable strategies for IT professionals.
650 2 4 $a Information Systems Applications (incl. Internet) $3 1565452
650 0 $a Information technology $x Security measures $x Management. $3 3134864
650 0 $a Computer security. $3 540555
650 1 4 $a Computer Science. $3 626642
650 2 4 $a Security. $3 3134865
650 2 4 $a Systems and Data Security. $3 898223
710 2 $a SpringerLink (Online service) $3 836513
773 0 $t Springer eBooks
856 4 0 $u http://dx.doi.org/10.1007/978-1-4842-2140-2
950 $a Professional and Applied Computing (Springer-12059)