IT Security Risk Control Management : An Audit Preparation Plan
معرفی کتاب «IT Security Risk Control Management : An Audit Preparation Plan» نوشتهٔ Raymond Pompon، منتشرشده توسط نشر Apress : Imprint : Apress در سال 2016. این کتاب در 4 صفحه، فرمت pdf، زبان انگلیسی ارائه شده است.
This book explains how to construct an information security program, from inception to audit, with enduring, practical, hands-on advice and actionable behavior for IT professionals. Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking. __IT Security Risk Control Management__ provides step-by-step guidance on how to craft a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constant changing threats. Readers will understand the paradoxes of information security and discover handy tools that hook security controls into business processes. With this book, you will be able to equip your security program to prepare for and pass such common audits as PCI, SSAE-16 and ISO 27001. In addition, you will learn the depth and breadth of the expertise necessary to become an adaptive and effective security professional. This book:* Starts at the beginning of how to approach, scope, and customize a security program to fit an organization. * Walks you through how to implement the most challenging processes, pointing out common pitfalls and distractions. * Teaches you how to frame security and risk issues to be clear and actionable to decision makers, technical personnel, and users. **What you’ll learn** * How to organically grow a useful, functional security program appropriate to an organization's culture and requirements * How to inform, advise, and influence executives, IT staff, and users on information security * How to think like a seasoned security professional, understanding how cyber-criminals subvert systems with subtle and insidious tricks. * How to analyze, select, implement, and monitor security controls such as change control, vulnerability management, incident response, and access controls. * How to prepare an organization to pass external formal audits such as PCI, SSAE-16 or ISO 27001 * How to write clear, easy to follow, comprehensive security policies and procedures **Who This Book Is For** IT professionals moving into the security field; new security managers, directors, project heads, and would-be CISOs; and security specialists from other disciplines moving into information security (e.g., former military security professionals, law enforcement professionals, and physical security professionals). Follow step-by-step guidance to craft a successful security program. You will identify with the paradoxes of information security and discover handy tools that hook security controls into business processes. Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking. What You Will Learn: Build a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constantly changing threats Prepare for and pass such common audits as PCI-DSS, SSAE-16, and ISO 27001 Calibrate the scope, and customize security controls to fit into an organization’s culture Implement the most challenging processes, pointing out common pitfalls and distractions Frame security and risk issues to be clear and actionable so that decision makers, technical personnel, and users will listen and value your advice Who This Book Is For: IT professionals moving into the security field; new security managers, directors, project heads, and would-be CISOs; and security specialists from other disciplines moving into information security (e.g., former military security professionals, law enforcement professionals, and physical security professionals) Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking. IT Security Risk Control Management provides step-by-step guidance for IT professionals on how to craft a successful security program. Readers will identify with the paradoxes of information security and discover handy tools that hook security controls into business processes, including: Building a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constant changing threats Preparing for and passing such common audits as PCI-DSS, SSAE-16, and ISO 27001. Calibrating the scope, and customizing security controls to fit into an organization?s culture. Implementing the most challenging processes, pointing out common pitfalls and distractions. Framing security and risk issues to be clear and actionable so that decision makers, technical personnel, and users will listen and value your advice. With IT Security Risk Control Management, you will be able to construct an information security program, from inception to audit, with enduring, practical, hands-on advice, and actionable strategies for IT professionals
دانلود کتاب IT Security Risk Control Management : An Audit Preparation Plan