LEADER 05518nam  2200709Ia 450 
001 9910146407603321
005 20170816124333.0
010   $a1-118-58551-8
010   $a1-282-13756-5
010   $a9786612137563
010   $a0-470-47601-X
010   $a0-470-47600-1
035   $a(CKB)1000000000747747
035   $a(EBL)433807
035   $a(OCoLC)428170752
035   $a(SSID)ssj0000179101
035   $a(PQKBManifestationID)11171417
035   $a(PQKBTitleCode)TC0000179101
035   $a(PQKBWorkID)10230728
035   $a(PQKB)11441223
035   $a(MiAaPQ)EBC433807
035   $a(EXLCZ)991000000000747747
100   $a20090225d2009      uy             0
101 0 $aeng
135   $aur|n|---|||||
181   $ctxt
182   $cc
183   $acr
200 10$aInformation security governance$b[electronic resource] $ea practical development and implementation approach /$fKrag Brotby
210   $aHoboken, N.J. $cJohn Wiley & Sons$dc2009
215   $a1 online resource (207 p.)
225 1 $aWiley series in systems engineering and management
300   $aDescription based upon print version of record.
311   $a0-470-13118-7 
320   $aIncludes bibliographical references and index.
327   $aINFORMATION SECURITY GOVERNANCE; Contents; Acknowledgments; Introduction; 1. Governance Overview-How Do We Do It? What Do We Get Out of It?; 1.1 What Is It?; 1.2 Back to Basics; 1.3 Origins of Governance; 1.4 Governance Definition; 1.5 Information Security Governance; 1.6 Six Outcomes of Effective Security Governance; 1.7 Defining Information, Data, Knowledge; 1.8 Value of Information; 2. Why Governance?; 2.1 Benefits of Good Governance; 2.1.1 Aligning Security with Business Objectives; 2.1.2 Providing the Structure and Framework to Optimize Allocations of Limited Resources
327   $a2.1.3 Providing Assurance that Critical Decisions are Not Based on Faulty Information2.1.4 Ensuring Accountability for Safeguarding Critical Assets; 2.1.5 Increasing Trust of Customers and Stakeholders; 2.1.6 Increasing the Company's Worth; 2.1.7 Reducing Liability for Information Inaccuracy or Lack of Due Care in Protection; 2.1.8 Increasing Predictability and Reducing Uncertainty of Business Operations; 2.2 A Management Problem; 3. Legal and Regulatory Requirements; 3.1 Security Governance and Regulation; 4. Roles and Responsibilities; 4.1 The Board of Directors; 4.2 Executive Management
327   $a4.3 Security Steering Committee4.4 The CISO; 5. Strategic Metrics; 5.1 Governance Objectives; 5.1.1 Strategic Direction; 5.1.2 Ensuring Objectives are Achieved; 5.1.3 Risks Managed Appropriately; 5.1.4 Verifying that Resources are Used Responsibly; 6. Information Security Outcomes; 6.1 Defining Outcomes; 6.1.1 Strategic Alignment-Aligning Security Activities in Support of Organizational Objectives; 6.1.2 Risk Management-Executing Appropriate Measures to Manage Risks and Potential Impacts to an Acceptable Level
327   $a6.1.3 Business Process Assurance/Convergence-Integrating All Relevant Assurance Processes to Improve Overall Security and Efficiency6.1.4 Value Delivery-Optimizing Investments in Support of Organizational Objectives; 6.1.5 Resource Management-Using Organizational Resources Efficiently and Effectively; 6.1.6 Performance Measurement-Monitoring and Reporting on Security Processes to Ensure that Objectives are Achieved; 7. Security Governance Objectives; 7.1 Security Architecture; 7.1.1 Managing Complexity; 7.1.2 Providing a Framework and Road Map
327   $a7.1.3 Simplicity and Clarity through Layering and Modularization7.1.4 Business Focus Beyond the Technical Domain; 7.1.5 Objectives of Information Security Architectures; 7.1.6 SABSA Framework for Security Service Management; 7.1.7 SABSA Development Process; 7.1.8 SABSA Life Cycle; 7.1.9 SABSA Attributes; 7.2 CobiT; 7.3 Capability Maturity Model; 7.4 ISO/IEC 27001/27002; 7.4.1 ISO 27001; 7.4.2 ISO 27002; 7.5 Other Approaches; 7.5.1 National Cybersecurity Task Force, Information Security Governance: A Call to Action; 8. Risk Management Objectives; 8.1 Risk Management Responsibilities
327   $a8.2 Managing Risk Appropriately
330   $aThe Growing Imperative Need for Effective Information Security Governance With monotonous regularity, headlines announce ever more spectacular failures of information security and mounting losses. The succession of corporate debacles and dramatic control failures in recent years underscores the necessity for information security to be tightly integrated into the fabric of every organization. The protection of an organization's most valuable asset information can no longer be relegated to low-level technical personnel, but must be considered an essential element of corporate governance that i
410  0$aWiley series in systems engineering and management.
606   $aData protection
606   $aComputer security$xManagement
606   $aInformation technology$xSecurity measures
608   $aElectronic books.
615  0$aData protection.
615  0$aComputer security$xManagement.
615  0$aInformation technology$xSecurity measures.
676   $a658.4
676   $a658.4/78
676   $a658.472
676   $a658.478
700   $aBrotby$b W. Krag$0862239
801  0$bMiAaPQ
801  1$bMiAaPQ
801  2$bMiAaPQ
906   $aBOOK
912   $a9910146407603321
996   $aInformation security governance$91924678
997   $aUNINA