Information security governance [[electronic resource] ] : a practical development and implementation approach / / Krag Brotby |
Autore | Brotby W. Krag |
Pubbl/distr/stampa | Hoboken, N.J., : John Wiley & Sons, c2009 |
Descrizione fisica | 1 online resource (207 p.) |
Disciplina |
658.4
658.4/78 658.472 658.478 |
Collana | Wiley series in systems engineering and management |
Soggetto topico |
Data protection
Computer security - Management Information technology - Security measures |
Soggetto genere / forma | Electronic books. |
ISBN |
1-118-58551-8
1-282-13756-5 9786612137563 0-470-47601-X 0-470-47600-1 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
INFORMATION SECURITY GOVERNANCE; Contents; Acknowledgments; Introduction; 1. Governance Overview-How Do We Do It? What Do We Get Out of It?; 1.1 What Is It?; 1.2 Back to Basics; 1.3 Origins of Governance; 1.4 Governance Definition; 1.5 Information Security Governance; 1.6 Six Outcomes of Effective Security Governance; 1.7 Defining Information, Data, Knowledge; 1.8 Value of Information; 2. Why Governance?; 2.1 Benefits of Good Governance; 2.1.1 Aligning Security with Business Objectives; 2.1.2 Providing the Structure and Framework to Optimize Allocations of Limited Resources
2.1.3 Providing Assurance that Critical Decisions are Not Based on Faulty Information2.1.4 Ensuring Accountability for Safeguarding Critical Assets; 2.1.5 Increasing Trust of Customers and Stakeholders; 2.1.6 Increasing the Company's Worth; 2.1.7 Reducing Liability for Information Inaccuracy or Lack of Due Care in Protection; 2.1.8 Increasing Predictability and Reducing Uncertainty of Business Operations; 2.2 A Management Problem; 3. Legal and Regulatory Requirements; 3.1 Security Governance and Regulation; 4. Roles and Responsibilities; 4.1 The Board of Directors; 4.2 Executive Management 4.3 Security Steering Committee4.4 The CISO; 5. Strategic Metrics; 5.1 Governance Objectives; 5.1.1 Strategic Direction; 5.1.2 Ensuring Objectives are Achieved; 5.1.3 Risks Managed Appropriately; 5.1.4 Verifying that Resources are Used Responsibly; 6. Information Security Outcomes; 6.1 Defining Outcomes; 6.1.1 Strategic Alignment-Aligning Security Activities in Support of Organizational Objectives; 6.1.2 Risk Management-Executing Appropriate Measures to Manage Risks and Potential Impacts to an Acceptable Level 6.1.3 Business Process Assurance/Convergence-Integrating All Relevant Assurance Processes to Improve Overall Security and Efficiency6.1.4 Value Delivery-Optimizing Investments in Support of Organizational Objectives; 6.1.5 Resource Management-Using Organizational Resources Efficiently and Effectively; 6.1.6 Performance Measurement-Monitoring and Reporting on Security Processes to Ensure that Objectives are Achieved; 7. Security Governance Objectives; 7.1 Security Architecture; 7.1.1 Managing Complexity; 7.1.2 Providing a Framework and Road Map 7.1.3 Simplicity and Clarity through Layering and Modularization7.1.4 Business Focus Beyond the Technical Domain; 7.1.5 Objectives of Information Security Architectures; 7.1.6 SABSA Framework for Security Service Management; 7.1.7 SABSA Development Process; 7.1.8 SABSA Life Cycle; 7.1.9 SABSA Attributes; 7.2 CobiT; 7.3 Capability Maturity Model; 7.4 ISO/IEC 27001/27002; 7.4.1 ISO 27001; 7.4.2 ISO 27002; 7.5 Other Approaches; 7.5.1 National Cybersecurity Task Force, Information Security Governance: A Call to Action; 8. Risk Management Objectives; 8.1 Risk Management Responsibilities 8.2 Managing Risk Appropriately |
Record Nr. | UNINA-9910146407603321 |
Brotby W. Krag | ||
Hoboken, N.J., : John Wiley & Sons, c2009 | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|
Information security governance [[electronic resource] ] : a practical development and implementation approach / / Krag Brotby |
Autore | Brotby W. Krag |
Pubbl/distr/stampa | Hoboken, N.J., : John Wiley & Sons, c2009 |
Descrizione fisica | 1 online resource (207 p.) |
Disciplina |
658.4
658.4/78 658.472 658.478 |
Collana | Wiley series in systems engineering and management |
Soggetto topico |
Data protection
Computer security - Management Information technology - Security measures |
ISBN |
1-118-58551-8
1-282-13756-5 9786612137563 0-470-47601-X 0-470-47600-1 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
INFORMATION SECURITY GOVERNANCE; Contents; Acknowledgments; Introduction; 1. Governance Overview-How Do We Do It? What Do We Get Out of It?; 1.1 What Is It?; 1.2 Back to Basics; 1.3 Origins of Governance; 1.4 Governance Definition; 1.5 Information Security Governance; 1.6 Six Outcomes of Effective Security Governance; 1.7 Defining Information, Data, Knowledge; 1.8 Value of Information; 2. Why Governance?; 2.1 Benefits of Good Governance; 2.1.1 Aligning Security with Business Objectives; 2.1.2 Providing the Structure and Framework to Optimize Allocations of Limited Resources
2.1.3 Providing Assurance that Critical Decisions are Not Based on Faulty Information2.1.4 Ensuring Accountability for Safeguarding Critical Assets; 2.1.5 Increasing Trust of Customers and Stakeholders; 2.1.6 Increasing the Company's Worth; 2.1.7 Reducing Liability for Information Inaccuracy or Lack of Due Care in Protection; 2.1.8 Increasing Predictability and Reducing Uncertainty of Business Operations; 2.2 A Management Problem; 3. Legal and Regulatory Requirements; 3.1 Security Governance and Regulation; 4. Roles and Responsibilities; 4.1 The Board of Directors; 4.2 Executive Management 4.3 Security Steering Committee4.4 The CISO; 5. Strategic Metrics; 5.1 Governance Objectives; 5.1.1 Strategic Direction; 5.1.2 Ensuring Objectives are Achieved; 5.1.3 Risks Managed Appropriately; 5.1.4 Verifying that Resources are Used Responsibly; 6. Information Security Outcomes; 6.1 Defining Outcomes; 6.1.1 Strategic Alignment-Aligning Security Activities in Support of Organizational Objectives; 6.1.2 Risk Management-Executing Appropriate Measures to Manage Risks and Potential Impacts to an Acceptable Level 6.1.3 Business Process Assurance/Convergence-Integrating All Relevant Assurance Processes to Improve Overall Security and Efficiency6.1.4 Value Delivery-Optimizing Investments in Support of Organizational Objectives; 6.1.5 Resource Management-Using Organizational Resources Efficiently and Effectively; 6.1.6 Performance Measurement-Monitoring and Reporting on Security Processes to Ensure that Objectives are Achieved; 7. Security Governance Objectives; 7.1 Security Architecture; 7.1.1 Managing Complexity; 7.1.2 Providing a Framework and Road Map 7.1.3 Simplicity and Clarity through Layering and Modularization7.1.4 Business Focus Beyond the Technical Domain; 7.1.5 Objectives of Information Security Architectures; 7.1.6 SABSA Framework for Security Service Management; 7.1.7 SABSA Development Process; 7.1.8 SABSA Life Cycle; 7.1.9 SABSA Attributes; 7.2 CobiT; 7.3 Capability Maturity Model; 7.4 ISO/IEC 27001/27002; 7.4.1 ISO 27001; 7.4.2 ISO 27002; 7.5 Other Approaches; 7.5.1 National Cybersecurity Task Force, Information Security Governance: A Call to Action; 8. Risk Management Objectives; 8.1 Risk Management Responsibilities 8.2 Managing Risk Appropriately |
Record Nr. | UNINA-9910830706103321 |
Brotby W. Krag | ||
Hoboken, N.J., : John Wiley & Sons, c2009 | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|
Information security governance : a practical development and implementation approach / / Krag Brotby |
Autore | Brotby W. Krag |
Pubbl/distr/stampa | Hoboken, N.J., : John Wiley & Sons, c2009 |
Descrizione fisica | 1 online resource (207 p.) |
Disciplina |
658.4
658.4/78 658.472 658.478 |
Collana | Wiley series in systems engineering and management |
Soggetto topico |
Data protection
Computer security - Management Information technology - Security measures |
ISBN |
1-118-58551-8
1-282-13756-5 9786612137563 0-470-47601-X 0-470-47600-1 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
INFORMATION SECURITY GOVERNANCE; Contents; Acknowledgments; Introduction; 1. Governance Overview-How Do We Do It? What Do We Get Out of It?; 1.1 What Is It?; 1.2 Back to Basics; 1.3 Origins of Governance; 1.4 Governance Definition; 1.5 Information Security Governance; 1.6 Six Outcomes of Effective Security Governance; 1.7 Defining Information, Data, Knowledge; 1.8 Value of Information; 2. Why Governance?; 2.1 Benefits of Good Governance; 2.1.1 Aligning Security with Business Objectives; 2.1.2 Providing the Structure and Framework to Optimize Allocations of Limited Resources
2.1.3 Providing Assurance that Critical Decisions are Not Based on Faulty Information2.1.4 Ensuring Accountability for Safeguarding Critical Assets; 2.1.5 Increasing Trust of Customers and Stakeholders; 2.1.6 Increasing the Company's Worth; 2.1.7 Reducing Liability for Information Inaccuracy or Lack of Due Care in Protection; 2.1.8 Increasing Predictability and Reducing Uncertainty of Business Operations; 2.2 A Management Problem; 3. Legal and Regulatory Requirements; 3.1 Security Governance and Regulation; 4. Roles and Responsibilities; 4.1 The Board of Directors; 4.2 Executive Management 4.3 Security Steering Committee4.4 The CISO; 5. Strategic Metrics; 5.1 Governance Objectives; 5.1.1 Strategic Direction; 5.1.2 Ensuring Objectives are Achieved; 5.1.3 Risks Managed Appropriately; 5.1.4 Verifying that Resources are Used Responsibly; 6. Information Security Outcomes; 6.1 Defining Outcomes; 6.1.1 Strategic Alignment-Aligning Security Activities in Support of Organizational Objectives; 6.1.2 Risk Management-Executing Appropriate Measures to Manage Risks and Potential Impacts to an Acceptable Level 6.1.3 Business Process Assurance/Convergence-Integrating All Relevant Assurance Processes to Improve Overall Security and Efficiency6.1.4 Value Delivery-Optimizing Investments in Support of Organizational Objectives; 6.1.5 Resource Management-Using Organizational Resources Efficiently and Effectively; 6.1.6 Performance Measurement-Monitoring and Reporting on Security Processes to Ensure that Objectives are Achieved; 7. Security Governance Objectives; 7.1 Security Architecture; 7.1.1 Managing Complexity; 7.1.2 Providing a Framework and Road Map 7.1.3 Simplicity and Clarity through Layering and Modularization7.1.4 Business Focus Beyond the Technical Domain; 7.1.5 Objectives of Information Security Architectures; 7.1.6 SABSA Framework for Security Service Management; 7.1.7 SABSA Development Process; 7.1.8 SABSA Life Cycle; 7.1.9 SABSA Attributes; 7.2 CobiT; 7.3 Capability Maturity Model; 7.4 ISO/IEC 27001/27002; 7.4.1 ISO 27001; 7.4.2 ISO 27002; 7.5 Other Approaches; 7.5.1 National Cybersecurity Task Force, Information Security Governance: A Call to Action; 8. Risk Management Objectives; 8.1 Risk Management Responsibilities 8.2 Managing Risk Appropriately |
Record Nr. | UNINA-9910877629903321 |
Brotby W. Krag | ||
Hoboken, N.J., : John Wiley & Sons, c2009 | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|
PRAGMATIC security metrics : applying metametrics to information security / / W. Krag Brotby and Gary Hinson ; preface by M. E. Kabay |
Autore | Brotby W. Krag |
Edizione | [1st edition] |
Pubbl/distr/stampa | Boca Raton, Fla. : , : CRC Press, , 2013 |
Descrizione fisica | 1 online resource (507 p.) |
Disciplina | 658.478 |
Altri autori (Persone) |
HinsonGary
KabayMichel E |
Soggetto topico |
Business enterprises - Computer networks - Security measures
Computer security Data protection |
Soggetto genere / forma | Electronic books. |
ISBN |
0-429-11156-8
1-4398-8153-7 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Front Cover; Contents; Foreword; Preface; Acknowledgments; Office Memorandum; Chapter 1 - Introduction; Chapter 2 - Why Measure Information Security?; Chapter 3 - The Art and Science of Security Metrics; Chapter 4 - Audiences for Security Metrics; Chapter 5 - Finding Candidate Metrics; Chapter 6 - Metametrics and the PRAGMATIC Approach; Chapter 7 - 150+ Example Security Metrics; Chapter 8 - Designing PRAGMATIC Security Measurement System; Chapter 9 - Advanced Information Security Metrics; Chapter 10 - Downsides of Metrics; Chapter 11 - Using PRAGMATIC Metrics in Practice
Chapter 12 - Case StudyChapter 13 - Conclusions; Appendix A: PRAGMATIC Criteria; Appendix B: Business Model of Information Security (BMIS); Appendix C: Capability Maturity Model (CMM); Appendix D: Example Opinion Survey Form; Appendix E: SABSA Security Attributes Table; Appendix F: Prototype Metrics Catalog; Appendix G: Effect of Weighting the PRAGMATIC Criteria; Appendix H: ISO27k Maturity Scale Metrics; Appendix I: Sample Management Survey; Appendix J: Observer Bias; Appendix K: Observer Calibration; Appendix L: Bibliography; Back Cover |
Record Nr. | UNINA-9910462893303321 |
Brotby W. Krag | ||
Boca Raton, Fla. : , : CRC Press, , 2013 | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|
Pragmatic security metrics : applying metametrics to information security / / W. Krag Brotby and Gary Hinson ; preface by M.E. Kabay |
Autore | Brotby W. Krag |
Edizione | [1st edition] |
Pubbl/distr/stampa | Boca Raton : , : CRC Press, Taylor & Francis Group, , [2013] |
Descrizione fisica | 1 online resource (xviii, 485 pages) : illustrations |
Disciplina | 658.478 |
Collana | Gale eBooks |
Soggetto topico |
Business enterprises - Computer networks - Security measures
Computer security Data protection |
ISBN |
0-429-11156-8
1-4398-8153-7 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Front Cover; Contents; Foreword; Preface; Acknowledgments; Office Memorandum; Chapter 1 - Introduction; Chapter 2 - Why Measure Information Security?; Chapter 3 - The Art and Science of Security Metrics; Chapter 4 - Audiences for Security Metrics; Chapter 5 - Finding Candidate Metrics; Chapter 6 - Metametrics and the PRAGMATIC Approach; Chapter 7 - 150+ Example Security Metrics; Chapter 8 - Designing PRAGMATIC Security Measurement System; Chapter 9 - Advanced Information Security Metrics; Chapter 10 - Downsides of Metrics; Chapter 11 - Using PRAGMATIC Metrics in Practice
Chapter 12 - Case StudyChapter 13 - Conclusions; Appendix A: PRAGMATIC Criteria; Appendix B: Business Model of Information Security (BMIS); Appendix C: Capability Maturity Model (CMM); Appendix D: Example Opinion Survey Form; Appendix E: SABSA Security Attributes Table; Appendix F: Prototype Metrics Catalog; Appendix G: Effect of Weighting the PRAGMATIC Criteria; Appendix H: ISO27k Maturity Scale Metrics; Appendix I: Sample Management Survey; Appendix J: Observer Bias; Appendix K: Observer Calibration; Appendix L: Bibliography; Back Cover |
Record Nr. | UNINA-9910786243403321 |
Brotby W. Krag | ||
Boca Raton : , : CRC Press, Taylor & Francis Group, , [2013] | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|
Pragmatic security metrics : applying metametrics to information security / / W. Krag Brotby and Gary Hinson ; preface by M.E. Kabay |
Autore | Brotby W. Krag |
Edizione | [1st edition] |
Pubbl/distr/stampa | Boca Raton : , : CRC Press, Taylor & Francis Group, , [2013] |
Descrizione fisica | 1 online resource (xviii, 485 pages) : illustrations |
Disciplina | 658.478 |
Collana | Gale eBooks |
Soggetto topico |
Business enterprises - Computer networks - Security measures
Computer security Data protection |
ISBN |
0-429-11156-8
1-4398-8153-7 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Front Cover; Contents; Foreword; Preface; Acknowledgments; Office Memorandum; Chapter 1 - Introduction; Chapter 2 - Why Measure Information Security?; Chapter 3 - The Art and Science of Security Metrics; Chapter 4 - Audiences for Security Metrics; Chapter 5 - Finding Candidate Metrics; Chapter 6 - Metametrics and the PRAGMATIC Approach; Chapter 7 - 150+ Example Security Metrics; Chapter 8 - Designing PRAGMATIC Security Measurement System; Chapter 9 - Advanced Information Security Metrics; Chapter 10 - Downsides of Metrics; Chapter 11 - Using PRAGMATIC Metrics in Practice
Chapter 12 - Case StudyChapter 13 - Conclusions; Appendix A: PRAGMATIC Criteria; Appendix B: Business Model of Information Security (BMIS); Appendix C: Capability Maturity Model (CMM); Appendix D: Example Opinion Survey Form; Appendix E: SABSA Security Attributes Table; Appendix F: Prototype Metrics Catalog; Appendix G: Effect of Weighting the PRAGMATIC Criteria; Appendix H: ISO27k Maturity Scale Metrics; Appendix I: Sample Management Survey; Appendix J: Observer Bias; Appendix K: Observer Calibration; Appendix L: Bibliography; Back Cover |
Record Nr. | UNINA-9910800036803321 |
Brotby W. Krag | ||
Boca Raton : , : CRC Press, Taylor & Francis Group, , [2013] | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|
Pragmatic security metrics : applying metametrics to information security / / W. Krag Brotby and Gary Hinson ; preface by M.E. Kabay |
Autore | Brotby W. Krag |
Edizione | [1st edition] |
Pubbl/distr/stampa | Boca Raton : , : CRC Press, Taylor & Francis Group, , [2013] |
Descrizione fisica | 1 online resource (xviii, 485 pages) : illustrations |
Disciplina | 658.478 |
Collana | Gale eBooks |
Soggetto topico |
Business enterprises - Computer networks - Security measures
Computer security Data protection |
ISBN |
0-429-11156-8
1-4398-8153-7 |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Front Cover; Contents; Foreword; Preface; Acknowledgments; Office Memorandum; Chapter 1 - Introduction; Chapter 2 - Why Measure Information Security?; Chapter 3 - The Art and Science of Security Metrics; Chapter 4 - Audiences for Security Metrics; Chapter 5 - Finding Candidate Metrics; Chapter 6 - Metametrics and the PRAGMATIC Approach; Chapter 7 - 150+ Example Security Metrics; Chapter 8 - Designing PRAGMATIC Security Measurement System; Chapter 9 - Advanced Information Security Metrics; Chapter 10 - Downsides of Metrics; Chapter 11 - Using PRAGMATIC Metrics in Practice
Chapter 12 - Case StudyChapter 13 - Conclusions; Appendix A: PRAGMATIC Criteria; Appendix B: Business Model of Information Security (BMIS); Appendix C: Capability Maturity Model (CMM); Appendix D: Example Opinion Survey Form; Appendix E: SABSA Security Attributes Table; Appendix F: Prototype Metrics Catalog; Appendix G: Effect of Weighting the PRAGMATIC Criteria; Appendix H: ISO27k Maturity Scale Metrics; Appendix I: Sample Management Survey; Appendix J: Observer Bias; Appendix K: Observer Calibration; Appendix L: Bibliography; Back Cover |
Record Nr. | UNINA-9910818950103321 |
Brotby W. Krag | ||
Boca Raton : , : CRC Press, Taylor & Francis Group, , [2013] | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|