Information and communication systems can be exposed to intrusion and risks, within the overall architecture and design of these systems. These areas of risks can span the entire gamut of information systems including databases, networks, applications, internet-based communication, web services, mobile technologies and people issues associated with all of them. It is vital for businesses to be fully aware of security risks associated with their systems as well as the regulatory body pressures; and develop and implement an effective strategy to handle those risks.
This book covers all of the aforementioned issues in depth. It covers all significant aspects of security, as it deals with ICT, and provides practicing ICT security professionals explanations to various aspects of information systems, their corresponding security risks and how to embark on strategic approaches to reduce and, preferably, eliminate those risks. Written by an experienced industry professional working in the domain, with extensive experience in teaching at various levels as well as research, this book is truly a treatise on the subject of Information Security.
Covers SOX and SAS 70 aspects for Asset Management in the context of Information Systems Security.
IT Risk Analysis covered.
Detailed explanation of topics Privacy and Biometric Controls.
Review questions and reference material pointers after each chapter.
About The Author:Nina Godbole has vast experience in the IT industry - System Analysis & Design and Development, as well as Application Support Services, MIS, IT Perspective Planning Training, Security Audits, Quality Management, Operations Management. Nina has also led BPR initiatives and has played an instrumental role in successfully driven organizational initiatives - the ISO 9001, P-CMM and CMM-I. She is an active member of many professional bodies and academic research groups.
Nina holds a Masters Degree from IIT and MS Engineering (Computer Science) degree from Newport University, USA. She is a CQA, CSTE, CISA, PMP and ITIL Foundation Certified professional.
Table Of Contents:· Information Systems in Global Context
· Threats to Information Systems
· Security Considerations in Mobile and Wireless Computing
· Information Security Management in Organizations
· Building Blocks of Information Security
· Information Security Risk Analysis
· Overview of Physical Security for Information Systems
· Perimeter Security for Physical Protection
· Biometrics Controls for Security
· Biometrics-based Security: Issues and Challenges
· Network Security in Perspective
· Networking and Digital Communication Fundamentals
· Cryptography and Encryption
· Intrusion Detection for Securing the Networks
· Firewalls for Network Protection
· Virtual Private Networks for Security
· Security of Wireless Networks
· Business Applications Security: An EAI Perspective
· Security of Electronic Mail Systems
· Security of Databases
· Security of Operating Systems
· Security Models, Frameworks, Standards and Methodologies
· ISO 17799/ISO 27001
· Systems Security Engineering Capability Maturity Model - The SSE-CMM
· COBIT, COSO-ERM and SAS 70
· Information Security: Other Models and Methodologies
· Laws and Legal Framework for Information Security
· Security Metrics
· Privacy - Fundamental Concepts and Principles
· Privacy - Business Challenges
· Privacy - Technological Impacts
· Web Services and Privacy
· Staffing the Security Function
· Business Continuity and Disaster Recovery Planning
· Auditing for Security
· Privacy Best Practices in Organizations
· Asset Management
· Ethical Issues and Intellectual Property Concerns for InfoSec Professionals
Special Features:· Undergraduate and graduate level students of different universities and examination syllabus for international certifications in security domain
· Teachers of security topics