Information Assurance for the Enterprise: A Roadmap to Information Security

Overview

Main description

Going beyond the technical coverage of computer and systems security measures, Information Assurance for the Enterprise provides readers an overarching model for information assurance for businesses, government agencies, and other enterprises needing to establish a comprehensive plan. All the components of security and how they relate are featured, and readers will also be shown how an effective security policy can be developed. Topics like asset identification, human factors, compliance with regulations, personnel security, risk assessment and ethical considerations are covered, as well as computer and network security tools and methods. This is one of the only texts on the market that provides an up-to-date look at the whole range of security and IA topics. In post-9/11 times, managers and IT professionals need to address a wide range of security-related issues, and develop security systems that take all these diverse factors into account. As someone who has worked extensively with the U.S. State Department and other governmental agencies, Corey Schou is uniquely positioned to write the definitive book on the subject; and Daniel Shoemaker is a professor and consultant to the Department of Homeland Security in matters of Information Assurance policy.

Table of contents

Part I The Organizational/Policy Domain1 Organizational Security Policy and Planning2 Defined and Documented Infrastructure3 Education and Awareness4 Asset Management5 Business Continuity6 Legal and Regulatory Compliance Part II The Managerial/Administrative Domain7 Building Security Functions Into Development8 Personnel Security 9 Physical SecurityPart III The Operational/Technical Domain10 Access Control11 Operations Security12 Network Security13 Application and System Software Security14 Operational Risk Assessment and AuditPart IV The Community/Contextual Domain15 Ethics 16 A Standard Implementation Model Glossary Index