Information Assurance for the Enterprise

Overview

Going beyond the technical coverage of computer and systems security measures, Information Assurance for the Enterprise provides readers an overarching model for information assurance for businesses, government agencies, and other enterprises needing to establish a comprehensive plan. All the components of security and how they relate are featured, and readers will also be shown how an effective security policy can be developed. Topics like asset identification, human factors, compliance with regulations, personnel security, risk assessment and ethical considerations are covered, as well as computer and network security tools and methods.

This is one of the only texts on the market that provides an up-to-date look at the whole range of security and IA topics. In post-9/11 times, managers and IT professionals need to address a wide range of security-related issues, and develop security systems that take all these diverse factors into account. As someone who has worked extensively with the U.S. State Department and other governmental agencies, Corey Schou is uniquely positioned to write the definitive book on the subject; and Daniel Shoemaker is a professor and consultant to the Department of Homeland Security in matters of Information Assurance policy.

Table of contents

Part I The Organizational/Policy Domain
1 Organizational Security Policy and Planning
2 Defined and Documented Infrastructure
3 Education and Awareness
4 Asset Management
5 Business Continuity
6 Legal and Regulatory Compliance
Part II The Managerial/Administrative Domain
7 Building Security Functions Into Development
8 Personnel Security
9 Physical Security
Part III The Operational/Technical Domain
10 Access Control
11 Operations Security
12 Network Security
13 Application and System Software Security
14 Operational Risk Assessment and Audit
Part IV The Community/Contextual Domain
15 Ethics
16 A Standard Implementation Model
Glossary
Index