Information Security Governance: A Practical Development and Implementation Approach Hardcover – Apr 13 2009
Customers Who Bought This Item Also Bought
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.
To get the free app, enter your mobile phone number.
From the Inside Flap
Wiley Series in Systems Engineering and Management Andrew P. Sage, Series Editor
Information security governance
A Practical Development and Implementation Approach
Krag Brotby, cism
From the Back Cover
The Growing Imperative Need for Effective Information Security Governance
With monotonous regularity, headlines announce ever more spectacular failures of information security and mounting losses. The succession of corporate debacles and dramatic control failures in recent years underscores the necessity for information security to be tightly integrated into the fabric of every organization. The protection of an organization's most valuable asset information can no longer be relegated to low-level technical personnel, but must be considered an essential element of corporate governance that is critical to organizational success and survival.
Written by an industry expert, Information Security Governance is the first book-length treatment of this important topic, providing readers with a step-by-step approach to developing and managing an effective information security program. Beginning with a general overview of governance, the book covers:
The business case for information security
Defining roles and responsibilities
Developing strategic metrics
Determining information security outcomes
Setting security governance objectives
Establishing risk management objectives
Developing a cost-effective security strategy
A sample strategy development
The steps for implementing an effective strategy
Developing meaningful security program development metrics
Designing relevant information security management metrics
Defining incident management and response metrics
Complemented with action plans and sample policies that demonstrate to readers how to put these ideas into practice, Information Security Governance is indispensable reading for any professional who is involved in information security and assurance.
Most Helpful Customer Reviews on Amazon.com (beta)
This is an advanced management topic of direct concern to senior information security, risk management and related assurance professionals. Although unfortunately only CISOs or CIOs may be prepared to set aside the time needed to really study a book of this depth, it is equally valuable for all C-suite executive managers and board members with a genuine interest in aligning information security with other business objectives.
As with Krag's complementary book on security metrics (Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement), the depth of coverage is a little inconsistent with a couple of the chapters, including the conclusion, being surprisingly short. Chapter three on legal and regulatory requirements, for instance, is just over three pages long although compliance is undoubtedly an important governance issue and, unfortunately, a major strategic driver in this field. To be fair, most of the laws, regulations and standards are self-explanatory and there are hundreds, maybe thousands of them across the globe so there would be little point in going through them in detail here.
Information Security Governance confidently covers challenging material on a subject that many find hard to even describe, let alone understand. The effort needed to read and learn from this book pays off through a better appreciation of both the theoretical background and the practical steps needed to design, develop, implement and manage - or govern - information security at the strategic level.
Look for similar items by category
- Books > Business & Investing > Management & Leadership > Leadership
- Books > Computers & Technology > Certification Central > Exams > Security+
- Books > Computers & Technology > History & Culture > Manager's Guides to Computing
- Books > Computers & Technology > Networking & Cloud Computing > Network Security
- Books > Professional & Technical > Business Management > Management & Leadership > Leadership
- Books > Professional & Technical > Engineering > Telecommunications
- Books > Science & Math
- Books > Textbooks > Business & Finance
- Books > Textbooks > Computer Science & Information Systems