by ToddFitzgerald (Author)
Security practitioners must be able to build cost-effective security programs while also complying with government regulations. Information Security Governance Simplified: From the Boardroom to the Keyboard lays out these regulations in simple terms and explains how to use control frameworks to build an air-tight information security (IS) program and governance structure.
Defining the leadership skills required by IS officers, the book examines the pros and cons of different reporting structures and highlights the various control frameworks available. It details the functions of the security department and considers the control areas, including physical, network, application, business continuity/disaster recover, and identity management.
Todd Fitzgerald explains how to establish a solid foundation for building your security program and shares time-tested insights about what works and what doesn't when building an IS program. Highlighting security considerations for managerial, technical, and operational controls, it provides helpful tips for selling your program to management. It also includes tools to help you create a workable IS charter and your own IS policies. Based on proven experience rather than theory, the book gives you the tools and real-world insight needed to secure your information while ensuring compliance with government regulations.
Format: Hardcover
Pages: 431
Edition: 1
Publisher: CRC Press
Published: 14 Dec 2011
ISBN 10: 1439811636
ISBN 13: 9781439811634
Todd Fitzgerald's new book, Information Security Governance Simplified: From the Boardroom to the Keyboard, presents 15 chapters of advice and real-world experience on how to handle the roll out of an effective program .... Todd has taken the time to include for the reader some practical security considerations for managerial, technical, and operational controls. This is followed up with a discussion on how legal issues are impacting the information security program.
-Tom Peltier, CISSP