International IT Governance

Author: Alan Calder
Publisher: Kogan Page Publishers
ISBN: 9780749447489
Format: PDF
Download Now
The development of IT Governance, which recognizes the convergence between business and IT management, makes it essential for managers at all levels and in organizations of all sizes to understand how best to deal with information security risks. International IT Governance explores new legislation, including the launch of ISO/IEC 27001, which makes a single, global standard of information security best practice available.

Information Security Risk Management for ISO27001 ISO27002

Author: Alan Calder
Publisher: IT Governance Ltd
ISBN: 1849280444
Format: PDF, ePub, Docs
Download Now
Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software.

Governance Risk and Compliance Handbook

Author: Anthony Tarantino
Publisher: John Wiley & Sons
ISBN: 9780470245552
Format: PDF, Docs
Download Now
Providing a comprehensive framework for a sustainable governance model, and how to leverage it in competing global markets, Governance, Risk, and Compliance Handbook presents a readable overview to the political, regulatory, technical, process, and people considerations in complying with an ever more demanding regulatory environment and achievement of good corporate governance. Offering an international overview, this book features contributions from sixty-four industry experts from fifteen countries.

IT Governance

Author: Alan Calder
Publisher: Kogan Page Publishers
ISBN: 0749474068
Format: PDF, ePub, Mobi
Download Now
Faced with constant and fast-evolving threats to information security and with a growing exposure to cyber risk, managers at all levels and in organizations of all sizes need a robust IT governance system. Now in its sixth edition, the bestselling IT Governance provides best-practice guidance for companies looking to protect and enhance their information security management systems and protect themselves against cyber threats. IT Governance has been fully updated to take account of current cyber security and advanced persistent threats and reflects the latest regulatory and technical developments, including the 2013 updates to ISO27001/ISO27002. Changes for this edition include: Full updates throughout in line with the revised ISO27001 standard and accompanying ISO27002 code of practice for information security controls Full coverage of changes to data-related regulations in different jurisdictions and advice on compliance Guidance on the options for continual improvement models and control frameworks made possible by the new standard New developments in cyber risk and mitigation practices The latest technological developments that affect IT governance and security Guidance on the new information security risk assessment process and treatment requirements Including coverage of key international markets including the UK, North America, the EU and Asia Pacific, IT Governance is the definitive guide to implementing an effective information security management and governance system.

Application security in the ISO27001 2013 Environment

Author: Vinod Vasudevan
Publisher: IT Governance Ltd
ISBN: 1849287686
Format: PDF, Mobi
Download Now
Application Security in the ISO 27001:2013 Environment explains how organisations can implement and maintain effective security practices to protect their web applications – and the servers on which they reside – as part of a wider information security management system by following the guidance set out in the international standard for information security management, ISO 27001. The book describes the methods used by criminal hackers to attack organisations via their web applications and provides a detailed explanation of how you can combat such attacks by employing the guidance and controls set out in ISO 27001. Product overviewSecond edition, updated to reflect ISO 27001:2013 as well as best practices relating to cryptography, including the PCI SSC’s denigration of SSL in favour of TLS.Provides a full introduction to ISO 27001 and information security management systems, including implementation guidance.Describes risk assessment, management and treatment approaches.Examines common types of web app security attack, including injection attacks, cross-site scripting, and attacks on authentication and session management, explaining how each can compromise ISO 27001 control objectives and showing how to test for each attack type.Discusses the ISO 27001 controls relevant to application security.Lists useful web app security metrics and their relevance to ISO 27001 controls.Provides a four-step approach to threat profiling, and describes application security review and testing approaches.Sets out guidelines and the ISO 27001 controls relevant to them, covering:input validationauthenticationauthorisationsensitive data handling and the use of TLS rather than SSLsession managementerror handling and loggingDescribes the importance of security as part of the web app development process

ISO27001 ISO27002

Author: Alan Calder
Publisher: IT Governance Ltd
ISBN: 1905356706
Format: PDF, Docs
Download Now
Management systems and procedural controls are essential components of any really secure information system and, to be effective, need careful planning and attention to detail. This book provides the specification for an information security management system.

IT Governance Implementing Frameworks and Standards for the Corporate Governance of IT

Author: Alan Calder
Publisher: IT Governance Ltd
ISBN: 1905356919
Format: PDF, Docs
Download Now
This new book sets out for managers, executives and IT professionals the practical steps necessary to meet today's corporate and IT governance requirements. It provides practical guidance on how board executives and IT professionals can navigate, integrate and deploy to best corporate and commercial advantage the most widely used frameworks and standards.

Hacking For Dummies

Author: Kevin Beaver
Publisher: John Wiley & Sons
ISBN: 9780470113073
Format: PDF
Download Now
Are you worried about external hackers and rogue insiders breaking into your systems? Whether it’s social engineering, network infrastructure attacks, or application hacking, security breaches in your systems can devastate your business or personal life. In order to counter these cyber bad guys, you must become a hacker yourself—an ethical hacker. Hacking for Dummies shows you just how vulnerable your systems are to attackers. It shows you how to find your weak spots and perform penetration and other security tests. With the information found in this handy, straightforward book, you will be able to develop a plan to keep your information safe and sound. You’ll discover how to: Work ethically, respect privacy, and save your system from crashing Develop a hacking plan Treat social engineers and preserve their honesty Counter war dialing and scan infrastructures Understand the vulnerabilities of Windows, Linux, and Novell NetWare Prevent breaches in messaging systems, web applications, and databases Report your results and managing security changes Avoid deadly mistakes Get management involved with defending your systems As we enter into the digital era, protecting your systems and your company has never been more important. Don’t let skepticism delay your decisions and put your security at risk. With Hacking For Dummies, you can strengthen your defenses and prevent attacks from every angle!

Risk Assessment for Asset Owners

Author: Alan Calder
Publisher: IT Governance Ltd
ISBN: 1905356293
Format: PDF
Download Now
This book is apocket guide to the ISO27001 risk assessment, and designed to assist asset owners and others who are working within an ISO27001/ISO17799 framework to deliver a qualitative risk assessment. It conforms with the guidance provided in BS7799-3:2006 and NIST SP 800-30.

ISO IEC 38500

Author: Alan Calder
Publisher: IT Governance Ltd
ISBN: 9781905356577
Format: PDF, Mobi
Download Now
In corporate governance environment, where the value and importance of intellectual assets are significant, boards must be seen to extend the core governance principles - setting strategic aims, and overseeing and monitoring the performance of executive management - to the organisation's intellectual capital, information and IT.