Information Protection Playbook (Risk Management Portfolio)

The primary goal of the details safeguard Playbook is to function a finished source for info safety (IP) execs who needs to offer sufficient details defense at a cheap expense. It emphasizes a holistic view of IP: person who protects the purposes, platforms, and networks that bring enterprise info from disasters of confidentiality, integrity, availability, belief and responsibility, and privacy.

Using the ideas supplied within the Information safeguard Playbook, safety and knowledge know-how (IT) managers will find out how to enforce the 5 services of an IP framework: governance, software making plans, probability administration, incident reaction administration, and software management. those capabilities are in keeping with a version promoted through the knowledge structures Audit and keep watch over organization (ISACA) and established by way of hundreds of thousands of qualified details safeguard Managers. The 5 features are additional damaged down right into a sequence of ambitions or milestones to be accomplished so that it will enforce an IP framework.

The large appendices incorporated on the finish of the e-book make for an outstanding source for the protection or IT supervisor construction an IP application from the floor up. They contain, for instance, a board of administrators presentation whole with pattern slides; an IP coverage record record; a danger prioritization approach matrix, which illustrates easy methods to classify a possibility in keeping with a scale of excessive, medium, and coffee; a facility administration self-assessment questionnaire; and a listing of consultant activity descriptions for roles in IP.

The Information security Playbook is part of Elsevier’s defense govt Council hazard administration Portfolio, a suite of genuine international options and "how-to" directions that equip executives, practitioners, and educators with confirmed info for profitable protection and possibility administration programs.

  • Emphasizes details security guidance which are pushed by way of company targets, legislation, laws, and standards
  • Draws from profitable practices in international corporations, benchmarking, suggestion from numerous subject-matter specialists, and suggestions from the organisations concerned with the protection govt Council
  • Includes eleven appendices filled with the pattern checklists, matrices, and varieties which are mentioned within the book

Show description

Quick preview of Information Protection Playbook (Risk Management Portfolio) PDF

Best Information Technology books

Reverse Deception: Organized Cyber Threat Counter-Exploitation

In-depth counterintelligence strategies to struggle cyber-espionage "A accomplished and unheard of evaluate of the subject by way of specialists within the box. "--Slashdot divulge, pursue, and prosecute the perpetrators of complex chronic threats (APTs) utilizing the demonstrated safeguard thoughts and real-world case stories featured during this extraordinary advisor.

Information Security: The Complete Reference, Second Edition

Increase and enforce an efficient end-to-end safeguard application Today’s advanced international of cellular systems, cloud computing, and ubiquitous information entry places new safety calls for on each IT specialist. details safeguard: the full Reference, moment variation (previously titled community defense: the full Reference) is the single finished publication that provides vendor-neutral info on all points of knowledge security, with an eye fixed towards the evolving probability panorama.

CCNA Cisco Certified Network Associate Routing and Switching Study Guide (Exams 200-120, ICND1, & ICND2), with Boson NetSim Limited Edition (Certification Press)

The simplest absolutely built-in research approach to be had With countless numbers of perform questions and hands-on routines, CCNA Cisco qualified community affiliate Routing and Switching learn advisor with Boson NetSim restricted variation covers what you want to know-- and exhibits you ways to prepare--for those hard tests.

CompTIA Network+ All-In-One Exam Guide, Sixth Edition (Exam N10-006)

From Mike Meyers, the number one identify in CompTIA education and examination instruction, a radical revision of his bestselling examination guide―updated to hide the 2015 free up of the CompTIA community+ examination. Get whole insurance of all of the CompTIA community+ examination targets inside of this entire source. Written by means of the major professional on CompTIA certification and coaching, Mike Meyers, this authoritative consultant covers examination N10-006 in complete aspect.

Extra resources for Information Protection Playbook (Risk Management Portfolio)

Show sample text content

Http://www. isaca. org/Knowledge-Center/Research/Documents/ InfoSecGuidanceDirectorsExecMgt. pdf. • IT Governance Institute, info defense Governance: tips for info defense Managers, 2008. http://www. isaca. org/ Knowledge-Center/Research/ResearchDeliverables/Pages/ Information-Security-Governance-Guidance-for-InformationSecurity-Managers. aspx. bankruptcy 2 details security functionality : software making plans This functionality designs, develops, and buildings an IP application to enforce an IP governance version as constructed from the method urged in details safeguard functionality One: Governance. The goals and key parts of the IP application making plans functionality are indexed within the following desk. each one key aspect should be for this reason mentioned in larger element. The baselines key point and the major part of criteria, strategies, and directions might be grouped into one part under; equally, the responsibility and assets components can also be mentioned in a single part. aim Key aspect 1. Create and continue plans to enforce the IP governance framework. Plans 2. advance IP baselines. Baselines three. advance methods and instructions to make sure company procedures tackle IP possibility. criteria, methods, and guidance four. enhance criteria, methods, and instructions for IP infrastructure actions to make sure compliance with IP regulations. criteria, strategies, and directions five. combine IP application requisites into the organization’s existence cycle actions. criteria, methods, and directions 6. advance equipment of assembly IP coverage necessities that realize impression on end-users. criteria, strategies, and instructions 7. advertise responsibility by way of enterprise approach proprietors and different stakeholders in handling IP defense hazards. responsibility eight. identify metrics to control the IP governance framework. Metrics nine. make sure that inner and exterior assets for IP are pointed out, appropriated, and controlled. assets BASELINES, criteria, tactics, AND guidance incorporated during this sector are the baseline IP prone, that are imbedded in the company tactics to deal with possibility. the subsequent baseline providers are to be supplied via the IP team and different key companies services: 14 • • • • • • • • • info defense Playbook rules, criteria, instructions, and systems IP possibility tests for technologies/architecture and functions catastrophe restoration making plans (DRP) safeguard information, schooling, and coaching safeguard structure improvement and administration (e. g. , virus, firewall, intrusion detection method, and so forth. ) Vulnerability overview safety and entry management company incident reaction (see info defense functionality 4: Incident reaction administration part) Self-assessment list (see Appendix G) responsibility AND assets responsibility is addressed through the jobs and obligations matrix in Appendix D. In precis: • the worldwide protection guidance committee will set total course and objectives and approve info protection regulations and tasks.

Download PDF sample

Rated 4.65 of 5 – based on 41 votes