Create appropriate, security-focused business propositions that consider the balance between cost, risk, and usability, while starting your journey to become an information security manager. Covering a wealth of information that explains exactly how the industry works today, this book focuses on how you can set up an effective information security practice, hire the right people, and strike the best balance between security controls, costs, and risks.
Practical Information Security Management provides a wealth of practical advice for anyone responsible for information security management in the workplace, focusing on the 'how' rather than the 'what'. Together we'll cut through the policies, regulations, and standards to expose the real inner workings of what makes a security management program effective, covering the full gamut of subject matter pertaining to security management: organizational structures, security architectures, technical controls, governanceframeworks, and operational security.
This book was not written to help you pass your CISSP, CISM, or CISMP or become a PCI-DSS auditor. It won't help you build an ISO 27001 or COBIT-compliant security management system, and it won't help you become an ethical hacker or digital forensics investigator - there are many excellent books on the market that cover these subjects in detail. Instead, this is a practical book that offers years of real-world experience in helping you focus on the getting the job done.
What You Will Learn
Learn the practical aspects of being an effective information security manager
Strike the right balance between cost and risk
Take security policies and standards and make them work in reality
Leverage complex security functions, such as Digital Forensics, Incident Response and Security Architecture
Who This Book Is For
Practical Information Security Management provides a wealth of practical advice for anyone responsible for information security management in the workplace, focusing on the 'how' rather than the 'what'. Together we'll cut through the policies, regulations, and standards to expose the real inner workings of what makes a security management program effective, covering the full gamut of subject matter pertaining to security management: organizational structures, security architectures, technical controls, governanceframeworks, and operational security.
This book was not written to help you pass your CISSP, CISM, or CISMP or become a PCI-DSS auditor. It won't help you build an ISO 27001 or COBIT-compliant security management system, and it won't help you become an ethical hacker or digital forensics investigator - there are many excellent books on the market that cover these subjects in detail. Instead, this is a practical book that offers years of real-world experience in helping you focus on the getting the job done.
What You Will Learn
Learn the practical aspects of being an effective information security manager
Strike the right balance between cost and risk
Take security policies and standards and make them work in reality
Leverage complex security functions, such as Digital Forensics, Incident Response and Security Architecture
Who This Book Is For
"The security professional author provides in about 235 pages a clear and concise textbook-style introduction to the field of information security management. ... students and other professionals will find basic information, in one location, in an easily read format. ... This work provides an excellent starting point for anyone wanting a rapid comprehensive overview of information security management." (Computing Reviews, June, 2017)