Index_I

Illuminati, 66

IMICI.com, 30

Industrial Age, 13

Information

assurance, 274

business, 170, 171, 173

categories of, 170

classified, 253–256

definitions of, 6

operations, 276–277

private, 170–171, 173

sensitive, 173

threats and, access to, 67

valuing, 168–174

Information Age, 13

Information environment (IE)

components of, 270

defined, 274

extended, 272, 273

growth of, 3–4

impact of technology on, 9–10

importance of, 4–6, 267

reasons for understanding, 6–9

Information Systems Audits and Controls Association (ISACA), 311

Information Systems Security Association (ISSA)

career development and, 297, 305, 311

Code of Ethics, 289–290

Information systems security officers (ISSOs)

as business managers, 40–45

evolution of position, 97–100

future for, 350

as a leader, 103

national security and, 259

objectives/goals of, 103

other names for, 99

questions company managers should ask, 43–44

reasons for understanding information environment, 6–9

responsibilities of, 33–39, 100–103, 108–111, 242–244

service and support provided by, 104–105

Information warfare (IW)

competitive advantage and, 278–281

defensive, 276

defined, 265, 267–269, 274–278

development of global, 267–272

future and, 347

importance of understanding, 266

offensive, 276

purpose of, 275

terminology, 272–278

InfoSec

See also Corporate Information Assets Protection Program (CIAPP); Metrics management, InfoSec

annual plan, 85–86, 120–123

business managers and, 40–45

drivers, 132

job descriptions, 152–160

national security and, 254–256

purpose of, 32–33

recruiting professionals, 160–163

strategic plan, 83–84, 114–115, 117–118

tactical plan, 84–85, 118–120

InfoSec functions

drivers for, 165–166

identifying, 174–175

options 166

processes, 166–168

valuing information, 168–174

InfoSec functions, types of

access control, 177–180

awareness briefings, 175–176

awareness material, 177

awareness program, 175

contingency and emergency planning and disaster recovery program, 187–191

evaluation of hardware, firmware, and software, 180–183

noncompliance inquiries, 186–187

risk management, 183–185

security tests, 185–186, 211–214

Inhibitors

man-made threat agents and, 56–57

man-made threats and, 54

threat factors, 68–69

International, being a consultant and, 335–336

International Widget Corp. example

background information, 78–80

business environment, 78–80

business plan, annual, 85–86, 120–123

business plan, strategic, 83–84, 114–115, 117–118

business plan, tactical, 84–85, 118–120

history of ISSO at, 86–88

importance of being familiar with, 81–82

key elements to consider, 80–81

mission statements, 92, 107

planning for CIAPP, 88

quality statements, 92, 107

relationship between ISSO and departments in, 89–91

vision statements, 91–92, 105–106

Internet

career development and use of, 307–308

development of, 14–15, 29

future and, 345–346

historical conditions leading to the development of, 12–13

how it works, 16–17

impact of, 17–21

Internet service providers (ISPs), 17

need for standards, 28–32

Interviewing for a job, 318–321