The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
EAN: 2147483647
Year: 2002
Pages: 204
Pages: 204
Authors: Gerald L. Kovacich CFE CPP CISSP
- Table of Contents
- BackCover
- The Information Systems Security Officer s Guide - Establishing and Managing an Information Protection Program, Second Edition
- Preface
- Introduction
- Ed Halibozek
- Andy Jones
- Steve Lutz
- Section I: The Working Environment of an ISSO
- Chapter 1: Understanding the Information World Environment
- Introduction
- Revolutions and Evolutions in High Technology
- Global Information Infrastructure (GII)
- National Information Infrastructure (NII)
- How did We Get From Adam to the Internet?
- Changing Criminal Justice Systems
- The Human Factor
- Questions to Consider
- Summary
- Chapter 2: Understanding the Business and Management Environment
- The Changing Business and Government Environments
- Understanding the Business Environment
- Management Responsibilities and Communicating with Management
- Creating a Competitive Advantage Through InfoSec
- The ISSO as a Business Manager
- Service, Support, and a Business Orientation
- Business Managers and InfoSec
- Questions to Consider
- Summary
- Chapter 3: Understanding Today s Threats to Information Assets
- Introduction
- ISSO Must Understand Threat Agents Motive-Rationalization-Opportunity
- Questions to Consider
- Summary
- Chapter 4: The International Widget Corporation (IWC)
- Introduction
- IWC Background Information
- Key Elements for the ISSO to Consider
- Getting to Know IWC
- IWC s Business Plans
- IWC and the History of its ISSO
- CIAPP Planning
- IWC s Departments of Primary Importance to the ISSO
- IWC Vision, Mission, and Quality Statements
- Questions to Consider
- Summary
- Section II: The Duties and Responsibilities of an ISSO
- Chapter 5: The ISSO s Position, Duties, and Responsibilities
- Introduction
- The ISSO in the International Widget Corporation (IWC)
- IWC ISSO Duties and Responsibilities
- Goals and Objectives
- Leadership Position
- Providing CIAPP Service and Support
- Use Team Concepts
- Vision, Mission, and Quality Statements
- Information Systems Protection Principles
- Project and Risk Management Processes
- ISSO and CIAPP Organizational Responsibilities
- Questions to Consider
- Summary
- Chapter 6: The Infosec Strategic, Tactical, and Annual Plans
- Introduction
- IWC s Infosec Strategic Plan
- IWC s Infosec Tactical Plan
- IWC s Infosec Annual Plan
- Mapping ISSSP, ITP, and IAP to Projects using a Matrix
- Questions to Consider
- Summary
- Chapter 7: Establishing a CIAPP and Infosec Organization
- Introduction
- Corporate Information Assets Protection Program (CIAPP)
- ISSO thought Process in Establishing the Infosec Organization
- Questions to Consider
- Summary
- Chapter 8: Determining and Establishing InfoSec Functions
- Introduction
- Processes
- Valuing Information
- IWC InfoSec Functions Process Development
- IWC ISSO s InfoSec Functions
- Access Control and Access Control Systems
- Evaluation of all Hardware, Firmware, and Software
- Risk Management Program
- Security Tests and Evaluations Program
- Noncompliance Inquiries
- Contingency and Emergency Planning and Disaster Recovery Program (CEP-DR)
- Questions to Consider
- Summary
- Chapter 9: Establishing a Metrics Management System
- Introduction
- Metrics 1: Infosec LOE Drivers - Number of Users
- Examples of Other Metrics Charts
- Project Management
- Questions to Consider
- Summary
- Chapter 10: Annual Reevaluation and Future Plans
- Introduction
- One-Year Review
- Infosec Strategic, Tactical, and Annual Plans
- Linking Infosec Accomplishments to IWC Goals
- Metrics Analysis
- Planning for Next Year
- Questions to Consider
- Summary
- Chapter 11: High-Technology Crimes Investigative Support
- Introduction
- Duties and Responsibilities of an ISSO in Deterring High-Technology Crimes
- Assisting with Computer Forensics Support
- Dealing with Law Enforcement
- Questions to Consider
- Summary
- Chapter 12: InfoSec in the Interest of National Security
- Introduction
- National Security Classified Information
- Responsibilities
- Collective Infosec Controls
- Government Customer Approval Process
- AIS Modes of Operation
- The Appointment of the Defense Industry-Related Corporation s Focal Point for Infosec
- Documenting and Gaining Government Customer Approval for Processing, Storing, and Transmitting National Security Information
- Questions to Consider
- Summary
- Section III: The Global, Professional, and Personal Challenges of an ISSO
- Chapter 13: The Related World of Information Warfare, Information Operations, and Information Assurance
- Introduction
- Introduction to Global Information Warfare
- IW Terms of Reference
- Information Warfare is a Powerful Approach for Attaining and Maintaining a Competitive Advantage
- Questions to Consider
- Summary
- Chapter 14: The ISSO and Ethical Conduct
- Introduction
- Codes of Ethics
- Corporate Ethics, Standards of Conduct, Business Practices, and Corporate Values
- Impact of Ethics on the Corporate Information Assets Protection Program (CIAPP)
- Questions to Consider
- Summary
- Chapter 15: ISSO Career Development
- Introduction
- The ISSO s Career Development Program
- Establishing and Managing an Infosec Career Development Program
- Education
- Conferences and Training
- Networking
- The Internet
- Using Trade Journals and Magazines for Training
- Experience
- Certifications
- Associations
- ISSO Professionals - What You Can do to Help Others
- Questions to Consider
- Summary
- Chapter 16: How to Market Yourself as an ISSO
- Introduction
- Interviewing for the ISSO Position
- Sample ISSO Portfolio Outline
- Questions to Consider
- Summary
- Chapter 17: So, Are You Ready to Become an InfoSec Consultant?
- Introduction
- Ya Gotta Have a Plan
- Getting Started
- Questions to Consider
- Summary
- Chapter 18: 21st-century Challenges for the ISSO
- Introduction
- Nation-States - Will They Last?
- Societies
- The Future of High Technology
- Global Competition
- The Future Role of ISSO Professionals
- Managing a CIAPP and Corporate Infosec Organization in the Future
- Other Considerations
- Questions to Consider
- Summary
- Index
- Index_B
- Index_C
- Index_D
- Index_E
- Index_F
- Index_G
- Index_H
- Index_I
- Index_J
- Index_K
- Index_L
- Index_M
- Index_N
- Index_O
- Index_P
- Index_Q
- Index_R
- Index_S
- Index_T
- Index_U
- Index_V
- Index_W
- Index_Y
- List of Figures
- List of Case Studies
- List of Sidebars
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
EAN: 2147483647
Year: 2002
Pages: 204
Pages: 204
Authors: Gerald L. Kovacich CFE CPP CISSP