Verfügbarkeit: Security policies and implementation issues

Security policies and implementation issues:

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	Johnson, Robert ca. 20./21. Jh (VerfasserIn), Easttom, Chuck 1968- (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Burlinton, MA Jones & Bartlett Learning 2022
Schriftenreihe:	ISSA : information systems & assurance series
Schlagworte:	Computersicherheit Sicherheitsprotokoll
Online-Zugang:	Inhaltsverzeichnis
ISBN:	1284199843 9781284199840

Internformat

MARC


LEADER	00000nam a2200000 c 4500
001	BV046986694
003	DE-604
005	20210223
007	t
008	201109s2022 \|\|\|\| 00\|\|\| eng d
020			\|a 1284199843 \|9 1-284-19984-3
020			\|a 9781284199840 \|9 978-1-284-19984-0
035			\|a (OCoLC)1240404512
035			\|a (DE-599)BVBBV046986694
040			\|a DE-604 \|b ger \|e rda
041	0		\|a eng
049			\|a DE-739
084			\|a ST 277 \|0 (DE-625)143643: \|2 rvk
100	1		\|a Johnson, Robert \|d ca. 20./21. Jh. \|e Verfasser \|0 (DE-588)1227970803 \|4 aut
245	1	0	\|a Security policies and implementation issues
264		1	\|a Burlinton, MA \|b Jones & Bartlett Learning \|c 2022
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
490	0		\|a ISSA : information systems & assurance series
650	0	7	\|a Computersicherheit \|0 (DE-588)4274324-2 \|2 gnd \|9 rswk-swf
650	0	7	\|a Sicherheitsprotokoll \|0 (DE-588)4709127-7 \|2 gnd \|9 rswk-swf
689	0	0	\|a Computersicherheit \|0 (DE-588)4274324-2 \|D s
689	0	1	\|a Sicherheitsprotokoll \|0 (DE-588)4709127-7 \|D s
689	0		\|5 DE-604
700	1		\|a Easttom, Chuck \|d 1968- \|e Verfasser \|0 (DE-588)1079935274 \|4 aut
856	4	2	\|m Digitalisierung UB Passau - ADAM Catalogue Enrichment \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032394649&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-032394649

Datensatz im Suchindex

_version_	1804181925332516864
adam_text	© obpcnh/Shutterstock Brief Contents Preface PART ONE xxi Acknowledgments xxv About the Authors xxvii The Need for IT Security Policy Frameworks 1 CHAPTER 1 Information Systems Security Policy Management 3 CHAPTER 2 Business Drivers for Information Security Policies 29 CHAPTER 3 Compliance Laws and Information Security Policy Requirements 53 CHAPTER 4 Business Challenges Within the Seven Domains of IT Responsibility 77 CHAPTER 5 Information Security Policy Implementation Issues PART TWO Types of Policies and Appropriate Frameworks 103 137 CHAPTER 6 IT Security Policy Frameworks 139 CHAPTER 7 How to Design, Organize, Implement, and Maintain IT Security Policies 169 CHAPTER 8 IT Security Policy Framework Approaches CHAPTER 9 User Domain Policies CHAPTER 10 IT Infrastructure Security Policies 199 225 251 iii IV Brief Contents CHAPTER 11 Data Classification and Handling Policies 283 and Risk Management Policies CHAPTER 12 Incident Response Team (IRT) Policies PART THREE 315 Implementing and Maintaining an IT Security Policy Framework 345 CHAPTER 13 IT Security Policy Implementations CHAPTER 14 IT Security Policy Enforcement CHAPTER 15 IT Policy Compliance and Compliance Technologies APPENDIX A Answer Key APPENDIX В Standard Acronyms 433 Glossary of Key Terms References Index BESCHAFFTAUS MITTELN DER 465 453 435 441 347 377 405 © obpcnh/Shutterstock Contents Preface PART ONE CHAPTER 1 xxi Acknowledgments xxv About the Authors xxvii The Need for IT Security Policy Frameworks 1 Information Systems Security Policy Management What Is Information Systems Security? 4 Information Systems Security Management Life Cycle Align, Plan, and Organize 7 Build, Acquire, and Implement 8 Deliver, Service, and Support 9 Monitor, Evaluate, and Assess 9 ISO/IEC 38500 10 What Is Information Assurance? 3 5 10 Confidentiality 11 Integrity 11 Authentication 12 Availability 13 Nonrepudiation 14 What Is Governance? 15 Why Is Governance !mportant? 16 What Are Information Systems Security Policies? How Policies and Standards Differ How Policies and Procedures Differ Creating Policies 17 19 19 20 Where Do Information Systems Security Policies Fit Within an Organization? 20 Why Information Systems Security Policies Are Important Policies That Support Operational Success 22 Challenges of Running a Business Without Policies Dangers of Not Implementing Policies 23 Dangers of Implementing the Wrong Policies 23 21 22 V VI Contents When Do You Need Information Systems Security Policies? 23 Business Process Reengineering (BPR) 24 Continuous Improvement 24 Making Changes in Response to Problems 25 Why Enforcing and Winning Acceptance for Policies Is Challenging CHAPTER SUMMARY 26 KEY CONCEPTS AND TERMS CHAPTER 1 ASSESSMENT ENDNOTES CHAPTER 2 27 27 28 Business Drivers for Information Security Policies Why Are Business Drivers Important? Maintaining Compliance 30 31 Compliance Requires Proper Security Controls 32 Security Controls Enforce Information Security Policies Preventive Security Controls 35 Detective Security Control 35 Corrective Security Control 36 Mitigating Security Controls 36 Mitigating Risk Exposure 33 36 Educate Employees and Drive Security Awareness Prevent Loss of Intellectual Property 38 Labeling Data and Data Classification 39 Protect Digital Assets 4Q Secure Privacy of Data 41 Full Disclosure and Data Encryption 42 Lower Risk Exposure 43 Minimizing Liability of the Organization 37 44 Separation Between Employer and Employee 45 Acceptable Use Policies 46 Confidentiality Agreement and Nondisclosure Agreement Business Liability Insurance Policies 47 Implementing Policies to Drive Operational Consistency 46 47 Forcing Repeatable Business Processes Across the Entire Organization Differences Between Mitigating and Compensating Controls 48 Policies Help Prevent Operational Deviation 49 CHAPTER SUMMARY 50 KEY CONCEPTS AND TERMS CHAPTER 2 ASSESSMENT ENDNOTES 52 29 50 50 47 25 Contents CHAPTER З Compliance Laws and Information Security Policy Requirements 53 U.S. Compliance Laws 55 What Are U.S. Compliance Laws? 56 Federal Information Security Management Act (FISMA) 57 Health Insurance Portability and Accountability Act (HIPAA) 58 HITECH 59 Gramm-Leach-Bliley Act (GLBA) 59 Sarbanes-Oxley (SOX) Act 61 Family Educational Rights and Privacy Act (FERPA) 62 Children s Internet Protection Act (CIPA) 63 Why Did U.S. Compliance Laws Come About? 63 Whom Do the Laws Protect? 64 Which Laws Require Proper Security Controls to Be Included in Policies? Which Laws Require Proper Security Controls for Handling Privacy Data? Aligning Security Policies and Controls with Regulations Industry Leading Practices and Self-Regulation Some Important Industry Standards 68 68 71 General Data Protection Regulation (GDPR) 71 European Telecommunications Standards Institute (ETSI) Asia-Pacific Economic Framework (APEC) 72 CHAPTER SUMMARY CHAPTER 3 ASSESSMENT ENDNOTES CHAPTER 4 72 72 KEY CONCEPTS AND TERMS 73 73 74 Business Challenges Within the Seven Domains of IT Responsibility 77 The Seven Domains of a Typical IT Infrastructure User Domain 81 Workstation Domain 84 LAN Domain 86 LAN-to-WAN Domain 87 WAN Domain 88 Remote Access Domain 89 System/Application Domain 91 65 66 Payment Card Industry Data Security Standard (PCI DSS) 68 Clarified Statement on Standards for Attestation Engagements No. 18 (SSAE18) Information Technology Infrastructure Library (ITIL) 70 International Laws 65 79 69 vii viii Contents Information Security Business Challenges and Security Policies That Mitigate Risk Within the Seven Domains 92 User Domain 92 Workstation Domain 93 LAN Domain 94 LAN-to-WAN Domain 95 WAN Domain 96 Remote Access Domain 97 System/Application Domain 98 Inventory 99 Perimeter 99 Device Management 99 CHAPTER SUMMARY 100 KEY CONCEPTS AND TERMS CHAPTER 4 ASSESSMENT ENDNOTES CHAPTER 5 100 101 102 Information Security Policy Implementation Issues Human Nature in the Workplace 104 Basic Elements of Motivation Pride 106 Self-Interest 106 Success 107 Personality Types of Employees Leadership, Values, and Ethics 105 Organizational Structures 112 108 110 Flat Organizations 116 Hierarchical Organizations 117 Advantages of a Hierarchical Model Disadvantages of a Hierarchical Model The Challenge of User Apathy 118 118 119 The Importance of Executive Management Support 12Ū Selling Information Security Policies to an Executive 120 Before, During, and After Policy Implementation 121 The Role of Human Resources Policies 122 Relationship Between HR and Security Policies Lack of Support 123 122 Policy Roles, Responsibilities, and Accountability Change Model 125 Responsibilities During Change 126 Step 1 : Create Urgency 127 Step 2: Create a Powerful Coalition Step 3: Create a Vision for Change 127 128 125 103 Contents Step 4: Communicate the Vision 128 Step 5: Remove Obstacles 129 Step 6: Create Short-Term Wins 129 Step 7: Build on the Change 129 Step 8: Anchor the Changes in Corporate Culture Roles and Accountabilities 129 129 When Policy Fulfillment Is Not Part of Job Descriptions Impact on Entrepreneurial Productivity and Efficiency 131 Tying Security Policy to Performance and Accountability CHAPTER SUMMARY ENDNOTES PART TWO CHAPTER 6 133 134 KEY CONCEPTS AND TERMS CHAPTER 5 ASSESSMENT 131 135 135 136 Types of Policies and Appropriate Frameworks IT Security Policy Frameworks What Is an IT Policy Framework? 139 140 What Is a Program Framework Policy or Charter? 143 Purpose and Mission 144 Scope 144 Responsibilities 144 Compliance 144 Industry-Standard Policy Frameworks 145 IS0/IEC 27002 (2015) 146 ISO/IEC 30105 148 ISO 27007 149 NIST Special Publication (SP) 800-53 149 What Is a Policy? 151 What Are Standards? 152 Issue-Specific or Control Standards 153 System-Specific or Baseline Standards 154 What Are Procedures? 154 Exceptions to Standards 156 What Are Guidelines? 156 Business Considerations for the Framework 157 Roles for Policy and Standards Development and Compliance Information Assurance Considerations Confidentiality 159 Integrity 160 Availability 160 159 158 137 ix x Contents Information Systems Security Considerations 161 Unauthorized Access to and Use of the System 161 Unauthorized Disclosure of the Information 161 Disruption of the System or Services 162 Modification of Information 162 Destruction of Information Resources 162 Best Practices for IT Security Policy Framework Creation Case Studies in Policy Framework Development 162 163 Private Sector Case Study 163 Private Sector Case Study Two 164 Public Sector Case Study 164 Private Sector Case Study Three 164 CHAPTER SUMMARY 166 KEY CONCEPTS AND TERMS CHAPTER 6 ASSESSMENT ENDNOTES CHAPTER 7 166 167 168 How to Design, Organize, Implement, and Maintain IT Security Policies 169 Policies and Standards Design Considerations 170 Operating Models 171 Principles for Policy and Standards Development 172 The Importance of Transparency with Regard to Customer Data Types of Controls for Policies and Standards 175 Security Control Types 175 Document Organization Considerations 174 176 Sample Templates 179 Sample Policy Template 179 Sample Standard Template 180 Sample Procedure Template 182 Sample Guideline Template 183 Considerations for Implementing Policies and Standards Building Consensus on Intent 184 Reviews and Approvals 184 Publishing Your Policy and Standards Library 185 Awareness and Training 187 Security Newsletter 188 Security Articles 189 What Is...? 189 Ask Us 189 Security Resources 190 Contacts 190 Policy Change Control Board 190 Business Drivers for Policy and Standards Changes 191 184 Contents Maintaining Your Policy and Standards Library Updates and Revisions 192 192 Best Practices for Policies and Standards Maintenance 193 Case Studies and Examples of Designing, Organizing, Implementing, and Maintaining IT Security Policies Private Sector Case Study 1 Private Sector Case Study 2 Public Sector Case Study CHAPTER SUMMARY 195 KEY CONCEPTS AND TERMS 195 CHAPTER 7 ASSESSMENT ENDNOTES CHAPTER 8 193 194 194 194 196 197 IT Security Policy Framework Approaches IT Security Policy Framework Approaches 199 20Q Risk Management and Compliance Approach 204 The Physical Domains of IT Responsibility Approach 206 Roles, Responsibilities, and Accountability for Personnel The Seven Domains of a Typical IT Infrastructure Organizational Structure 207 Organizational Culture 210 Separation of Duties 211 Layered Security Approach 211 Domain of Responsibility and Accountability First Line of Defense 212 Second Line of Defense 212 Third Line of Defense 213 Governance and Compliance IT Security Controls 214 IT Security Policy Framework 211 213 215 Best Practices for IT Security Policy Framework Approaches What Is the Difference Between GRC and ERM? 217 Case Studies and Examples of IT Security Policy Framework Approaches 218 Private Sector Case Study 218 Public Sector Case Study 219 E-Commerce Case Study 221 Critical Infrastructure Case Study CHAPTER SUMMARY CHAPTER 8 ASSESSMENT 224 222 222 KEY CONCEPTS AND TERMS ENDNOTES 206 207 223 223 216 xii Contents CHAPTER 9 User Domain Policies 225 The Weakest Link in the Information Security Chain Social Engineering Phishing 227 Human Mistakes Insiders 229 226 227 228 Seven Types of Users 231 Employees 234 Systems Administrators 235 Security Personnel 238 Contractors 238 Vendors 239 Guests and General Public 239 Control Partners 242 Contingent 243 System 243 Why Govern Users with Policies? Acceptable Use Policy (AUP) 243 244 The Privileged-Level Access Agreement (PAA) Security Awareness Policy (SAP) 244 245 Best Practices for User Domain Policies 246 Understanding Least Access Privileges and Best Fit Access Privileges Case Studies and Examples of User Domain Policies Government Laptop Compromised The NASA Raspberry Pi 248 Defense Data Stolen 248 CHAPTER SUMMARY 248 249 KEY CONCEPTS AND TERMS CHAPTER 9 ASSESSMENT CHAPTER 10 249 249 IT Infrastructure Security Policies Anatomy of an Infrastructure Policy Format of a Standard 252 255 Workstation Domain Policies 256 Control Standards 256 Baseline Standards 257 Procedures 259 Guidelines 259 Mobile Device Domain Policies LAN Domain Policies Control Standards 261 261 260 251 247 247 Contents Baseline Standards Procedures 265 Guidelines 265 263 LAN-to-WAN Domain Policies Control Standards Baseline Standards Procedures 267 Guidelines 267 WAN Domain Policies Control Standards Baseline Standards Procedures 269 Guidelines 269 266 266 267 268 268 269 Remote Access Domain Policies Control Standards Baseline Standards Procedures 271 Guidelines 271 270 270 270 System/Application Domain Policies Control Standards Baseline Standards Procedures 272 Guidelines 274 271 272 Telecommunications Policies Control Standards Baseline Standards Procedures 275 Guidelines 275 271 274 274 2^5 Best Practices for ІТ Infrastructure Security Policies Cloud Security Policies 275 276 Case Studies and Examples of IT Infrastructure Security Policies 278 State Government Case Study 279 Public Sector Case Study 279 Critical Infrastructure Case Study 280 CHAPTER SUMMARY 281 KEY CONCEPTS AND TERMS CHAPTER 10 ASSESSMENT CHAPTER 11 281 282 Data Classification and Handling Policies and Risk Management Policies 283 Data Classification Policies 284 When Is Data Classified or Labeled? 284 xiii xiv Contents The Need for Data Classification 285 Protecting Information 285 Retaining Information 286 Recovering Information 287 Legal Classification Schemes 288 Military Classification Schemes 289 Business Classification Schemes 290 Developing a Customized Classification Scheme Classifying Your Data 293 Data Handling Policies 291 294 The Need for Policy Governing Data at Rest and in Transit 294 Policies, Standards, and Procedures Covering the Data Life Cycle 297 Identifying Business Risks Related to Information Systems 299 Types of Risk 299 Development and Need for Policies Based on Risk Management Risk and Control Self-Assessment Risk Assessment Policies 300 302 303 Risk Exposure 303 Prioritization of Risks, Threats, and Vulnerabilities Risk Management Strategies 304 Vulnerability Assessments 305 Vulnerability Windows 307 Common Vulnerability Scan Tools 307 Patch Management 307 Quality Assurance Versus Quality Control 304 309 Best Practices for Data Classification and Risk Management Policies Case Studies and Examples of Data Classification and Risk Management Policies 310 Private Sector Case Study 1 310 Public Sector Case Study 310 Private Sector Case Study 2 311 CHAPTER SUMMARY 311 KEY CONCEPTS AND TERMS 312 CHAPTER 11 ASSESSMENT CHAPTER 12 312 Incident Response Team (IRT) Policies Incident Response Policy What Is an Incident? Incident Classification 316 317 317 The Response Team Charter 319 Incident Response Team Members Responsibilities During an Incident Users on the Front Line 323 321 322 315 309 Contents System Administrators 323 Information Security Personnel Management 324 Support Services 325 Other Key Roles 325 324 Business Impact Analysis (BIA) Policies 325 Component Priority 326 Component Reliance 326 Impact Report 326 Development and Need for Policies Based on the BIA Procedures for Incident Response 327 327 Discovering an Incident 328 Reporting an Incident 329 Containing and Minimizing the Damage 330 Cleaning Up After the Incident 331 Documenting the Incident and Actions 332 Analyzing the Incident and Response 333 Creating Mitigation to Prevent Future Incidents 333 Handling the Media and Deciding What to Disclose 334 Business Continuity Planning Policies 335 Dealing with Loss of Systems, Applications, or Data Availability 336 Response and Recovery Time Objectives Policies Based on the BIA Best Practices for Incident Response Policies Disaster Recovery P!an Policies 339 Case Studies and Examples of Incident Response Policies 340 CHAPTER SUMMARY 341 342 KEY CONCEPTS AND TERMS CHAPTER 12 ASSESSMENT 342 342 Implementing and Maintaining an IT Security Policy Framework CHAPTER 13 337 Disaster Declaration Policy 338 Assessment of the Disaster s Severity and of Potential Downtime Private Sector Case Study 340 Public Sector Case Study 341 Critical Infrastructure Case Study PART THREE 337 345 IT Security Policy Implementations Simplified Implementation Process Target State 347 348 350 Distributed Infrastructure 351 Outdated Technology 352 Lack of Standardization Throughout the IT Infrastructure 354 336 XV xvi Contents Executive Buy-in, Cost, and Impact 355 Executive Management Sponsorship Overcoming Nontechnical Hindrances Distributed Environment 356 User Types 356 Organizational Challenges 356 355 356 Policy Language 358 Employee Awareness and Training 359 Organizational and Individual Acceptance 360 Motivation 360 Developing an Organization-Wide Security Awareness Policy Conducting Security Awareness Training Sessions 362 Human Resources Ownership of New Employee Orientation Review of Acceptable Use Policies (AUPs) 364 Information Dissemination—How to Educate Employees Hard Copy Dissemination 367 Posting Policies on the Intranet 367 Using Email 368 Brown Bag Lunches and Learning Sessions Policy Implementation Issues Governance and Monitoring 360 364 365 368 368 370 Best Practices for IT Security Policy Implementations 372 Case Studies and Examples of IT Security Policy Implementations CIO Magazine 373 SANS 373 Public Sector Case Study CHAPTER SUMMARY 373 375 KEY CONCEPTS AND TERMS CHAPTER 13 ASSESSMENT ENDNOTES CHAPTER 14 373 375 375 376 IT Security Policy Enforcement 377 Organizational Support for IT Security Policy Enforcement 378 Executive Management Sponsorship 379 Governance Versus Management Organizational Structure 380 The Hierarchical Organizational Approach to Security Policy Implementation Project Committee 382 Architecture Review Committee 382 External Connection Committee . 383 Vendor Governance Committee 383 Security Compliance Committee 384 Operational Risk Committee 384 381 Contents Front-Line Managers and Supervisors Responsibility and Accountability Grass-Roots Employees 385 An Organization s Right to Monitor User Actions and Traffic 385 386 Internet Use 387 Email Use 388 Computer Use 389 Compliance Law: Requirement or Risk Management? What Is Law and What Is Policy? 389 390 What Security Controls Work to Enforce Protection of Personal Data? 391 What Automated Security Controls Can Be Imptemented Through Policy? 391 What Manual Security Controls Assist with Enforcement? Legal Implications of IT Security Policy Enforcement 393 394 Who Is Ultimately Accountable for Risks, Threats, and Vulnerabilities? Where Must IT Security Policy Enforcement Come From? Best Practices for IT Security Policy Enforcement 396 397 398 Case Studies and Examples of Successful and Unsuccessful IT Security Policy Enforcement 399 Private Sector Case Study Public Sector Case Study 1 Public Sector Case Study 2 CHAPTER SUMMARY 400 400 400 401 KEY CONCEPTS AND TERMS CHAPTER 14 ASSESSMENT CHAPTER 15 402 402 IT Policy Compliance and Compliance Technologies Creating a Baseline Definition for Information Systems Security 405 407 Policy-Defining Overall IT Infrastructure Security Definition 409 Vulnerability Window and Information Security Gap Definition 410 Tracking, Monitoring, and Reporting IT Security Baseline Definition and Policy Compliance 411 Automated Systems 411 Random Audits and Departmental Compliance 414 Overall Organizational Report Card for Policy Compliance Automating IT Security Policy Compliance Automated Policy Distribution 416 Training Administrators and Users Organizational Acceptance 417 Testing for Effectiveness 418 Audit Trails 418 417 415 414 xvii XVIII Contents Configuration Management and Change Control Management 419 Configuration Management Database 420 Tracking, Monitoring, and Reporting Configuration Changes 420 Collaboration and Policy Compliance Across Business Areas 421 Version Control for Policy Implementation Guidelines and Compliance Compliance Technologies and Solutions COSO Internal Control—Integrated Framework SCAP 423 SNMP 424 WBEM 425 Digital Signing 425 421 422 422 Best Practices for IT Security Policy Compliance Monitoring 427 Case Studies and Examples of Successful IT Security Policy Compliance Monitoring 427 Private Sector Case Study 1 Private Sector Case Study 2 Nonprofit Sector Case Study CHAPTER SUMMARY 427 429 429 430 KEY CONCEPTS AND TERMS 431 CHAPTER 15 ASSESSMENT APPENDIX A Answer Key APPENDIX В Standard Acronyms 433 Glossary of Key Terms References Index 465 453 431 435 441
adam_txt	© obpcnh/Shutterstock Brief Contents Preface PART ONE xxi Acknowledgments xxv About the Authors xxvii The Need for IT Security Policy Frameworks 1 CHAPTER 1 Information Systems Security Policy Management 3 CHAPTER 2 Business Drivers for Information Security Policies 29 CHAPTER 3 Compliance Laws and Information Security Policy Requirements 53 CHAPTER 4 Business Challenges Within the Seven Domains of IT Responsibility 77 CHAPTER 5 Information Security Policy Implementation Issues PART TWO Types of Policies and Appropriate Frameworks 103 137 CHAPTER 6 IT Security Policy Frameworks 139 CHAPTER 7 How to Design, Organize, Implement, and Maintain IT Security Policies 169 CHAPTER 8 IT Security Policy Framework Approaches CHAPTER 9 User Domain Policies CHAPTER 10 IT Infrastructure Security Policies 199 225 251 iii IV Brief Contents CHAPTER 11 Data Classification and Handling Policies 283 and Risk Management Policies CHAPTER 12 Incident Response Team (IRT) Policies PART THREE 315 Implementing and Maintaining an IT Security Policy Framework 345 CHAPTER 13 IT Security Policy Implementations CHAPTER 14 IT Security Policy Enforcement CHAPTER 15 IT Policy Compliance and Compliance Technologies APPENDIX A Answer Key APPENDIX В Standard Acronyms 433 Glossary of Key Terms References Index BESCHAFFTAUS MITTELN DER 465 453 435 441 347 377 405 © obpcnh/Shutterstock Contents Preface PART ONE CHAPTER 1 xxi Acknowledgments xxv About the Authors xxvii The Need for IT Security Policy Frameworks 1 Information Systems Security Policy Management What Is Information Systems Security? 4 Information Systems Security Management Life Cycle Align, Plan, and Organize 7 Build, Acquire, and Implement 8 Deliver, Service, and Support 9 Monitor, Evaluate, and Assess 9 ISO/IEC 38500 10 What Is Information Assurance? 3 5 10 Confidentiality 11 Integrity 11 Authentication 12 Availability 13 Nonrepudiation 14 What Is Governance? 15 Why Is Governance !mportant? 16 What Are Information Systems Security Policies? How Policies and Standards Differ How Policies and Procedures Differ Creating Policies 17 19 19 20 Where Do Information Systems Security Policies Fit Within an Organization? 20 Why Information Systems Security Policies Are Important Policies That Support Operational Success 22 Challenges of Running a Business Without Policies Dangers of Not Implementing Policies 23 Dangers of Implementing the Wrong Policies 23 21 22 V VI Contents When Do You Need Information Systems Security Policies? 23 Business Process Reengineering (BPR) 24 Continuous Improvement 24 Making Changes in Response to Problems 25 Why Enforcing and Winning Acceptance for Policies Is Challenging CHAPTER SUMMARY 26 KEY CONCEPTS AND TERMS CHAPTER 1 ASSESSMENT ENDNOTES CHAPTER 2 27 27 28 Business Drivers for Information Security Policies Why Are Business Drivers Important? Maintaining Compliance 30 31 Compliance Requires Proper Security Controls 32 Security Controls Enforce Information Security Policies Preventive Security Controls 35 Detective Security Control 35 Corrective Security Control 36 Mitigating Security Controls 36 Mitigating Risk Exposure 33 36 Educate Employees and Drive Security Awareness Prevent Loss of Intellectual Property 38 Labeling Data and Data Classification 39 Protect Digital Assets 4Q Secure Privacy of Data 41 Full Disclosure and Data Encryption 42 Lower Risk Exposure 43 Minimizing Liability of the Organization 37 44 Separation Between Employer and Employee 45 Acceptable Use Policies 46 Confidentiality Agreement and Nondisclosure Agreement Business Liability Insurance Policies 47 Implementing Policies to Drive Operational Consistency 46 47 Forcing Repeatable Business Processes Across the Entire Organization Differences Between Mitigating and Compensating Controls 48 Policies Help Prevent Operational Deviation 49 CHAPTER SUMMARY 50 KEY CONCEPTS AND TERMS CHAPTER 2 ASSESSMENT ENDNOTES 52 29 50 50 47 25 Contents CHAPTER З Compliance Laws and Information Security Policy Requirements 53 U.S. Compliance Laws 55 What Are U.S. Compliance Laws? 56 Federal Information Security Management Act (FISMA) 57 Health Insurance Portability and Accountability Act (HIPAA) 58 HITECH 59 Gramm-Leach-Bliley Act (GLBA) 59 Sarbanes-Oxley (SOX) Act 61 Family Educational Rights and Privacy Act (FERPA) 62 Children's Internet Protection Act (CIPA) 63 Why Did U.S. Compliance Laws Come About? 63 Whom Do the Laws Protect? 64 Which Laws Require Proper Security Controls to Be Included in Policies? Which Laws Require Proper Security Controls for Handling Privacy Data? Aligning Security Policies and Controls with Regulations Industry Leading Practices and Self-Regulation Some Important Industry Standards 68 68 71 General Data Protection Regulation (GDPR) 71 European Telecommunications Standards Institute (ETSI) Asia-Pacific Economic Framework (APEC) 72 CHAPTER SUMMARY CHAPTER 3 ASSESSMENT ENDNOTES CHAPTER 4 72 72 KEY CONCEPTS AND TERMS 73 73 74 Business Challenges Within the Seven Domains of IT Responsibility 77 The Seven Domains of a Typical IT Infrastructure User Domain 81 Workstation Domain 84 LAN Domain 86 LAN-to-WAN Domain 87 WAN Domain 88 Remote Access Domain 89 System/Application Domain 91 65 66 Payment Card Industry Data Security Standard (PCI DSS) 68 Clarified Statement on Standards for Attestation Engagements No. 18 (SSAE18) Information Technology Infrastructure Library (ITIL) 70 International Laws 65 79 69 vii viii Contents Information Security Business Challenges and Security Policies That Mitigate Risk Within the Seven Domains 92 User Domain 92 Workstation Domain 93 LAN Domain 94 LAN-to-WAN Domain 95 WAN Domain 96 Remote Access Domain 97 System/Application Domain 98 Inventory 99 Perimeter 99 Device Management 99 CHAPTER SUMMARY 100 KEY CONCEPTS AND TERMS CHAPTER 4 ASSESSMENT ENDNOTES CHAPTER 5 100 101 102 Information Security Policy Implementation Issues Human Nature in the Workplace 104 Basic Elements of Motivation Pride 106 Self-Interest 106 Success 107 Personality Types of Employees Leadership, Values, and Ethics 105 Organizational Structures 112 108 110 Flat Organizations 116 Hierarchical Organizations 117 Advantages of a Hierarchical Model Disadvantages of a Hierarchical Model The Challenge of User Apathy 118 118 119 The Importance of Executive Management Support 12Ū Selling Information Security Policies to an Executive 120 Before, During, and After Policy Implementation 121 The Role of Human Resources Policies 122 Relationship Between HR and Security Policies Lack of Support 123 122 Policy Roles, Responsibilities, and Accountability Change Model 125 Responsibilities During Change 126 Step 1 : Create Urgency 127 Step 2: Create a Powerful Coalition Step 3: Create a Vision for Change 127 128 125 103 Contents Step 4: Communicate the Vision 128 Step 5: Remove Obstacles 129 Step 6: Create Short-Term Wins 129 Step 7: Build on the Change 129 Step 8: Anchor the Changes in Corporate Culture Roles and Accountabilities 129 129 When Policy Fulfillment Is Not Part of Job Descriptions Impact on Entrepreneurial Productivity and Efficiency 131 Tying Security Policy to Performance and Accountability CHAPTER SUMMARY ENDNOTES PART TWO CHAPTER 6 133 134 KEY CONCEPTS AND TERMS CHAPTER 5 ASSESSMENT 131 135 135 136 Types of Policies and Appropriate Frameworks IT Security Policy Frameworks What Is an IT Policy Framework? 139 140 What Is a Program Framework Policy or Charter? 143 Purpose and Mission 144 Scope 144 Responsibilities 144 Compliance 144 Industry-Standard Policy Frameworks 145 IS0/IEC 27002 (2015) 146 ISO/IEC 30105 148 ISO 27007 149 NIST Special Publication (SP) 800-53 149 What Is a Policy? 151 What Are Standards? 152 Issue-Specific or Control Standards 153 System-Specific or Baseline Standards 154 What Are Procedures? 154 Exceptions to Standards 156 What Are Guidelines? 156 Business Considerations for the Framework 157 Roles for Policy and Standards Development and Compliance Information Assurance Considerations Confidentiality 159 Integrity 160 Availability 160 159 158 137 ix x Contents Information Systems Security Considerations 161 Unauthorized Access to and Use of the System 161 Unauthorized Disclosure of the Information 161 Disruption of the System or Services 162 Modification of Information 162 Destruction of Information Resources 162 Best Practices for IT Security Policy Framework Creation Case Studies in Policy Framework Development 162 163 Private Sector Case Study 163 Private Sector Case Study Two 164 Public Sector Case Study 164 Private Sector Case Study Three 164 CHAPTER SUMMARY 166 KEY CONCEPTS AND TERMS CHAPTER 6 ASSESSMENT ENDNOTES CHAPTER 7 166 167 168 How to Design, Organize, Implement, and Maintain IT Security Policies 169 Policies and Standards Design Considerations 170 Operating Models 171 Principles for Policy and Standards Development 172 The Importance of Transparency with Regard to Customer Data Types of Controls for Policies and Standards 175 Security Control Types 175 Document Organization Considerations 174 176 Sample Templates 179 Sample Policy Template 179 Sample Standard Template 180 Sample Procedure Template 182 Sample Guideline Template 183 Considerations for Implementing Policies and Standards Building Consensus on Intent 184 Reviews and Approvals 184 Publishing Your Policy and Standards Library 185 Awareness and Training 187 Security Newsletter 188 Security Articles 189 What Is.? 189 Ask Us 189 Security Resources 190 Contacts 190 Policy Change Control Board 190 Business Drivers for Policy and Standards Changes 191 184 Contents Maintaining Your Policy and Standards Library Updates and Revisions 192 192 Best Practices for Policies and Standards Maintenance 193 Case Studies and Examples of Designing, Organizing, Implementing, and Maintaining IT Security Policies Private Sector Case Study 1 Private Sector Case Study 2 Public Sector Case Study CHAPTER SUMMARY 195 KEY CONCEPTS AND TERMS 195 CHAPTER 7 ASSESSMENT ENDNOTES CHAPTER 8 193 194 194 194 196 197 IT Security Policy Framework Approaches IT Security Policy Framework Approaches 199 20Q Risk Management and Compliance Approach 204 The Physical Domains of IT Responsibility Approach 206 Roles, Responsibilities, and Accountability for Personnel The Seven Domains of a Typical IT Infrastructure Organizational Structure 207 Organizational Culture 210 Separation of Duties 211 Layered Security Approach 211 Domain of Responsibility and Accountability First Line of Defense 212 Second Line of Defense 212 Third Line of Defense 213 Governance and Compliance IT Security Controls 214 IT Security Policy Framework 211 213 215 Best Practices for IT Security Policy Framework Approaches What Is the Difference Between GRC and ERM? 217 Case Studies and Examples of IT Security Policy Framework Approaches 218 Private Sector Case Study 218 Public Sector Case Study 219 E-Commerce Case Study 221 Critical Infrastructure Case Study CHAPTER SUMMARY CHAPTER 8 ASSESSMENT 224 222 222 KEY CONCEPTS AND TERMS ENDNOTES 206 207 223 223 216 xii Contents CHAPTER 9 User Domain Policies 225 The Weakest Link in the Information Security Chain Social Engineering Phishing 227 Human Mistakes Insiders 229 226 227 228 Seven Types of Users 231 Employees 234 Systems Administrators 235 Security Personnel 238 Contractors 238 Vendors 239 Guests and General Public 239 Control Partners 242 Contingent 243 System 243 Why Govern Users with Policies? Acceptable Use Policy (AUP) 243 244 The Privileged-Level Access Agreement (PAA) Security Awareness Policy (SAP) 244 245 Best Practices for User Domain Policies 246 Understanding Least Access Privileges and Best Fit Access Privileges Case Studies and Examples of User Domain Policies Government Laptop Compromised The NASA Raspberry Pi 248 Defense Data Stolen 248 CHAPTER SUMMARY 248 249 KEY CONCEPTS AND TERMS CHAPTER 9 ASSESSMENT CHAPTER 10 249 249 IT Infrastructure Security Policies Anatomy of an Infrastructure Policy Format of a Standard 252 255 Workstation Domain Policies 256 Control Standards 256 Baseline Standards 257 Procedures 259 Guidelines 259 Mobile Device Domain Policies LAN Domain Policies Control Standards 261 261 260 251 247 247 Contents Baseline Standards Procedures 265 Guidelines 265 263 LAN-to-WAN Domain Policies Control Standards Baseline Standards Procedures 267 Guidelines 267 WAN Domain Policies Control Standards Baseline Standards Procedures 269 Guidelines 269 266 266 267 268 268 269 Remote Access Domain Policies Control Standards Baseline Standards Procedures 271 Guidelines 271 270 270 270 System/Application Domain Policies Control Standards Baseline Standards Procedures 272 Guidelines 274 271 272 Telecommunications Policies Control Standards Baseline Standards Procedures 275 Guidelines 275 271 274 274 2^5 Best Practices for ІТ Infrastructure Security Policies Cloud Security Policies 275 276 Case Studies and Examples of IT Infrastructure Security Policies 278 State Government Case Study 279 Public Sector Case Study 279 Critical Infrastructure Case Study 280 CHAPTER SUMMARY 281 KEY CONCEPTS AND TERMS CHAPTER 10 ASSESSMENT CHAPTER 11 281 282 Data Classification and Handling Policies and Risk Management Policies 283 Data Classification Policies 284 When Is Data Classified or Labeled? 284 xiii xiv Contents The Need for Data Classification 285 Protecting Information 285 Retaining Information 286 Recovering Information 287 Legal Classification Schemes 288 Military Classification Schemes 289 Business Classification Schemes 290 Developing a Customized Classification Scheme Classifying Your Data 293 Data Handling Policies 291 294 The Need for Policy Governing Data at Rest and in Transit 294 Policies, Standards, and Procedures Covering the Data Life Cycle 297 Identifying Business Risks Related to Information Systems 299 Types of Risk 299 Development and Need for Policies Based on Risk Management Risk and Control Self-Assessment Risk Assessment Policies 300 302 303 Risk Exposure 303 Prioritization of Risks, Threats, and Vulnerabilities Risk Management Strategies 304 Vulnerability Assessments 305 Vulnerability Windows 307 Common Vulnerability Scan Tools 307 Patch Management 307 Quality Assurance Versus Quality Control 304 309 Best Practices for Data Classification and Risk Management Policies Case Studies and Examples of Data Classification and Risk Management Policies 310 Private Sector Case Study 1 310 Public Sector Case Study 310 Private Sector Case Study 2 311 CHAPTER SUMMARY 311 KEY CONCEPTS AND TERMS 312 CHAPTER 11 ASSESSMENT CHAPTER 12 312 Incident Response Team (IRT) Policies Incident Response Policy What Is an Incident? Incident Classification 316 317 317 The Response Team Charter 319 Incident Response Team Members Responsibilities During an Incident Users on the Front Line 323 321 322 315 309 Contents System Administrators 323 Information Security Personnel Management 324 Support Services 325 Other Key Roles 325 324 Business Impact Analysis (BIA) Policies 325 Component Priority 326 Component Reliance 326 Impact Report 326 Development and Need for Policies Based on the BIA Procedures for Incident Response 327 327 Discovering an Incident 328 Reporting an Incident 329 Containing and Minimizing the Damage 330 Cleaning Up After the Incident 331 Documenting the Incident and Actions 332 Analyzing the Incident and Response 333 Creating Mitigation to Prevent Future Incidents 333 Handling the Media and Deciding What to Disclose 334 Business Continuity Planning Policies 335 Dealing with Loss of Systems, Applications, or Data Availability 336 Response and Recovery Time Objectives Policies Based on the BIA Best Practices for Incident Response Policies Disaster Recovery P!an Policies 339 Case Studies and Examples of Incident Response Policies 340 CHAPTER SUMMARY 341 342 KEY CONCEPTS AND TERMS CHAPTER 12 ASSESSMENT 342 342 Implementing and Maintaining an IT Security Policy Framework CHAPTER 13 337 Disaster Declaration Policy 338 Assessment of the Disaster's Severity and of Potential Downtime Private Sector Case Study 340 Public Sector Case Study 341 Critical Infrastructure Case Study PART THREE 337 345 IT Security Policy Implementations Simplified Implementation Process Target State 347 348 350 Distributed Infrastructure 351 Outdated Technology 352 Lack of Standardization Throughout the IT Infrastructure 354 336 XV xvi Contents Executive Buy-in, Cost, and Impact 355 Executive Management Sponsorship Overcoming Nontechnical Hindrances Distributed Environment 356 User Types 356 Organizational Challenges 356 355 356 Policy Language 358 Employee Awareness and Training 359 Organizational and Individual Acceptance 360 Motivation 360 Developing an Organization-Wide Security Awareness Policy Conducting Security Awareness Training Sessions 362 Human Resources Ownership of New Employee Orientation Review of Acceptable Use Policies (AUPs) 364 Information Dissemination—How to Educate Employees Hard Copy Dissemination 367 Posting Policies on the Intranet 367 Using Email 368 Brown Bag Lunches and Learning Sessions Policy Implementation Issues Governance and Monitoring 360 364 365 368 368 370 Best Practices for IT Security Policy Implementations 372 Case Studies and Examples of IT Security Policy Implementations CIO Magazine 373 SANS 373 Public Sector Case Study CHAPTER SUMMARY 373 375 KEY CONCEPTS AND TERMS CHAPTER 13 ASSESSMENT ENDNOTES CHAPTER 14 373 375 375 376 IT Security Policy Enforcement 377 Organizational Support for IT Security Policy Enforcement 378 Executive Management Sponsorship 379 Governance Versus Management Organizational Structure 380 The Hierarchical Organizational Approach to Security Policy Implementation Project Committee 382 Architecture Review Committee 382 External Connection Committee . 383 Vendor Governance Committee 383 Security Compliance Committee 384 Operational Risk Committee 384 381 Contents Front-Line Managers' and Supervisors' Responsibility and Accountability Grass-Roots Employees 385 An Organization's Right to Monitor User Actions and Traffic 385 386 Internet Use 387 Email Use 388 Computer Use 389 Compliance Law: Requirement or Risk Management? What Is Law and What Is Policy? 389 390 What Security Controls Work to Enforce Protection of Personal Data? 391 What Automated Security Controls Can Be Imptemented Through Policy? 391 What Manual Security Controls Assist with Enforcement? Legal Implications of IT Security Policy Enforcement 393 394 Who Is Ultimately Accountable for Risks, Threats, and Vulnerabilities? Where Must IT Security Policy Enforcement Come From? Best Practices for IT Security Policy Enforcement 396 397 398 Case Studies and Examples of Successful and Unsuccessful IT Security Policy Enforcement 399 Private Sector Case Study Public Sector Case Study 1 Public Sector Case Study 2 CHAPTER SUMMARY 400 400 400 401 KEY CONCEPTS AND TERMS CHAPTER 14 ASSESSMENT CHAPTER 15 402 402 IT Policy Compliance and Compliance Technologies Creating a Baseline Definition for Information Systems Security 405 407 Policy-Defining Overall IT Infrastructure Security Definition 409 ' Vulnerability Window and Information Security Gap Definition 410 Tracking, Monitoring, and Reporting IT Security Baseline Definition and Policy Compliance 411 Automated Systems 411 Random Audits and Departmental Compliance 414 Overall Organizational Report Card for Policy Compliance Automating IT Security Policy Compliance Automated Policy Distribution 416 Training Administrators and Users Organizational Acceptance 417 Testing for Effectiveness 418 Audit Trails 418 417 415 414 xvii XVIII Contents Configuration Management and Change Control Management 419 Configuration Management Database 420 Tracking, Monitoring, and Reporting Configuration Changes 420 Collaboration and Policy Compliance Across Business Areas 421 Version Control for Policy Implementation Guidelines and Compliance Compliance Technologies and Solutions COSO Internal Control—Integrated Framework SCAP 423 SNMP 424 WBEM 425 Digital Signing 425 421 422 422 Best Practices for IT Security Policy Compliance Monitoring 427 Case Studies and Examples of Successful IT Security Policy Compliance Monitoring 427 Private Sector Case Study 1 Private Sector Case Study 2 Nonprofit Sector Case Study CHAPTER SUMMARY 427 429 429 430 KEY CONCEPTS AND TERMS 431 CHAPTER 15 ASSESSMENT APPENDIX A Answer Key APPENDIX В Standard Acronyms 433 Glossary of Key Terms References Index 465 453 431 435 441
any_adam_object	1
any_adam_object_boolean	1
author	Johnson, Robert ca. 20./21. Jh Easttom, Chuck 1968-
author_GND	(DE-588)1227970803 (DE-588)1079935274
author_facet	Johnson, Robert ca. 20./21. Jh Easttom, Chuck 1968-
author_role	aut aut
author_sort	Johnson, Robert ca. 20./21. Jh
author_variant	r j rj c e ce
building	Verbundindex
bvnumber	BV046986694
classification_rvk	ST 277
ctrlnum	(OCoLC)1240404512 (DE-599)BVBBV046986694
discipline	Informatik
discipline_str_mv	Informatik
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01497nam a2200361 c 4500</leader><controlfield tag="001">BV046986694</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20210223 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">201109s2022 \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1284199843</subfield><subfield code="9">1-284-19984-3</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781284199840</subfield><subfield code="9">978-1-284-19984-0</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1240404512</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV046986694</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-739</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 277</subfield><subfield code="0">(DE-625)143643:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Johnson, Robert</subfield><subfield code="d">ca. 20./21. Jh.</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1227970803</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Security policies and implementation issues</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Burlinton, MA</subfield><subfield code="b">Jones & Bartlett Learning</subfield><subfield code="c">2022</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="0" ind2=" "><subfield code="a">ISSA : information systems & assurance series</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Sicherheitsprotokoll</subfield><subfield code="0">(DE-588)4709127-7</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Sicherheitsprotokoll</subfield><subfield code="0">(DE-588)4709127-7</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Easttom, Chuck</subfield><subfield code="d">1968-</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1079935274</subfield><subfield code="4">aut</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Passau - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032394649&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-032394649</subfield></datafield></record></collection>
id	DE-604.BV046986694
illustrated	Not Illustrated
index_date	2024-07-03T15:51:39Z
indexdate	2024-07-10T08:59:24Z
institution	BVB
isbn	1284199843 9781284199840
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-032394649
oclc_num	1240404512
open_access_boolean
owner	DE-739
owner_facet	DE-739
publishDate	2022
publishDateSearch	2022
publishDateSort	2022
publisher	Jones & Bartlett Learning
record_format	marc
series2	ISSA : information systems & assurance series
spelling	Johnson, Robert ca. 20./21. Jh. Verfasser (DE-588)1227970803 aut Security policies and implementation issues Burlinton, MA Jones & Bartlett Learning 2022 txt rdacontent n rdamedia nc rdacarrier ISSA : information systems & assurance series Computersicherheit (DE-588)4274324-2 gnd rswk-swf Sicherheitsprotokoll (DE-588)4709127-7 gnd rswk-swf Computersicherheit (DE-588)4274324-2 s Sicherheitsprotokoll (DE-588)4709127-7 s DE-604 Easttom, Chuck 1968- Verfasser (DE-588)1079935274 aut Digitalisierung UB Passau - ADAM Catalogue Enrichment application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032394649&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Johnson, Robert ca. 20./21. Jh Easttom, Chuck 1968- Security policies and implementation issues Computersicherheit (DE-588)4274324-2 gnd Sicherheitsprotokoll (DE-588)4709127-7 gnd
subject_GND	(DE-588)4274324-2 (DE-588)4709127-7
title	Security policies and implementation issues
title_auth	Security policies and implementation issues
title_exact_search	Security policies and implementation issues
title_exact_search_txtP	Security policies and implementation issues
title_full	Security policies and implementation issues
title_fullStr	Security policies and implementation issues
title_full_unstemmed	Security policies and implementation issues
title_short	Security policies and implementation issues
title_sort	security policies and implementation issues
topic	Computersicherheit (DE-588)4274324-2 gnd Sicherheitsprotokoll (DE-588)4709127-7 gnd
topic_facet	Computersicherheit Sicherheitsprotokoll
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032394649&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT johnsonrobert securitypoliciesandimplementationissues AT easttomchuck securitypoliciesandimplementationissues

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge