Effective information security management:
Saved in:
| Main Author: | |
|---|---|
| Format: | Book |
| Language: | English |
| Published: |
Oxford
Elsevier Science Publ.
1991
|
| Series: | Elsevier advanced technology
|
| Subjects: | |
| Online Access: | Inhaltsverzeichnis |
| Physical Description: | XII, 235 S. graph. Darst. |
| ISBN: | 1856170705 |
Staff View
MARC
| LEADER | 00000nam a2200000 c 4500 | ||
|---|---|---|---|
| 001 | BV006600707 | ||
| 003 | DE-604 | ||
| 005 | 00000000000000.0 | ||
| 007 | t | ||
| 008 | 930210s1991 d||| |||| 00||| eng d | ||
| 020 | |a 1856170705 |9 1-85617-070-5 | ||
| 035 | |a (OCoLC)29025282 | ||
| 035 | |a (DE-599)BVBBV006600707 | ||
| 040 | |a DE-604 |b ger |e rakddb | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-739 |a DE-11 | ||
| 050 | 0 | |a QA76.9.A25 | |
| 082 | 0 | |a 658.478 |2 20 | |
| 100 | 1 | |a Wood, Charles C. |e Verfasser |4 aut | |
| 245 | 1 | 0 | |a Effective information security management |c Charles Cresson Wood |
| 264 | 1 | |a Oxford |b Elsevier Science Publ. |c 1991 | |
| 300 | |a XII, 235 S. |b graph. Darst. | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b n |2 rdamedia | ||
| 338 | |b nc |2 rdacarrier | ||
| 490 | 0 | |a Elsevier advanced technology | |
| 650 | 4 | |a Business - Security | |
| 650 | 4 | |a Wirtschaft | |
| 650 | 4 | |a Computer security | |
| 650 | 4 | |a Electronic data processing departments |x Security measures |x Management | |
| 856 | 4 | 2 | |m HBZ Datenaustausch |q application/pdf |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=004215559&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |3 Inhaltsverzeichnis |
| 999 | |a oai:aleph.bib-bvb.de:BVB01-004215559 | ||
Record in the Search Index
| _version_ | 1804120874344775680 |
|---|---|
| adam_text | CONTENTS
Biography VIII
Introduction XI
SECTION ONE — PLANNING AND BUDGETING
1. How Many Information Security Staff Should You Have?
How can we Justify More Staff? 3
How the Survey was Performed 4
How Information Security was Defined 4
Overall Information Security Staffing Ratios 5
Organizational Size Ratios 5
Industry Analysis 9
Conclusion 12
References 13
2. A Context for Information Systems Security Planning
Coping With The Threats 15
The Problem: Information Security is Out of Control 15
The Cause: Differing Perceptions and Inadequate Tools .... 20
The Cure: Recommended Actions 24
Conclusion 31
References 31
3. Planning as a Means to Achieve Appropriate Data
Communications Security
Lessions From History 33
Amplitude and Frequency of Change on the Rise 34
Generating a Sense of Urgency 36
Planning as a Mechanism for Establishing a Management
Communication Path 36
Consequences of Inadequate Planning 37
Defining a Target Secure Environment 38
Designing Flexibility Into an Information Security Plan .... 40
Specific Controls to Incorporate Into a Data
Communications Security Plan 41
Exemplary Data Communications Controls to Include
in a Plan Message Authentication Code 41
Conclusion 48
References 48
SECTION TWO ORGANIZATIONAL POLITICS
4. Using Information Security to Achieve Competitive Advantage
Communicating With Management 53
Dimensions of the Competitive Opportunity 54
The Conscientious Corporate Citizen 55
Enhanced Customer Confidence 56
New Products and Services 57
New Security Features for Existing Products and Services .. 57
Marketing Drives Decisions 58
Market Opportunities Missed 59
Conclusion 60
5. Enhancing Information Security with the Information Resource
Management Approach
The Information Resource Management Concept 61
Controls Suboptimization 65
Maginot Line Syndrome 66
Top Management Understanding and Support 66
Contingency Planning 67
Security Policy Making 68
Consideration of Noncomputerized Information 69
Expeditious Resolution of Security Problems 70
Caveats 70
Conclusion 71
6. Information Systems Security: Management Success Factors
Appropriate Organizational Structure 73
Raising the Level of Management Awareness 81
Conclusion 84
7. Establishing Internal Technical Systems Security Standards
Introduction 85
Assessing the Need for Technical Standards 85
Specifying Project Objectives and Scope 87
Targeted Encryption Environment 88
Consistency with External Standards 89
Information Systems Security Organizational Structure 90
Selecting the Project Team 91
Length of the Standards Document 91
Standards Document Design Choices 92
Some Project Management Tools 93
Enforcement Mechanisms 93
Obtaining Approval 94
Defining Next Steps 95
Conclusion 95
8. Fifteen Major Forces Driving the Civilian Information
Security Market
Introduction 97
Business Driving Forces 97
Technological Driving Forces 104
Conclusion 109
References 109
9. Policies for Deterring Computer Abuse
Introduction Ill
Deterrence 112
Personnel Background Checks 114
Periodic Review Procedures 114
Data Sensitivity Classification 116
Reporting Security Violations 117
Precaution and Prevention Procedure 118
Policies, Deterrents and Punishment 119
SECTION 3 DESIGNING SECURE SYSTEMS
10. Commercially Available Information Security Products and
Services
What You Need to Know About the Market, and Why 123
Definition of the Information Security Market 124
Scope of the Information Security Market 124
Services 127
System Access Control 133
Physical Security for Computers 136
Computer Operations 138
Back up, Recovery, Archival Storage 140
Communications 142
Conclusion 145
11. Principles of Secure Information Systems Design
Introduction 147
Cost Effectiveness 148
Simplicity 148
Override 149
Overt Design and Operation 149
Least Privilege 150
Entrapment 151
Independence of Control and Subject 151
Universal Application 152
Acceptance of Control Subjects 152
Sustainability 153
Auditability 154
Accountability 154
Defensive Depth 155
Isolation and Compartmentalization 156
Least Common Mechanism 156
Control the Periphery 157
Completeness and Consistency 158
Default to Denial 158
Parameterization 159
Hostile Environment 159
Human Involvement 160
Secure Image 160
Low Profile 161
Conclusion 161
References 162
12. Extended User Authentication: The Next Major Enhancement to
Access Control Packages
Introduction 165
Necessary Definitions 165
Why Passwords are not Enough 166
The New User Authentication Systems 168
What the User Knows Technologies 169
What the User Has Technologies 170
What the User Is Technologies (aka Biometrics) 172
What the User Can Do Technologies 173
Where the User Is Technologies 174
Levels of Control 175
Error Types and Tradeoffs 175
Evaluating Alternative User Authentication Technologies .. 176
Security Administrator s Role 176
Expected Future Developments 177
Conclusion and Recommended Action 177
13. Effective Information System Security with Password Controls
Introduction 179
Definition of Passwords 180
Objectives of Password Controls 180
Approaches to the Design of Password Controls 181
Password Construction 183
Password System Administration 184
Password System Implementation 185
Conclusion 187
14. Administrative Controls for Password Based Computer
Access Control Systems 189
Prerequisites to the Successful Implementation of an
Access Control Package 190
Reviewing, Monitoring and Summarizing Logs and
Systems Security Relevant Events 192
Accounts Administration 193
System Design Considerations 196
Conclusion 198
15. Microcomputer Security
Introduction 199
Microcomputer Risks 200
Differences Between the Micro and the Mainframe
Environments 201
Information Value, Sensitivity, and Criticality 202
Recommended Microcomputer Controls 203
Insurance 210
Systems Development Process and Hardware/Software
Procurement 211
Current and Future Unresolved Problems 212
Conclusion 213
16. Floppy Diskette Security Measures
ATypicalCase 215
Why Pay Special Attention to Floppies? 215
Data Classification 216
Sensitivity Marking 217
Individual Accountability 218
Back up and Archiving 218
Physical Security 219
Encryption 220
Manual Handling 220
Physical Movement of Diskettes 221
File/Diskette Indices 221
Data Erasure and Destruction 222
Conclusion 7??
BIBLIOGRAPHY 224
INDEX 227
|
| any_adam_object | 1 |
| author | Wood, Charles C. |
| author_facet | Wood, Charles C. |
| author_role | aut |
| author_sort | Wood, Charles C. |
| author_variant | c c w cc ccw |
| building | Verbundindex |
| bvnumber | BV006600707 |
| callnumber-first | Q - Science |
| callnumber-label | QA76 |
| callnumber-raw | QA76.9.A25 |
| callnumber-search | QA76.9.A25 |
| callnumber-sort | QA 276.9 A25 |
| callnumber-subject | QA - Mathematics |
| ctrlnum | (OCoLC)29025282 (DE-599)BVBBV006600707 |
| dewey-full | 658.478 |
| dewey-hundreds | 600 - Technology (Applied sciences) |
| dewey-ones | 658 - General management |
| dewey-raw | 658.478 |
| dewey-search | 658.478 |
| dewey-sort | 3658.478 |
| dewey-tens | 650 - Management and auxiliary services |
| discipline | Wirtschaftswissenschaften |
| format | Book |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01261nam a2200349 c 4500</leader><controlfield tag="001">BV006600707</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">00000000000000.0</controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">930210s1991 d||| |||| 00||| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1856170705</subfield><subfield code="9">1-85617-070-5</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)29025282</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV006600707</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rakddb</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-739</subfield><subfield code="a">DE-11</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">QA76.9.A25</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">658.478</subfield><subfield code="2">20</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Wood, Charles C.</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Effective information security management</subfield><subfield code="c">Charles Cresson Wood</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Oxford</subfield><subfield code="b">Elsevier Science Publ.</subfield><subfield code="c">1991</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XII, 235 S.</subfield><subfield code="b">graph. Darst.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="0" ind2=" "><subfield code="a">Elsevier advanced technology</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Business - Security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Wirtschaft</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Electronic data processing departments</subfield><subfield code="x">Security measures</subfield><subfield code="x">Management</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">HBZ Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=004215559&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-004215559</subfield></datafield></record></collection> |
| id | DE-604.BV006600707 |
| illustrated | Illustrated |
| indexdate | 2024-07-09T16:49:01Z |
| institution | BVB |
| isbn | 1856170705 |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-004215559 |
| oclc_num | 29025282 |
| open_access_boolean | |
| owner | DE-739 DE-11 |
| owner_facet | DE-739 DE-11 |
| physical | XII, 235 S. graph. Darst. |
| publishDate | 1991 |
| publishDateSearch | 1991 |
| publishDateSort | 1991 |
| publisher | Elsevier Science Publ. |
| record_format | marc |
| series2 | Elsevier advanced technology |
| spelling | Wood, Charles C. Verfasser aut Effective information security management Charles Cresson Wood Oxford Elsevier Science Publ. 1991 XII, 235 S. graph. Darst. txt rdacontent n rdamedia nc rdacarrier Elsevier advanced technology Business - Security Wirtschaft Computer security Electronic data processing departments Security measures Management HBZ Datenaustausch application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=004215559&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis |
| spellingShingle | Wood, Charles C. Effective information security management Business - Security Wirtschaft Computer security Electronic data processing departments Security measures Management |
| title | Effective information security management |
| title_auth | Effective information security management |
| title_exact_search | Effective information security management |
| title_full | Effective information security management Charles Cresson Wood |
| title_fullStr | Effective information security management Charles Cresson Wood |
| title_full_unstemmed | Effective information security management Charles Cresson Wood |
| title_short | Effective information security management |
| title_sort | effective information security management |
| topic | Business - Security Wirtschaft Computer security Electronic data processing departments Security measures Management |
| topic_facet | Business - Security Wirtschaft Computer security Electronic data processing departments Security measures Management |
| url | http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=004215559&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |
| work_keys_str_mv | AT woodcharlesc effectiveinformationsecuritymanagement |