Verfügbarkeit: Managing information security breaches :

Managing information security breaches :: studies from real life /

This book provides a general discussion and education about information security breaches, how they can be treated and what ISO27001 can offer in that regard, spiced with a number of real-life stories of information security incidents and breaches. These case studies enable an in-depth analysis of t...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Krausz, Michael (VerfasserIn)
Format:	Elektronisch E-Book
Sprache:	English
Veröffentlicht:	Cambridgeshire, England : IT Governance Publishing, 2014.
Ausgabe:	Second edition.
Schlagworte:	Computer security. Computer crimes. Electronic information resources > Access control. Computer Security Sécurité informatique. Criminalité informatique. Sources d'information électroniques > Accès > Contrôle. COMPUTERS > General. Computer crimes Computer security Electronic information resources > Access control
Online-Zugang:	Volltext
Zusammenfassung:	This book provides a general discussion and education about information security breaches, how they can be treated and what ISO27001 can offer in that regard, spiced with a number of real-life stories of information security incidents and breaches. These case studies enable an in-depth analysis of the situations companies face in real life, and contain valuable lessons an organisation can learn from when putting appropriate measures in place to prevent a breach. The author explains what your top priorities should be the moment you realise a breach has occured, making this book essential reading for IT security managers, chief security officers, chief information officers and chief executive officers. It will be of use to personnel in non-IT roles, in an effort to make this subject more comprehensible to those who, in a worst-case scenario, will be on the receiving end of requests for six- or seven-figure excess budgets to cope with severe incidents."--
Beschreibung:	1 online resource (199 pages) : color illustrations, tables
Bibliographie:	Includes bibliographical references.
ISBN:	9781849285964 1849285969

Internformat

MARC


LEADER	00000cam a2200000 i 4500
001	ZDB-4-EBA-ocn905916579
003	OCoLC
005	20241004212047.0
006	m o d
007	cr cn\|\|\|\|\|\|\|\|\|
008	150309t20142014enka ob 000 0 eng d
040			\|a E7B \|b eng \|e rda \|e pn \|c E7B \|d OCLCO \|d JSTOR \|d OCLCF \|d EBLCP \|d OCLCQ \|d STF \|d DEBSZ \|d COO \|d N$T \|d YDXCP \|d ICA \|d IDB \|d OCLCQ \|d AGLDB \|d LIV \|d MERUC \|d OCLCQ \|d IOG \|d OCLCA \|d VTS \|d OCLCQ \|d ITD \|d LVT \|d OCLCQ \|d BRF \|d OCLCO \|d OCLCQ \|d OCLCO \|d OCLCL
019			\|a 923646204 \|a 948892995 \|a 961627743
020			\|a 9781849285964 \|q (electronic bk.)
020			\|a 1849285969 \|q (electronic bk.)
020			\|z 1849285950
020			\|z 9781849285957
020			\|z 1849280959
020			\|z 9781849280952
035			\|a (OCoLC)905916579 \|z (OCoLC)923646204 \|z (OCoLC)948892995 \|z (OCoLC)961627743
037			\|a 22573/ctt14s2vgh \|b JSTOR
050		4	\|a QA76.9.A25 \|b .K738 2014eb
072		7	\|a COM000000 \|2 bisacsh
072		7	\|a COM053000 \|2 bisacsh
082	7		\|a 005.8 \|2 23
049			\|a MAIN
100	1		\|a Krausz, Michael, \|e author. \|0 http://id.loc.gov/authorities/names/no2011004375
245	1	0	\|a Managing information security breaches : \|b studies from real life / \|c Michael Krausz.
250			\|a Second edition.
264		1	\|a Cambridgeshire, England : \|b IT Governance Publishing, \|c 2014.
264		4	\|c ©2014
300			\|a 1 online resource (199 pages) : \|b color illustrations, tables
336			\|a text \|b txt \|2 rdacontent
337			\|a computer \|b c \|2 rdamedia
338			\|a online resource \|b cr \|2 rdacarrier
588	0		\|a Online resource; title from PDF title page (ebrary, viewed March 9, 2015).
505	0		\|a Foreword -- Preface -- About the Author -- Acknowledgements -- Contents -- Introduction -- Part 1 â€? General -- Chapter 1: Why Risk does Not Depend on Company Size -- Risk effect -- Propagation of damage (downstream effects) -- Culture -- Information security staff -- Cash reserves / cash at hand -- Ability to improvise / make quick decisions -- Preparedness -- Contacts with authority -- Chapter 2: Getting your Risk Profile Right -- Intuitive risk analysis -- Formal risk analysis -- Step 1 â€? Identifying threats
505	8		\|a Step 2 â€? Assigning damage and likelihoodStep 3 â€? Defining acceptable loss -- Step 4 â€? Defining mitigation priorities (business priorities) -- Residual risks -- Chapter 3: What is a Breach? -- Confidentiality breach -- Availability breach -- Integrity breach -- Impact -- Source -- External vs. internal -- Unintentional vs. intentional -- Manual vs. automatic -- Human vs. nature -- General treatment options -- Chapter 4: General Avoidance and Mitigation Strategies -- Introduction â€? general aspects, avoidance and related ISO27001 controls -- People
505	8		\|a A.7.1.1 â€? ScreeningMethods of screening -- A.7.1.2 â€? Terms and conditions of employment -- A.7.2.1 â€? Management responsibilities -- A.7.2.2 â€? Information security awareness, education and training -- A.7.2.3 â€? Disciplinary process -- A.7.3.1 â€? Termination or change of employment -- A.8.1.4 â€? Return of assets -- A.9.2.6 â€? Removal or adjustment of access rights -- Processes -- Technology -- ISO27001 Controls helpful for treatment of breaches -- A.6.1.3 â€? Contact with authorities
505	8		\|a A.7.2.2 â€? Information security awareness, education and trainingA.7.2.3 â€? Disciplinary process A.8.1.4 â€? Return of assets A.9.2.6 â€? Removal or adjustment of access rights -- A.12.2.1 â€? Controls against malware -- A.12.4.1 â€? Event logging and -- A.12.4.2 â€? Protection of log information -- A.16.1.1 â€? Responsibilities and procedures -- A.16.1.2 â€? Reporting information security events -- A.16.1.3 â€? Reporting security weaknesses -- A.16.1.4 â€? Assessment of and decision on information security events
505	8		\|a A.16.1.5 â€? Response to information security incidentsA.16.1.6 â€? Learning from information security incidents -- A.16.1.7 â€? Collection of evidence -- Strategies and tactics for treating breaches -- Tactical advice -- Regular meetings -- Time, time, time -- Rest -- People (number) -- International contacts -- Keep the information flowing -- Keep minutes -- Additional quality feedback -- Dimensions of treatment / mitigation of information security breaches -- None -- Internal investigation -- External investigation -- Joint task force
520			\|a This book provides a general discussion and education about information security breaches, how they can be treated and what ISO27001 can offer in that regard, spiced with a number of real-life stories of information security incidents and breaches. These case studies enable an in-depth analysis of the situations companies face in real life, and contain valuable lessons an organisation can learn from when putting appropriate measures in place to prevent a breach. The author explains what your top priorities should be the moment you realise a breach has occured, making this book essential reading for IT security managers, chief security officers, chief information officers and chief executive officers. It will be of use to personnel in non-IT roles, in an effort to make this subject more comprehensible to those who, in a worst-case scenario, will be on the receiving end of requests for six- or seven-figure excess budgets to cope with severe incidents."-- \|c Edited summary from book
504			\|a Includes bibliographical references.
650		0	\|a Computer security.
650		0	\|a Computer crimes. \|0 http://id.loc.gov/authorities/subjects/sh85029492
650		0	\|a Electronic information resources \|x Access control. \|0 http://id.loc.gov/authorities/subjects/sh99010373
650		2	\|a Computer Security \|0 https://id.nlm.nih.gov/mesh/D016494
650		6	\|a Sécurité informatique.
650		6	\|a Criminalité informatique.
650		6	\|a Sources d'information électroniques \|x Accès \|x Contrôle.
650		7	\|a COMPUTERS \|x General. \|2 bisacsh
650		7	\|a Computer crimes \|2 fast
650		7	\|a Computer security \|2 fast
650		7	\|a Electronic information resources \|x Access control \|2 fast
758			\|i has work: \|a Managing information security breaches (Text) \|1 https://id.oclc.org/worldcat/entity/E39PCFVj9JcqXw993Df4GvxxDq \|4 https://id.oclc.org/worldcat/ontology/hasWork
776	0	8	\|i Print version: \|a Krausz, Michael. \|t Managing information security breaches : studies from real life. \|b Second edition. \|d Cambridgeshire, England : IT Governance Publishing, ©2014 \|h 199 pages \|z 9781849285957
856	4	0	\|l FWS01 \|p ZDB-4-EBA \|q FWS_PDA_EBA \|u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=957892 \|3 Volltext
936			\|a BATCHLOAD
938			\|a EBL - Ebook Library \|b EBLB \|n EBL3015817
938			\|a ebrary \|b EBRY \|n ebr11022437
938			\|a EBSCOhost \|b EBSC \|n 957892
938			\|a YBP Library Services \|b YANK \|n 12302804
994			\|a 92 \|b GEBAY
912			\|a ZDB-4-EBA
049			\|a DE-863

Datensatz im Suchindex

DE-BY-FWS_katkey	ZDB-4-EBA-ocn905916579
_version_	1816882308430430208
adam_text
any_adam_object
author	Krausz, Michael
author_GND	http://id.loc.gov/authorities/names/no2011004375
author_facet	Krausz, Michael
author_role	aut
author_sort	Krausz, Michael
author_variant	m k mk
building	Verbundindex
bvnumber	localFWS
callnumber-first	Q - Science
callnumber-label	QA76
callnumber-raw	QA76.9.A25 .K738 2014eb
callnumber-search	QA76.9.A25 .K738 2014eb
callnumber-sort	QA 276.9 A25 K738 42014EB
callnumber-subject	QA - Mathematics
collection	ZDB-4-EBA
contents	Foreword -- Preface -- About the Author -- Acknowledgements -- Contents -- Introduction -- Part 1 â€? General -- Chapter 1: Why Risk does Not Depend on Company Size -- Risk effect -- Propagation of damage (downstream effects) -- Culture -- Information security staff -- Cash reserves / cash at hand -- Ability to improvise / make quick decisions -- Preparedness -- Contacts with authority -- Chapter 2: Getting your Risk Profile Right -- Intuitive risk analysis -- Formal risk analysis -- Step 1 â€? Identifying threats Step 2 â€? Assigning damage and likelihoodStep 3 â€? Defining acceptable loss -- Step 4 â€? Defining mitigation priorities (business priorities) -- Residual risks -- Chapter 3: What is a Breach? -- Confidentiality breach -- Availability breach -- Integrity breach -- Impact -- Source -- External vs. internal -- Unintentional vs. intentional -- Manual vs. automatic -- Human vs. nature -- General treatment options -- Chapter 4: General Avoidance and Mitigation Strategies -- Introduction â€? general aspects, avoidance and related ISO27001 controls -- People A.7.1.1 â€? ScreeningMethods of screening -- A.7.1.2 â€? Terms and conditions of employment -- A.7.2.1 â€? Management responsibilities -- A.7.2.2 â€? Information security awareness, education and training -- A.7.2.3 â€? Disciplinary process -- A.7.3.1 â€? Termination or change of employment -- A.8.1.4 â€? Return of assets -- A.9.2.6 â€? Removal or adjustment of access rights -- Processes -- Technology -- ISO27001 Controls helpful for treatment of breaches -- A.6.1.3 â€? Contact with authorities A.7.2.2 â€? Information security awareness, education and trainingA.7.2.3 â€? Disciplinary process A.8.1.4 â€? Return of assets A.9.2.6 â€? Removal or adjustment of access rights -- A.12.2.1 â€? Controls against malware -- A.12.4.1 â€? Event logging and -- A.12.4.2 â€? Protection of log information -- A.16.1.1 â€? Responsibilities and procedures -- A.16.1.2 â€? Reporting information security events -- A.16.1.3 â€? Reporting security weaknesses -- A.16.1.4 â€? Assessment of and decision on information security events A.16.1.5 â€? Response to information security incidentsA.16.1.6 â€? Learning from information security incidents -- A.16.1.7 â€? Collection of evidence -- Strategies and tactics for treating breaches -- Tactical advice -- Regular meetings -- Time, time, time -- Rest -- People (number) -- International contacts -- Keep the information flowing -- Keep minutes -- Additional quality feedback -- Dimensions of treatment / mitigation of information security breaches -- None -- Internal investigation -- External investigation -- Joint task force
ctrlnum	(OCoLC)905916579
dewey-full	005.8
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.8
dewey-search	005.8
dewey-sort	15.8
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
edition	Second edition.
format	Electronic eBook
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>06893cam a2200721 i 4500</leader><controlfield tag="001">ZDB-4-EBA-ocn905916579</controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20241004212047.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr cn\|\|\|\|\|\|\|\|\|</controlfield><controlfield tag="008">150309t20142014enka ob 000 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">E7B</subfield><subfield code="b">eng</subfield><subfield code="e">rda</subfield><subfield code="e">pn</subfield><subfield code="c">E7B</subfield><subfield code="d">OCLCO</subfield><subfield code="d">JSTOR</subfield><subfield code="d">OCLCF</subfield><subfield code="d">EBLCP</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">STF</subfield><subfield code="d">DEBSZ</subfield><subfield code="d">COO</subfield><subfield code="d">N$T</subfield><subfield code="d">YDXCP</subfield><subfield code="d">ICA</subfield><subfield code="d">IDB</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">AGLDB</subfield><subfield code="d">LIV</subfield><subfield code="d">MERUC</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">IOG</subfield><subfield code="d">OCLCA</subfield><subfield code="d">VTS</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">ITD</subfield><subfield code="d">LVT</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">BRF</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCL</subfield></datafield><datafield tag="019" ind1=" " ind2=" "><subfield code="a">923646204</subfield><subfield code="a">948892995</subfield><subfield code="a">961627743</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781849285964</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1849285969</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">1849285950</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">9781849285957</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">1849280959</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">9781849280952</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)905916579</subfield><subfield code="z">(OCoLC)923646204</subfield><subfield code="z">(OCoLC)948892995</subfield><subfield code="z">(OCoLC)961627743</subfield></datafield><datafield tag="037" ind1=" " ind2=" "><subfield code="a">22573/ctt14s2vgh</subfield><subfield code="b">JSTOR</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">QA76.9.A25</subfield><subfield code="b">.K738 2014eb</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM000000</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM053000</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="082" ind1="7" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">23</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Krausz, Michael,</subfield><subfield code="e">author.</subfield><subfield code="0">http://id.loc.gov/authorities/names/no2011004375</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Managing information security breaches :</subfield><subfield code="b">studies from real life /</subfield><subfield code="c">Michael Krausz.</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">Second edition.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Cambridgeshire, England :</subfield><subfield code="b">IT Governance Publishing,</subfield><subfield code="c">2014.</subfield></datafield><datafield tag="264" ind1=" " ind2="4"><subfield code="c">©2014</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (199 pages) :</subfield><subfield code="b">color illustrations, tables</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="588" ind1="0" ind2=" "><subfield code="a">Online resource; title from PDF title page (ebrary, viewed March 9, 2015).</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Foreword -- Preface -- About the Author -- Acknowledgements -- Contents -- Introduction -- Part 1 â€? General -- Chapter 1: Why Risk does Not Depend on Company Size -- Risk effect -- Propagation of damage (downstream effects) -- Culture -- Information security staff -- Cash reserves / cash at hand -- Ability to improvise / make quick decisions -- Preparedness -- Contacts with authority -- Chapter 2: Getting your Risk Profile Right -- Intuitive risk analysis -- Formal risk analysis -- Step 1 â€? Identifying threats</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Step 2 â€? Assigning damage and likelihoodStep 3 â€? Defining acceptable loss -- Step 4 â€? Defining mitigation priorities (business priorities) -- Residual risks -- Chapter 3: What is a Breach? -- Confidentiality breach -- Availability breach -- Integrity breach -- Impact -- Source -- External vs. internal -- Unintentional vs. intentional -- Manual vs. automatic -- Human vs. nature -- General treatment options -- Chapter 4: General Avoidance and Mitigation Strategies -- Introduction â€? general aspects, avoidance and related ISO27001 controls -- People</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">A.7.1.1 â€? ScreeningMethods of screening -- A.7.1.2 â€? Terms and conditions of employment -- A.7.2.1 â€? Management responsibilities -- A.7.2.2 â€? Information security awareness, education and training -- A.7.2.3 â€? Disciplinary process -- A.7.3.1 â€? Termination or change of employment -- A.8.1.4 â€? Return of assets -- A.9.2.6 â€? Removal or adjustment of access rights -- Processes -- Technology -- ISO27001 Controls helpful for treatment of breaches -- A.6.1.3 â€? Contact with authorities</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">A.7.2.2 â€? Information security awareness, education and trainingA.7.2.3 â€? Disciplinary process A.8.1.4 â€? Return of assets A.9.2.6 â€? Removal or adjustment of access rights -- A.12.2.1 â€? Controls against malware -- A.12.4.1 â€? Event logging and -- A.12.4.2 â€? Protection of log information -- A.16.1.1 â€? Responsibilities and procedures -- A.16.1.2 â€? Reporting information security events -- A.16.1.3 â€? Reporting security weaknesses -- A.16.1.4 â€? Assessment of and decision on information security events</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">A.16.1.5 â€? Response to information security incidentsA.16.1.6 â€? Learning from information security incidents -- A.16.1.7 â€? Collection of evidence -- Strategies and tactics for treating breaches -- Tactical advice -- Regular meetings -- Time, time, time -- Rest -- People (number) -- International contacts -- Keep the information flowing -- Keep minutes -- Additional quality feedback -- Dimensions of treatment / mitigation of information security breaches -- None -- Internal investigation -- External investigation -- Joint task force</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">This book provides a general discussion and education about information security breaches, how they can be treated and what ISO27001 can offer in that regard, spiced with a number of real-life stories of information security incidents and breaches. These case studies enable an in-depth analysis of the situations companies face in real life, and contain valuable lessons an organisation can learn from when putting appropriate measures in place to prevent a breach. The author explains what your top priorities should be the moment you realise a breach has occured, making this book essential reading for IT security managers, chief security officers, chief information officers and chief executive officers. It will be of use to personnel in non-IT roles, in an effort to make this subject more comprehensible to those who, in a worst-case scenario, will be on the receiving end of requests for six- or seven-figure excess budgets to cope with severe incidents."--</subfield><subfield code="c">Edited summary from book</subfield></datafield><datafield tag="504" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer security.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer crimes.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh85029492</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Electronic information resources</subfield><subfield code="x">Access control.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh99010373</subfield></datafield><datafield tag="650" ind1=" " ind2="2"><subfield code="a">Computer Security</subfield><subfield code="0">https://id.nlm.nih.gov/mesh/D016494</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Sécurité informatique.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Criminalité informatique.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Sources d'information électroniques</subfield><subfield code="x">Accès</subfield><subfield code="x">Contrôle.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">General.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer crimes</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer security</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Electronic information resources</subfield><subfield code="x">Access control</subfield><subfield code="2">fast</subfield></datafield><datafield tag="758" ind1=" " ind2=" "><subfield code="i">has work:</subfield><subfield code="a">Managing information security breaches (Text)</subfield><subfield code="1">https://id.oclc.org/worldcat/entity/E39PCFVj9JcqXw993Df4GvxxDq</subfield><subfield code="4">https://id.oclc.org/worldcat/ontology/hasWork</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Print version:</subfield><subfield code="a">Krausz, Michael.</subfield><subfield code="t">Managing information security breaches : studies from real life.</subfield><subfield code="b">Second edition.</subfield><subfield code="d">Cambridgeshire, England : IT Governance Publishing, ©2014</subfield><subfield code="h">199 pages</subfield><subfield code="z">9781849285957</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=957892</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="936" ind1=" " ind2=" "><subfield code="a">BATCHLOAD</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBL - Ebook Library</subfield><subfield code="b">EBLB</subfield><subfield code="n">EBL3015817</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">ebrary</subfield><subfield code="b">EBRY</subfield><subfield code="n">ebr11022437</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBSCOhost</subfield><subfield code="b">EBSC</subfield><subfield code="n">957892</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">YBP Library Services</subfield><subfield code="b">YANK</subfield><subfield code="n">12302804</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-863</subfield></datafield></record></collection>
id	ZDB-4-EBA-ocn905916579
illustrated	Illustrated
indexdate	2024-11-27T13:26:33Z
institution	BVB
isbn	9781849285964 1849285969
language	English
oclc_num	905916579
open_access_boolean
owner	MAIN DE-863 DE-BY-FWS
owner_facet	MAIN DE-863 DE-BY-FWS
physical	1 online resource (199 pages) : color illustrations, tables
psigel	ZDB-4-EBA
publishDate	2014
publishDateSearch	2014
publishDateSort	2014
publisher	IT Governance Publishing,
record_format	marc
spelling	Krausz, Michael, author. http://id.loc.gov/authorities/names/no2011004375 Managing information security breaches : studies from real life / Michael Krausz. Second edition. Cambridgeshire, England : IT Governance Publishing, 2014. ©2014 1 online resource (199 pages) : color illustrations, tables text txt rdacontent computer c rdamedia online resource cr rdacarrier Online resource; title from PDF title page (ebrary, viewed March 9, 2015). Foreword -- Preface -- About the Author -- Acknowledgements -- Contents -- Introduction -- Part 1 â€? General -- Chapter 1: Why Risk does Not Depend on Company Size -- Risk effect -- Propagation of damage (downstream effects) -- Culture -- Information security staff -- Cash reserves / cash at hand -- Ability to improvise / make quick decisions -- Preparedness -- Contacts with authority -- Chapter 2: Getting your Risk Profile Right -- Intuitive risk analysis -- Formal risk analysis -- Step 1 â€? Identifying threats Step 2 â€? Assigning damage and likelihoodStep 3 â€? Defining acceptable loss -- Step 4 â€? Defining mitigation priorities (business priorities) -- Residual risks -- Chapter 3: What is a Breach? -- Confidentiality breach -- Availability breach -- Integrity breach -- Impact -- Source -- External vs. internal -- Unintentional vs. intentional -- Manual vs. automatic -- Human vs. nature -- General treatment options -- Chapter 4: General Avoidance and Mitigation Strategies -- Introduction â€? general aspects, avoidance and related ISO27001 controls -- People A.7.1.1 â€? ScreeningMethods of screening -- A.7.1.2 â€? Terms and conditions of employment -- A.7.2.1 â€? Management responsibilities -- A.7.2.2 â€? Information security awareness, education and training -- A.7.2.3 â€? Disciplinary process -- A.7.3.1 â€? Termination or change of employment -- A.8.1.4 â€? Return of assets -- A.9.2.6 â€? Removal or adjustment of access rights -- Processes -- Technology -- ISO27001 Controls helpful for treatment of breaches -- A.6.1.3 â€? Contact with authorities A.7.2.2 â€? Information security awareness, education and trainingA.7.2.3 â€? Disciplinary process A.8.1.4 â€? Return of assets A.9.2.6 â€? Removal or adjustment of access rights -- A.12.2.1 â€? Controls against malware -- A.12.4.1 â€? Event logging and -- A.12.4.2 â€? Protection of log information -- A.16.1.1 â€? Responsibilities and procedures -- A.16.1.2 â€? Reporting information security events -- A.16.1.3 â€? Reporting security weaknesses -- A.16.1.4 â€? Assessment of and decision on information security events A.16.1.5 â€? Response to information security incidentsA.16.1.6 â€? Learning from information security incidents -- A.16.1.7 â€? Collection of evidence -- Strategies and tactics for treating breaches -- Tactical advice -- Regular meetings -- Time, time, time -- Rest -- People (number) -- International contacts -- Keep the information flowing -- Keep minutes -- Additional quality feedback -- Dimensions of treatment / mitigation of information security breaches -- None -- Internal investigation -- External investigation -- Joint task force This book provides a general discussion and education about information security breaches, how they can be treated and what ISO27001 can offer in that regard, spiced with a number of real-life stories of information security incidents and breaches. These case studies enable an in-depth analysis of the situations companies face in real life, and contain valuable lessons an organisation can learn from when putting appropriate measures in place to prevent a breach. The author explains what your top priorities should be the moment you realise a breach has occured, making this book essential reading for IT security managers, chief security officers, chief information officers and chief executive officers. It will be of use to personnel in non-IT roles, in an effort to make this subject more comprehensible to those who, in a worst-case scenario, will be on the receiving end of requests for six- or seven-figure excess budgets to cope with severe incidents."-- Edited summary from book Includes bibliographical references. Computer security. Computer crimes. http://id.loc.gov/authorities/subjects/sh85029492 Electronic information resources Access control. http://id.loc.gov/authorities/subjects/sh99010373 Computer Security https://id.nlm.nih.gov/mesh/D016494 Sécurité informatique. Criminalité informatique. Sources d'information électroniques Accès Contrôle. COMPUTERS General. bisacsh Computer crimes fast Computer security fast Electronic information resources Access control fast has work: Managing information security breaches (Text) https://id.oclc.org/worldcat/entity/E39PCFVj9JcqXw993Df4GvxxDq https://id.oclc.org/worldcat/ontology/hasWork Print version: Krausz, Michael. Managing information security breaches : studies from real life. Second edition. Cambridgeshire, England : IT Governance Publishing, ©2014 199 pages 9781849285957 FWS01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=957892 Volltext
spellingShingle	Krausz, Michael Managing information security breaches : studies from real life / Foreword -- Preface -- About the Author -- Acknowledgements -- Contents -- Introduction -- Part 1 â€? General -- Chapter 1: Why Risk does Not Depend on Company Size -- Risk effect -- Propagation of damage (downstream effects) -- Culture -- Information security staff -- Cash reserves / cash at hand -- Ability to improvise / make quick decisions -- Preparedness -- Contacts with authority -- Chapter 2: Getting your Risk Profile Right -- Intuitive risk analysis -- Formal risk analysis -- Step 1 â€? Identifying threats Step 2 â€? Assigning damage and likelihoodStep 3 â€? Defining acceptable loss -- Step 4 â€? Defining mitigation priorities (business priorities) -- Residual risks -- Chapter 3: What is a Breach? -- Confidentiality breach -- Availability breach -- Integrity breach -- Impact -- Source -- External vs. internal -- Unintentional vs. intentional -- Manual vs. automatic -- Human vs. nature -- General treatment options -- Chapter 4: General Avoidance and Mitigation Strategies -- Introduction â€? general aspects, avoidance and related ISO27001 controls -- People A.7.1.1 â€? ScreeningMethods of screening -- A.7.1.2 â€? Terms and conditions of employment -- A.7.2.1 â€? Management responsibilities -- A.7.2.2 â€? Information security awareness, education and training -- A.7.2.3 â€? Disciplinary process -- A.7.3.1 â€? Termination or change of employment -- A.8.1.4 â€? Return of assets -- A.9.2.6 â€? Removal or adjustment of access rights -- Processes -- Technology -- ISO27001 Controls helpful for treatment of breaches -- A.6.1.3 â€? Contact with authorities A.7.2.2 â€? Information security awareness, education and trainingA.7.2.3 â€? Disciplinary process A.8.1.4 â€? Return of assets A.9.2.6 â€? Removal or adjustment of access rights -- A.12.2.1 â€? Controls against malware -- A.12.4.1 â€? Event logging and -- A.12.4.2 â€? Protection of log information -- A.16.1.1 â€? Responsibilities and procedures -- A.16.1.2 â€? Reporting information security events -- A.16.1.3 â€? Reporting security weaknesses -- A.16.1.4 â€? Assessment of and decision on information security events A.16.1.5 â€? Response to information security incidentsA.16.1.6 â€? Learning from information security incidents -- A.16.1.7 â€? Collection of evidence -- Strategies and tactics for treating breaches -- Tactical advice -- Regular meetings -- Time, time, time -- Rest -- People (number) -- International contacts -- Keep the information flowing -- Keep minutes -- Additional quality feedback -- Dimensions of treatment / mitigation of information security breaches -- None -- Internal investigation -- External investigation -- Joint task force Computer security. Computer crimes. http://id.loc.gov/authorities/subjects/sh85029492 Electronic information resources Access control. http://id.loc.gov/authorities/subjects/sh99010373 Computer Security https://id.nlm.nih.gov/mesh/D016494 Sécurité informatique. Criminalité informatique. Sources d'information électroniques Accès Contrôle. COMPUTERS General. bisacsh Computer crimes fast Computer security fast Electronic information resources Access control fast
subject_GND	http://id.loc.gov/authorities/subjects/sh85029492 http://id.loc.gov/authorities/subjects/sh99010373 https://id.nlm.nih.gov/mesh/D016494
title	Managing information security breaches : studies from real life /
title_auth	Managing information security breaches : studies from real life /
title_exact_search	Managing information security breaches : studies from real life /
title_full	Managing information security breaches : studies from real life / Michael Krausz.
title_fullStr	Managing information security breaches : studies from real life / Michael Krausz.
title_full_unstemmed	Managing information security breaches : studies from real life / Michael Krausz.
title_short	Managing information security breaches :
title_sort	managing information security breaches studies from real life
title_sub	studies from real life /
topic	Computer security. Computer crimes. http://id.loc.gov/authorities/subjects/sh85029492 Electronic information resources Access control. http://id.loc.gov/authorities/subjects/sh99010373 Computer Security https://id.nlm.nih.gov/mesh/D016494 Sécurité informatique. Criminalité informatique. Sources d'information électroniques Accès Contrôle. COMPUTERS General. bisacsh Computer crimes fast Computer security fast Electronic information resources Access control fast
topic_facet	Computer security. Computer crimes. Electronic information resources Access control. Computer Security Sécurité informatique. Criminalité informatique. Sources d'information électroniques Accès Contrôle. COMPUTERS General. Computer crimes Computer security Electronic information resources Access control
url	https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=957892
work_keys_str_mv	AT krauszmichael managinginformationsecuritybreachesstudiesfromreallife

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Volltext öffnen

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge