Location:  Home » Books » Information Security: Design, Implementation, Measurement, and Compliance  

Information Security: Design, Implementation, Measurement, and Compliance

Information Security: Design, Implementation, Measurement, and ComplianceAuthor: Timothy P. Layton
Publisher: Auerbach Publications
Category: Book

List Price: $98.95
Buy New: $74.47
as of 7/30/2010 15:55 CDT details
You Save: $24.48 (25%)


New (13) Used (4) from $74.46

Seller: internationalbooks
Rating: 4.0 out of 5 stars 1 reviews
Sales Rank: 1327643

Media: Hardcover
Edition: 1
Pages: 264
Number Of Items: 1
Shipping Weight (lbs): 1.1
Dimensions (in): 9.2 x 6.4 x 0.8

ISBN: 0849370876
Dewey Decimal Number: 658.478
EAN: 9780849370878
ASIN: 0849370876

Publication Date: July 20, 2006
Availability: Usually ships in 1-2 business days
Also Available In:

  • Kindle Edition - Information Security: Design, Implementation, Measurement, and Compliance
Accessories:

Similar Items:

Editorial Reviews:

Product Description
Organizations rely on digital information today more than ever before. Unfortunately, that information is equally sought after by criminals. New security standards and regulations are being implemented to deal with these threats, but they are very broad and organizations require focused guidance to adapt the guidelines to their specific needs.

Fortunately, Information Security: Design, Implementation, Measurement, and Compliance outlines a complete roadmap to successful adaptation and implementation of a security program based on the ISO/IEC 17799:2005 (27002) Code of Practice for Information Security Management. The book first describes a risk assessment model, a detailed risk assessment methodology, and an information security evaluation process. Upon this foundation, the author presents a proposed security baseline for all organizations, an executive summary of the ISO/IEC 17799 standard, and a gap analysis exposing the differences between the recently rescinded version and the newly released version of the standard. Finally, he devotes individual chapters to each of the 11 control areas defined in the standard, covering systematically the 133 controls within the 39 control objectives.

Tim Layton's Information Security is a practical tool to help you understand the ISO/IEC 17799 standard and apply its principles within your organization's unique context.

Customer Reviews:
4 out of 5 stars Provides an in-depth perspective of the ISO/IEC 17799 information security standard   July 2, 2009
Ben Rothke (USA)
1 out of 1 found this review helpful

The goal of Information Security: Design, Implementation, Measurement, and Compliance is to provide the reader with an in-depth perspective of the ISO/IEC 17799 information security standard and how to use it to measure an information security program.

As an introduction; ISO/IEC 17799 is an information security standard published and revised in June 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is entitled Information technology - Security techniques - Code of practice for information security management. The current standard is a revision of the version published in 2000, which was an exact copy of the British Standard (BS) 7799-1:1999.

ISO/IEC 17799 provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS). Information security is defined within the standard in the context of the C-I-A triad (confidentiality, integrity, availability).

At just over 200 pages, the books 17 chapters provides the reader with a densely packed overview of the ISO/IEC 17799 standard. In addition, the book covers the details of how to perform a qualitative-based risk assessment. It provides a methodology on how to assess the various types of risk. The author breaks them out into four different areas, namely: human malicious (sabotage, terrorists, etc.), human non-malicious human error, poor management philosophy, etc.), accidental (airplane crash, telecommunication failure, etc.), and other (natural or other unplanned disruptions or disasters).

As organization place more of their critical data on networks and rely on digital information more than ever before, the need to ensure that the data is adequately protected by the regulations required is equally more important than ever. As an example, had TJX Companies better developed their security posture, they would likely not be facing a myriad law suits. The insecurity of TJX has had a direct negative financial effect.

From a fanatical perspective, the company announced that in the most recent quarter, it took a $12 million loss, equal to 3 cents per share, because of the loss of more than 40 million credit and debit card numbers that were stolen from its systems over an 18-month period, which is one of the largest customer data breaches to date. The $12 million in losses was for costs incurred to investigate and contain the intrusion, improve computer security and systems, and communicate with customers, as well as technical, legal, and other fees. Had TJX used a methodology such as ISO/IEC 17799 to secure their data, it is likely that they would not be in the predicament they are now in.

While geared to a general audience, given the books terse and somewhat dry style, those that already have a background in security and risk management will find the greatest value from the book.



Copyright © 2009 Risk Management and Insurance