Assessing and Managing Security Risk in IT Systems: A by John McCumber

By John McCumber

The booklet basically describes the McCumber dice info safety methodology.
And the McCumber dice technique is certainly fascinating and value the read.

Unfortunately, the writer wrote round it an entire book!
In the 1st half the writer describes the bases at the info safeguard and relates it to the McCumber dice (without relatively describing what the dice is! fortunately, the hardcover has an image of it.)
In the second one half he dwelves in a bit extra aspect of the McCumber dice technique, repeating time and again an analogous ideas, simply with mild standpoint variations.

Obviously his technique is defined as enhanced to the other technique! whereas he makes a number of positive aspects, usually he simply states this with no relatively evaluating it to the opposite technologies.

Worth the learn when you have time to spare... it certainly has a number of fascinating principles and viewpoints.
If purely they have been expressed in a 10th of the space!

Show description

Read or Download Assessing and Managing Security Risk in IT Systems: A Structured Methodology PDF

Best comptia books

Privacy Protection and Computer Forensics(Artech House Computer Security Series)

This revised variation of an Artech condominium bestseller is going a ways past the common machine forensics books out there, emphasizing find out how to guard one's privateness from info robbery and adversarial laptop forensics. the second one variation has been up-to-date to provide extra exact how-to suggestions on retaining the confidentiality of knowledge saved on desktops, and particular details at the vulnerabilities of standard ancillary computing units, corresponding to PDAs, mobile phones, clever playing cards, GPS units, mobilephone calling playing cards, fax machines, and photocopiers.

Security in RFID and Sensor Networks

Long ago numerous years, there was an expanding development within the use of Radio Frequency identity (RFID) and instant Sensor Networks (WSNs) in addition to within the integration of either platforms because of their complementary nature, versatile mix, and the call for for ubiquitous computing. As continually, sufficient safeguard is still one of many open components of outrage prior to large deployment of RFID and WSNs will be completed.

Foundations of Security Analysis and Design II

Protection is a quickly transforming into quarter of desktop technological know-how, with direct and lengthening relevance to real-life purposes, reminiscent of web transactions, e-commerce, details defense, community and platforms safeguard, and so forth. Foundations for the research and layout of security measures of such functions are badly wanted so as to validate and turn out their correctness.

Network Security Policies and Procedures (Advances in Information Security)

Corporation community directors are pressured this present day to aggressively pursue a powerful community defense regime. This ebook goals to provide the reader a robust, multi-disciplinary realizing of ways to pursue this objective. This specialist quantity introduces the technical concerns surrounding defense in addition to how protection guidelines are formulated on the govt point and communicated in the course of the association.

Additional resources for Assessing and Managing Security Risk in IT Systems: A Structured Methodology

Sample text

Information is a corporate activity and corporate function and (here is where we get to the theory part) should not be part of IT. An effective information security strategy requires four types of controls: preventive, detective, containment, and recovery. Dr. Peter Stephenson has altered these elements to currently address assurance, avoidance, detection, and recovery. Our strategy is to prevent as much as possible; then we want to able to detect when we have problems, to contain the problem, and we want to have the ability to recover from it.

The Foreign Corrupt Practices Act (FCPA) For 20 years, the FCPA was largely ignored by regulators. This was due in part to an initial amnesty program under which nearly 500 companies admitted violations. Now the federal government has dramatically increased its attention on business activities and is looking to enforce the act with vigor. To avoid liability under the FCPA, companies must implement a due diligence program that includes a set of internal controls and enforcement. A set of policies and procedures that are implemented and audited for compliance are required to meet the test of due diligence.

2. Appoint a high-level manager to oversee compliance with the policy, standards, and procedures. 3. Exercise due care when granting discretionary authority to employees. 4. Ensure compliance policies are being carried out. 5. Communicate the standards and procedures to all employees and others. 6. Enforce the policies, standards, and pr ocedures consistently through appropriate disciplinary measures. 7. Have procedures for corrections and modifications in case of violations. These guidelines reward those organizations that make a good faith effort to prevent unethical activity; this is done by lowering potential fines if, despite the organization’s best efforts, unethical or illegal activities are still committed by the organization or its employees.

Download PDF sample

Rated 4.51 of 5 – based on 19 votes