Features
- Cover Type: Paperback with 272 pages
- Published by: Wiley-IEEE Computer Society Pr April 7, 2006
- Written in: English
- ISBN 10 Number: 0471736120
- ISBN 13 Number: 978-0471736127
-
Book Dimensions:
9.2 x 5.9 x 0.8 inches
- Weighs: 1 pounds
Product Review
"Executives will quickly learn to see how information security can be addressedIT security professionals will benefitfrom an understanding of how to present information security to nontechnical experts." (
Computing Reviews.com, August 15, 2006)
"Useful for information security managers, IT executives, and consultants, the book can also help nontechnical executives who need to protect the value and security of their organization's information." (
IEEE Computer Magazine, May 2006)
Book Description
Bridging the gap between information security and strategic planning
This publication is a reflection of the author's firsthand experience as an information security consultant, working for an array of clients in the private and public sectors. Readers discover how to work with their organizations to develop and implement a successful information security plan by improving management practices and by establishing information security as an integral part of overall strategic planning.
The book starts with an overview of basic concepts in strategic planning, information technology strategy, and information security strategy. A practical guide to defining an information security strategy is then provided, covering the "nuts and bolts" of defining long-term information security goals that effectively protect information resources. Separate chapters covering technology strategy and management strategy clearly demonstrate that both are essential, complementary elements in protecting information.
Following this practical introduction to strategy development, subsequent chapters cover the theoretical foundation of an information security strategy, including:
* Examination of key enterprise planning models that correspond to different uses of information and different strategies for securing information
* Review of information economics, an essential link between information security strategy and business strategy
* Role of risk in building an information security strategy
Two separate case studies are developed, helping readers understand how the development and implementation of information security strategies can work within their own organizations.
This is essential reading for information security managers, information technology executives, and consultants. By linking information security to general management strategy, the publication is also recommended for nontechnical executives who need to protect the value and security of their organization's information.
Reader Reviews
As an professor that teaches information security at the undergraduate and graduate level I was interested in this book to enhance the strategic direction of my courses. As we all know, most of the problems with info security can be attributed to management and personnel, not technology. This book does a good job of framing and explaining a strategic approach. Although I will not require of my students, I will recommend as a way of understanding the big picture of security. Too often we learn bits and pieces of a subject and never understand how all the pieces fit together. This book does a good job of putting all of the pieces together in a nice strategic approach.
Comment | |
(Report this)
Search for books at
