Chapter. 5. Addressing Business Impact Analysis and Business Continuity
Chapter. 6. Governing: Policy, Maturity Models and Planning
Part. III. Tactical Security Planning
Chapter. 7. Designing Information Security
Chapter. 8. Planning for Network Security
Chapter. 9. Designing Physical Security
Chapter. 10. Attending to Information Privacy
Chapter. 11. Planning for Alternative Networks: Cloud Security and Zero Trust
Chapter. 12. Organizing Personnel Security
Part. IV. Planning for Detect, Respond, Recover
Chapter. 13. Planning for Incident Response
Chapter. 14. Defining Security Metrics
Chapter. 15. Performing an Audit or Security Test
Chapter. 16. Preparing for Forensic Analysis
Part. V. Complying with National Regulations and Ethics
Chapter. 17. Complying with the European Union General Data Protection Regulation (GDPR)
Chapter. 18. Complying with U.S. Security Regulations
Chapter. 19. Complying with HIPAA and HITECH
Chapter. 20. Maturing Ethical Risk
Part. VI. Developing Secure Software
Chapter. 21. Understanding Software Threats and Vulnerabilities
Chapter. 22. Defining a Secure Software Process
Chapter. 23. Planning for Secure Software Requirements and Design with UML
Susan Lincke PhD is a Certified Information Systems Auditor with both industry and academic experience, able to know what is important in industry and how to teach it. Materials were funded by a National Science Foundation grant, where students planned security for real community partners.
This book demonstrates how information security requires a deep understanding of an organization's assets, threats and processes, combined with the technology that can best protect organizational security. It provides step-by-step guidance on how to analyze business processes from a security perspective, while also introducing security concepts and techniques to develop the requirements and design for security technologies. This interdisciplinary book is intended for business and technology audiences, at student or experienced levels.
Organizations must first understand the particular threats that an organization may be prone to, including different types of security attacks, social engineering, and fraud incidents, as well as addressing applicable regulation and security standards. This international edition covers Payment Card Industry Data Security Standard (PCI DSS), American security regulation, and European GDPR. Developing a risk profile helps to estimate the potential costs that an organization may be prone to, including how much should be spent on security controls.
Security planning then includes designing information security, as well as network and physical security, incident response and metrics. Business continuity considers how a business may respond to the loss of IT service. Optional areas that may be applicable include data privacy, cloud security, zero trust, secure software requirements and lifecycle, governance, introductory forensics, and ethics.
This book targets professionals in business, IT, security, software development or risk. This text enables computer science, information technology, or business students to implement a case study for an industry of their choosing.