Security policies and implementation issues / (Record no. 1212)
[ view plain ]
| 000 -LEADER | |
|---|---|
| fixed length control field | 07219cam a22003495a 4500 |
| 001 - CONTROL NUMBER | |
| control field | 16802476 |
| 003 - CONTROL NUMBER IDENTIFIER | |
| control field | BD-DhUL |
| 005 - DATE AND TIME OF LATEST TRANSACTION | |
| control field | 20140807160927.0 |
| 007 - PHYSICAL DESCRIPTION FIXED FIELD--GENERAL INFORMATION | |
| fixed length control field | cr unu|||||||| |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION | |
| fixed length control field | 110531s2011 maua sb 001 0 eng |
| 010 ## - LIBRARY OF CONGRESS CONTROL NUMBER | |
| LC control number | 2011282245 |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 9780763791322 |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 0763791326 |
| 040 ## - CATALOGING SOURCE | |
| Original cataloging agency | DLC |
| Transcribing agency | DLC |
| Modifying agency | BD-DhUL |
| 042 ## - AUTHENTICATION CODE | |
| Authentication code | pcc |
| 082 ## - DEWEY DECIMAL CLASSIFICATION NUMBER | |
| Classification number | 005.8 |
| Item number | JOS |
| 100 1# - MAIN ENTRY--PERSONAL NAME | |
| Personal name | Johnson, Rob. |
| 245 10 - TITLE STATEMENT | |
| Title | Security policies and implementation issues / |
| Statement of responsibility, etc. | Rob Johnson. |
| 260 ## - PUBLICATION, DISTRIBUTION, ETC. (IMPRINT) | |
| Place of publication, distribution, etc. | Sudbury, Mass. : |
| Name of publisher, distributor, etc. | Jones & Bartlett Learning, |
| Date of publication, distribution, etc. | c2011. |
| 300 ## - PHYSICAL DESCRIPTION | |
| Extent | xvii, 437 p. : |
| Other physical details | ill. |
| 490 1# - SERIES STATEMENT | |
| Series statement | Jones & Bartlett Learning information systems security & assurance series. |
| 504 ## - BIBLIOGRAPHY, ETC. NOTE | |
| Bibliography, etc | Includes bibliographical references (p. 419-425) and index. |
| 505 0# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Note continued: Disaster Recovery Procedures for Mission-Critical System, Application, or Data Functionality and Recovery -- RTO Policies Based on Disaster Scenario -- Best Practices for Risk Management Policies -- Case Studies and Examples of Risk Management Policies -- Private Sector Case Example -- Public Sector Case Example -- Critical Infrastructure Case Study -- Chapter Summary -- Key Concepts and Terms -- ch. 11 Assessment -- ch. 12 Incident Response Team (IRT) Policies -- Incident Response Policy -- What Is an Incident? -- Incident Classification -- The Response Team Charter -- Incident Response Team Members -- Responsibilities During an Incident -- Users on the Front Line -- System Administrators -- Information Security Personnel -- Management -- Support Services -- Other Key Roles -- Procedures for Incident Response -- Discovering an Incident -- Reporting an Incident -- Containing and Minimizing the Damage -- Cleaning Up After the Incident -- Documenting the Incident and Actions -- Analyzing the Incident and Response -- Creating Mitigation to Prevent Future Incidents -- Handling the Media and What to Disclose -- Best Practices for Incident Response Policies -- Case Studies and Examples of Incident Response Policies -- Private Sector Case Study -- Public Sector Case Study -- Critical Infrastructure Case Study -- Chapter Summary -- Key Concepts and Terms -- ch. 12 Assessment -- pt. THREE Implementing and Maintaining an IT Security Policy Framework -- ch. 13 IT Security Policy Implementations -- Implementation Issues for IT Security Policies -- Organizational Challenges -- Organizational and Cultural Change -- Organizational and Individual Acceptance -- Security Awareness Policy Implementations -- Development of an Organization-Wide Security Awareness Policy -- Conducting Security Awareness Training Sessions -- Executive Management Sponsorship -- Human Resources (HR) Ownership of New Employee Orientation -- Review of Acceptable Use Policies (AUPs) -- Information Dissemination -- How to Educate Employees -- Hard Copy Dissemination -- Posting Policies on the Intranet -- Using E-mail -- Brown Bag Lunch and Learning Sessions -- Overcoming Technical Hindrances -- Distributed Infrastructure -- Outdated Technology -- Lack of Standardization Throughout the IT Infrastructure -- Overcoming Nontechnical Hindrances -- Distributed Environment -- User Types -- Lack of Executive Management Support -- Best Practices for IT Security Policy Implementations -- Case Studies and Examples of Successful IT Security Policy Implementations -- Private Sector Case Study -- Public Sector Case Study -- Critical Infrastructure Case Study -- Chapter Summary -- Key Concepts and Terms -- ch. 13 Assessment -- Endnote -- ch. 14 IT Security Policy Enforcement -- Organizational Support for IT Security Policy Enforcement -- Executive Management Must Provide Sponsorship -- Hierarchical Organizational Approach to Ensure Roles, Responsibilities, and Accountabilities are Defined for Security Policy Implementation -- Front-Line Managers and Supervisors Must Take Responsibility and Accept Accountability -- Grass-Roots Employees -- An Organization's Right to Monitor User Actions and Traffic -- Compliance Law: Requirement or Risk Management? -- What Is Law and What is Policy? -- What Security Controls Work to Enforce Protection of Privacy Data? -- What Automated Security Controls Can Be Implemented Through Policy? -- What Manual Security Controls Assist with Enforcement? -- Legal Implications of IT Security Policy Enforcement -- Who Is Ultimately Liable for Risk, Threats, and Vulnerabilities? -- Where Must IT Security Policy Enforcement Come From? -- Best Practices for IT Security Policy Enforcement -- Case Studies and Examples of Successful IT Security Policy Enforcement -- Private Sector Case Study -- Public Sector Case Study -- Critical Infrastructure Case Study -- Chapter Summary -- Key Concepts and Terms -- ch. 14 Assessment -- ch. 15 IT Policy Compliance Systems and Emerging Technologies -- Defining a Baseline Definition for Information Systems Security -- Policy-Defining Overall IT Infrastructure Security Definition -- Vulnerability Window and Information Security Gap Definition -- Tracking, Monitoring, and Reporting IT Security Baseline Definition and Policy Compliance -- Automated Systems -- Manual Tracking and Reporting -- Random Audits and Departmental Compliance -- Overall Organizational Report Card for Policy Compliance -- Automating IT Security Policy Compliance -- Automated Policy Distribution -- Configuration Management and Change Control Management -- Collaboration and Policy Compliance across Business Areas -- Version Control for Policy Implementation Guidelines and Compliance -- Emerging Technologies and Solutions -- SCAP -- SNMP -- WBEM -- WMI -- Digital Signing -- Best Practices for IT Security Policy Compliance Monitoring -- Case Studies and Examples of Successful IT Security Policy Compliance Monitoring -- Private Sector Case Studies -- Public Sector Case Study -- Critical Infrastructure Case Study -- Chapter Summary -- Key Concepts and Terms -- ch. 15 Assessment. |
| 520 ## - SUMMARY, ETC. | |
| Summary, etc. | "The study of information system security concepts and domains is an essential part of the education of computer science students and professionals alike. Security Policies and Implementation Issues offers a comprehensive, end-to-end view of information security policies and frameworks from the raw organizational mechanics of building to the psychology of implementation. It presents an effective balance between technical knowledge and soft skills, and introduces many different concepts of information security in clear simple terms such as governance, regulator mandates, business drivers, legal considerations, and much more. With step-by-step examples and real-world exercises, this book is a must-have resource for students, security officers, auditors, and risk leaders looking to fully understand the process of implementing successful sets of security policies and frameworks."--Resource description page. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | Computer networks |
| General subdivision | Security measures. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | Data protection. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | Computer security. |
| 830 #0 - SERIES ADDED ENTRY--UNIFORM TITLE | |
| Uniform title | Jones & Bartlett Learning information systems security & assurance series. |
| 906 ## - LOCAL DATA ELEMENT F, LDF (RLIN) | |
| a | 0 |
| b | ibc |
| c | origres |
| d | 3 |
| e | ncip |
| f | 20 |
| g | y-gencatlg |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) | |
| Source of classification or shelving scheme | |
| Koha item type | Books |
| Price effective from | Date last seen | Permanent Location | Not for loan | Date acquired | Source of classification or shelving scheme | Koha item type | Lost status | Cost, normal purchase price | Withdrawn status | Source of acquisition | Collection code | Damaged status | Shelving location | Barcode | Current Location | Full call number |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2014-08-07 | 2014-08-07 | Dhaka University Science Library | 2012-12-08 | Books | 0.00 | Purchase | Non Fiction | General Stacks | 477163 | Dhaka University Science Library | 005.8 JOS |