Monday, December 8, 2008

Information Systems Security: Security Management, Metrics, Framework and Best Practices

Security was, is, and will always be a double edged sword. You have to expose your systems and applications to the external world in order to conduct business; but you want to remain in control. How does one achieve this balance?

The best approach, it seems, is to understand information and communication systems themselves, from a security viewpoint. Then one needs to understand the ‘soft spots’, where the systems can be exposed to intrusion and risks, within the overall architecture and design of these systems. These areas of risks can span the entire gamut of information systems including databases, networks, applications, Internet-based communication, web services, mobile technologies and people issues associated with all of them. Effective strategy to ameliorate the risks associated with these aspects of IT systems then needs to be developed, to provide businesses with the confidence to operate in the real world. Furthermore, with increasingly stringent legislations, such as the Sarbanes-Oxley (SOx) legislation, that impose rigid auditing controls over businesses – particularly through their information and communication systems – it is vital for businesses to be fully aware of the security risks associated with their systems as well as the regulatory body pressures; and develop and implement an effective strategy to handle those risks.

This book covers all of the aforementioned issues in depth. It covers all significant aspects of security, as it deals with ICT, and provides practicing ICT security professionals explanations to various aspects of information systems, their corresponding security risks and how to embark on strategic approaches to reduce and, preferably, eliminate those risks. The coverage of the book is vast, and the relevant to immediate practice.

Salient features of the book

• Written by an experienced industry professional working in the domain, a professional with extensive experience in teaching at various levels (student seminars, industry workshops) as well as research.

• A comprehensive treatment and truly a treatise on the subject of Information Security

• Coverage of SOX and SAS 70 aspects for Asset Management in the context of information systems security.

• Covers SOX and SAS 70 aspects for Asset Management in the context of Information Systems Security.

• Detailed explanation of topics "Privacy" and "Biometric Controls".

• IT Risk Analysis covered.

• Review questions and reference material pointers after each chapter.

• Ample figures to illustrate key points – over 250 figures!

• All this is in a single book that should prove as a valuable reference on the topic to students and professionals. Useful for candidates appearing for the CISA certification exam. Maps well with the CBOK for CSTE and CSQA Certifications.

About the author

Nina Godbole has vast experience in the IT industry – System Analysis & Design and Development, as well as Application Support Services, MIS, IT Perspective Planning Training, Security Audits, Quality Management, Operations Management. Nina has also led BPR initiatives and has played an instrumental role in successfully driven organizational initiatives – the ISO 9001, P-CMM and CMM-I. She is an active member of many professional bodies and academic research groups.
Nina holds a Masters Degree from IIT and MS Engineering (Computer Science) degree from Newport University, USA. She is a CQA, CSTE, CISA, PMP and ITIL Foundation Certified professional.

Companion CD contains:

• 37 appendices with checklists, guidelines and more, on the topics covered.
• 17 case illustrations to help readers appreciate/reinforce the understanding of the concepts.
• Workshop Mapping document with ideas for mapping contents of chapters to workshops/seminars on security and privacy.

ISBN: 978-81-265-1692-6 Information Systems Security: Security Management, Metrics, Frameworks and Best Practices Price: Rs 549/- Pages: 1020

To know more, click here: