This title is a comprehensive source of information on the ITILv3 Information Security Management process. This groundbreaking new title looks at information security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers: 1) Fundamentals of information security providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors. 2) Fundamentals of management of information security - explains what Information Security Management is about and its objectives. Details are also given on implementing the process and the continuous effort required to maintain its quality. 3) ITILv3 and Information Security Management - shows the links with the other ITIL processes. Shows how integrating the Information Security Management activities into existing processes and activities not only supports efficiencies but ultimately is the key way to achieve effective Information Security Management. 4) Implementing Information Security Management - gives practical advice how to put Information Security Management into practice. From awareness in the organization via documentation required, to maturity models. This guidance describes best practices for realizing Information Security Management. Key Features and Benefits: 1) One of the few titles available that covers the Information Security Management process - providing a one-stop shop for information relating to information security in the context of ITIL. 2) Written in a straight forward and easy-to-understand style that makes the book both easy to use and read. Making the information easier to understand. 3) The information within the book is aligned with that in the ISO/IEC 27000 family of information security standards. Helping you to integrate and leverage the strengths of both frameworks. Leading to costs saving, increases in efficiency and a higher level of information security.
FREE Two-Day Shipping for students on millions of items. Learn more |
| |||||||||||||||
Book Description
Special Offers and Product Promotions
- Buy $50 in qualifying physical textbooks, get $2 in Amazon MP3 Credit. Here's how (restrictions apply)
Frequently Bought Together
Editorial Reviews
About the Author
Louk Peters is a senior business consultant at Getronics PinkRoccade, (co)-author of books and articles on ICT service management, a much in demand speaker on forums in the Netherlands and abroad, and a guest lecturer at several educational institutes. Jacques Cazemier lectured on Master of Security of Information Technology and Master of Information Security Management and he is a guest lecturer at Fontys and Saxion universities of applied sciences. He has been involved in the introduction of ISO 27002 (formerly BS7799) in The Netherlands. Dr. Overbeek lectures at the universities of Amsterdam, Rotterdam and Tilburg (TiasNimbas). He is advisor of ECP.NL and member of the advisory board of the HAN University and he is involved in several standards and books for security, including The Code of Practice for Information Security Management and Information Security Management with ITIL v3.
Product Details
Would you like to update product info or give feedback on images?
|
Customer Reviews
Most Helpful Customer Reviews
1 of 1 people found the following review helpful
Format:Paperback
The ITIL v2 security book has been extensively revised for ITIL v3 and is now much more closely aligned with ISO27k (i.e. the ISO/IEC 27000-series Information Security Management Systems standards), both in terms of cross references and more importantly in its consistent reflection of ISO27k's basic ISMS elements throughout.
The book starts by laying out the fundamental concepts in information security and information security management. These chapters are presumably aimed more at ITIL people than infosec professionals, but serve to set the context for the remainder.
Chapter 4 delves into the classical ITIL realms of service strategy, service design etc., pointing out how information security can and indeed should be integrated within the ITIL processes. Many existing ITIL users who are relatively new to security will probably appreciate that there is quite a lot of work here if the advice, which the authors discuss in a rather matter-of-fact style, is taken to heart. Similarly, information security professionals will appreciate that ITIL's highly structured approach to service design, delivery, management and maintenance has benefits if security becomes an integral part of that structure.
Chapter 5 offers more pragmatic, implementation-oriented advice. It starts by reminding the reader than information security is not a `fire and forget' type one-time project activity, but needs constant care and attention in order to track the every-changing security environment. In ISO27k terms, this is accomplished through the Plan-Do-Check-Act style continual improvement activities which seek both to improve the organization's information security status over time, and to keep it aligned with new threats, vulnerabilities and impacts as they arise.
The explicit inclusion of information security awareness in chapter 5 is noteworthy. It acknowledges that organizations cannot secure their information assets through purely technical security controls, but need to address human factors as well.
The information security management structures proposed in chapter 5 may seem somewhat curious at first glance but are not too far from the norm, namely a division of responsibilities between those performing the strategic security policy setting, compliance and related management/directive activities, and the more tactical (but no less important) day-to-day security administration and operations activities.
The maturity model presented in chapter 5 is another curiosity, blending conventional capability maturity model ideas (essentially bringing information security under explicit management control) with an external focus on security. While security is a housekeeping or internal organizational issue at first, customer and market orientation in the higher levels have the potential to turn information security into a valuable commercial element of the organization's service offering. Providing secure IT services, rather than just IT services, is the goal.
Conclusion: this is an excellent guide for organizations that use either or both the standards, helping them benefit from the intersection of ITIL's service management and IT service-oriented viewpoint with ISO27k's risk-based PDCA approach to information security management. Organizations that embrace ITIL v3 and diligently follow the guidance in this book will reap the business benefits of world-leading information security practices from ISO27k.
The book starts by laying out the fundamental concepts in information security and information security management. These chapters are presumably aimed more at ITIL people than infosec professionals, but serve to set the context for the remainder.
Chapter 4 delves into the classical ITIL realms of service strategy, service design etc., pointing out how information security can and indeed should be integrated within the ITIL processes. Many existing ITIL users who are relatively new to security will probably appreciate that there is quite a lot of work here if the advice, which the authors discuss in a rather matter-of-fact style, is taken to heart. Similarly, information security professionals will appreciate that ITIL's highly structured approach to service design, delivery, management and maintenance has benefits if security becomes an integral part of that structure.
Chapter 5 offers more pragmatic, implementation-oriented advice. It starts by reminding the reader than information security is not a `fire and forget' type one-time project activity, but needs constant care and attention in order to track the every-changing security environment. In ISO27k terms, this is accomplished through the Plan-Do-Check-Act style continual improvement activities which seek both to improve the organization's information security status over time, and to keep it aligned with new threats, vulnerabilities and impacts as they arise.
The explicit inclusion of information security awareness in chapter 5 is noteworthy. It acknowledges that organizations cannot secure their information assets through purely technical security controls, but need to address human factors as well.
The information security management structures proposed in chapter 5 may seem somewhat curious at first glance but are not too far from the norm, namely a division of responsibilities between those performing the strategic security policy setting, compliance and related management/directive activities, and the more tactical (but no less important) day-to-day security administration and operations activities.
The maturity model presented in chapter 5 is another curiosity, blending conventional capability maturity model ideas (essentially bringing information security under explicit management control) with an external focus on security. While security is a housekeeping or internal organizational issue at first, customer and market orientation in the higher levels have the potential to turn information security into a valuable commercial element of the organization's service offering. Providing secure IT services, rather than just IT services, is the goal.
Conclusion: this is an excellent guide for organizations that use either or both the standards, helping them benefit from the intersection of ITIL's service management and IT service-oriented viewpoint with ISO27k's risk-based PDCA approach to information security management. Organizations that embrace ITIL v3 and diligently follow the guidance in this book will reap the business benefits of world-leading information security practices from ISO27k.
Inside This Book
(learn more)
What Other Items Do Customers Buy After Viewing This Item?
Tags Customers Associate with This Product(What's this?)Click on a tag to find related items, discussions, and people.
|
Sell a Digital Version of This Book in the Kindle Store
If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store.
Learn more
Customer Discussions
|
This product's forum
Active discussions in related forums
Search Customer Discussions
|
Related forums
|
