Information security-driven topic coverage is the basis for this updated book that will benefit readers in the information technology and business fields alike. Management of Information Security, provides an overview of information security from a management perspective, as well as a thorough understanding of the administration of information security. Written by two Certified Information Systems Security Professionals (CISSP), this book has the added credibility of incorporating the CISSP Common Body of Knowledge (CBK), especially in the area of information security management. The second edition has been updated to maintain the industry currency and academic relevance that made the previous edition so popular, and case studies and examples continue to populate the book, providing real-life applications for the topics covered.
| ||||||||||||||||||||||||||||||
|
There is a newer edition of this item:
|
Book Description
Editorial Reviews
Review
Joseph Sherif, Fullerton University, "I CANNOT WAIT TO ADOPT IT. This book is the best for students and practitioners."
Denise Padavano, Pierce College, "I would adopt this book for an introductory security management course or a survey course on security management. It covers all the things that are important and the authors did a good job of making the book concise."
Denise Padavano, Pierce College, "I would adopt this book for an introductory security management course or a survey course on security management. It covers all the things that are important and the authors did a good job of making the book concise."
Product Details
Would you like to update product info or give feedback on images?
|
More About the Authors
Discover books, learn about writers, read author blogs, and more.
Customer Reviews
|
Share your thoughts with other customers:
|
||||||||||||||||||||||
|
Most Helpful Customer Reviews
22 of 24 people found the following review helpful:
4.0 out of 5 stars
Philosophical (Textbook) exposition of InfoSec,
By
This review is from: Management of Information Security (Paperback)
If you're looking to get down into the nitty-gritty of infosec, for ways and methods of securing networks and systems, then this probably isn't the book you need. This is a textbook and so it overs a fairly high level viewpoint, even philosophical approach, to infosec. The granualarity just isn't there for the practising person to gain much from this in a substantive way.
That said, the book does provide a readable and useful overview of all aspects of the infosec planning and administration process. Each chapter has questions yet no answers. Chapters include: Introduction to the management of info sec Planning for infosec Planning for contingencies Information security policy Developing the security program Security Management models and practices Risk Management: identifying and assessning risk RIsk Management: Assessing and controlling risk Protectiion Mechanisms Personnel and security Law and Ethics Information Security Project management (the weakest chapter in the book...meant as an introduction) While the authors won't tell you how to configure a firewall for example, they will teach you who, how and why this must be done and what must be done to guide and support decisions like this in an organizational environment. This book is about top down security management. It teaches you to use policy, procedures, people, programs, projects and planning in a three dimenional security matrix: confidentiality, integrity, availability, security, transmission, processing, policy, technology and education/training with regard to people, data, hardware, software and procedures, all within the methodology of the secSDLC. So it is a philsophical journey thorugh the heart of the matter written by two guys who obviously know and enjoy their subject. This books is well written and has a number inserts highlighting differrent things like different types of attacks, concepts like human firewalls and such that enhance the readability while leading a connection to reality that threatens to become a little tenuous when dealing with much abstraction. SO, a good textbook. I used it for a subject I took and found it useful. WHile it may be a little dry at times, due to the technical nature of the material, if you are serious about learning information security then the need to be consistently entertained is probably just a little alien to your nature anyway. This book will give you an excellent grounding in the things you should be condisering and doing when planning, analyzing, designing, implementing and managing and maintaining infosec. An excellent addition and support for the material presented in the book- as referred by the authors- is bunch of free materials published by the National Institute of Standards and Technology, found at the computer security resource center. These include papers such as SP 800-12, SP 800-14, and so forth. The website is http://csrc.nist.gov/publications/nistpubs/ It is important to check this out if you are serious about infosec. This book is a good starting point for deliving deeper into that world.
6 of 7 people found the following review helpful:
2.0 out of 5 stars
Let's be as unclear as possible...,
By Simon Schofield (Australia) - See all my reviews
This review is from: Management Of Information Security (Paperback)
The book is quite frustrating if you need to use it for your studies as I do.
A lot of it is really obvious, but the authors do like to repeat and rehash points in quite a confusing order. They would be better off providing more examples that fit exactly with what they are trying to explain, but instead they grabbed too many examples from other sources, which do not appear to fit as neatly with their processes as I suspect would be best. It certainly fills up the pages, but adds confusion. It's a big subject, so it will never be an easy task, but surely these guys can employ writers to look at their work objectively. Too many technical people write books with the notion of the book being very good because they think everyone thinks like they think... Wrong. And to be honest it is a boring book. It's not even like it's a boring subject, because it really does affect so much of our working and personal lives nowadays. Somehow they just seemed to be able to make it seem more excruitatingly boring than it really is!... I suppose that's a skill in itself!
1 of 1 people found the following review helpful:
4.0 out of 5 stars
For WHAT IT IS INTENDED FOR this book is great.,
By
This review is from: Management of Information Security (Paperback)
This book is a textbook on the Management of Information Security. It IS NOT intended to get into the nitty-gritty of securing an information infrastructure. It is meant to teach MANAGEMENT and therefore focuses on management issues. It has a strong slant toward NIST publications, because it is intended to be a solution for college and university courses that are part of an NSA/DHS National Center of Academic Excellence in IA Education. As such it has to map content to the Committee on National Security Systems (CNSS) Training Standards, most specifically NSTISSI-4011, the National Training Standard for Information Systems Security (INFOSEC) Professionals and CNSSI-4014, the Information Assurance Training Standard for Information Systems Security Officers. It does this fairly well.
Someone commented that since the authors quote Charles Cresson Woods' books so much, why not just buy Wood's books? Obviously he did not price the Charles Cresson Wood books before he said this, as current editions of his books run six to eight HUNDRED dollars each--and people pay that because they think that much of his work. The fact that he allowed the authors to quote his material so extensively is a real "value added" feature of this text. Charles Cresson Woods' books are intended for an entirely different purpose than this book anyway. Coming from a background as an Information Systems Security Officer in the U.S. Navy, this book fit naturally well with my background and experience in the field for teaching this subject. It might not be as good a fit for an instructor whose primary background is in the ISO 27000 series or in PCI DSS. It is not intended to be a "do-it-yourself" book either; it is distinctly intended for use as a classroom resource for a course taught by an experienced security professional. I have been using it in the classroom since 2003 and it has worked very well for me and student feedback has been very positive overall. I would heartily recommend it for use as a textbook in a quality, instructor-led course in the Management of Information Security taught by someone who knows the material.
Share your thoughts with other customers: Create your own review
|
|
Inside This Book
(learn more)
Browse and search another edition of this book.
Browse and search another edition of this book.
What Other Items Do Customers Buy After Viewing This Item?
Tags Customers Associate with This Product(What's this?)Click on a tag to find related items, discussions, and people.
|
Listmania!
So You'd Like to...
Look for Similar Items by Category
- Books > Business & Investing > Industries & Professions > MIS
- Books > Computers & Technology > Business & Culture > Manager's Guides to Computing
- Books > Computers & Technology > Certification > CompTIA
- Books > Computers & Technology > Networking > Network Security
- Books > Computers & Technology > Security & Encryption
