IT Governance
IT Governance, fully updated for this 4th edition, provides essential reading on how best to deal with information security risks and how to incorporate the latest developments in terms of international best practice (including the requirements contained within the Turnbull Report (UK) and the Sarbanes-Oxley Act (US)).
Information is widely regarded as the lifeblood of modern business, but organizations are facing a flood of threats to such 'intellectual capital' - from hackers, viruses and online fraud. Increasingly, data protection, privacy regulations, computer misuse and regulations around investigatory powers are part of a complex and often competing range of requirements to which directors must respond. IT Governance will be vital to board members, executives, owners and managers of any business or organization that depends on information, that uses computers on a regular basis or that has an internet aspect to its overall strategy.
With full coverage of the Turnbull Report and the Combined Code (in the UK), and the Sarbanes-Oxley Act (in the US), the book examines standards of best practice for companies looking to protect and enhance their information security management systems, allowing them to ensure that their IT security strategies are co-ordinated, coherent, comprehensive and cost effective. Each book comes with password-protected access to the www.itgovernance.co.uk website, for the latest news updates in this dynamic and constantly-changing sector.
BOOK DETAILS :Paperback, 384 Pages, Dimensions 240 x 170 MM Language English.
1. Why is information security necessary?
2. The Combined Code, the Turnbull Report and Sarbanes—Oxley
3. ISO27001
4. Organizing information security
5. Information security policy and scope
6. The risk assessment and statement of applicability
7. External parties
8. Asset management
9. Human resources security
10. Physical and environmental security
11. Equipment security
12. Communications and operations management
13. Controls against malicious software (malware) and back-ups
14. Network security management and media handling
15. Exchanges of information
16. Electronic commerce services
17. E-mail and internet use
18. Access control
19. Network access control
20. Operating system access control
21. Application access control and teleworking
22. Systems acquisition, development and maintenance
23. Cryptographic controls
24. Security in development and support processes
25. Monitoring and information security incident management
26. Business continuity management
27. Compliance
28. The ISO27001 audit
Alan Calder is a founder-director of IT Governance Ltd, which provides IT governance and information security services through its website www.itgovernance.co.uk. He is the author of Corporate Governance, IT Governance and International ITGovernance, all published by Kogan Page.
Steve Watkins is Corporate Services Manager of HMCPSI and was Head of Quality and Operations at Focus Central London and was, before that, Quality Manager at Business Link. Alan Calder and Steve Watkins were responsible for one of the first companies (BLLCP) to achieve BS 7799 registration when the standard was first promulgated in 1996.
They have aided other organizations since then to implement effective information security management systems, and have been involved in the development of both the accredited certification scheme and related training standards.