You are not signed in. Sign in.


Category IT Books

A Practical Guide to Security Assessments » (1st Edition)

Book cover image of A Practical Guide to Security Assessments by Sudhanshu Kairab

Authors: Sudhanshu Kairab
ISBN-13: 9780849317064, ISBN-10: 0849317061
Format: Hardcover
Publisher: Taylor & Francis, Inc.
Date Published: November 2003
Edition: 1st Edition

Find Best Prices for This Book »

Author Biography: Sudhanshu Kairab

Book Synopsis

The modern dependence upon information technology and the corresponding information security regulations and requirements force companies to evaluate the security of their core business processes, mission critical data, and supporting IT environment. Combine this with a slowdown in IT spending resulting in justifications of every purchase, and security professionals are forced to scramble to find comprehensive and effective ways to assess their environment in order to discover and prioritize vulnerabilities, and to develop cost-effective solutions that show benefit to the business.

A Practical Guide to Security Assessments is a process-focused approach that presents a structured methodology for conducting assessments. The key element of the methodology is an understanding of business goals and processes, and how security measures are aligned with business risks. The guide also emphasizes that resulting security recommendations should be cost-effective and commensurate with the security risk. The methodology described serves as a foundation for building and maintaining an information security program.

In addition to the methodology, the book includes an Appendix that contains questionnaires that can be modified and used to conduct security assessments.

This guide is for security professionals who can immediately apply the methodology on the job, and also benefits management who can use the methodology to better understand information security and identify areas for improvement.

Table of Contents

Ch. 1Introduction1
Ch. 2Evolution of information security5
Ch. 3The information security program and how a security assessment fits in45
Ch. 4Planning67
Ch. 5Initial information gathering103
Ch. 6Business process evaluation139
Ch. 7Technology evaluation165
Ch. 8Risk analysis and final presentation193
Ch. 9Information security standards229
Ch. 10Information security legislation245
App. APreliminary checklist to gather information259
App. BGeneric questionnaire for meetings with business process owners271
App. CGeneric questionnaire for meetings with technology owners277
App. DData classification283
App. EData retention291
App. FBackup and recovery297
App. GExternally hosted services309
App. HPhysical security325
App. IEmployee termination343
App. JIncident handling351
App. KBusiness to business (B2B)361
App. LBusiness to consumer (B2C)371
App. MChange management385
App. NUser ID administration391
App. OManaged security403
App. PMedia handling415
App. QHIPAA security423




No reviews. Submit yours!

Review this book.

We would like to know what you think about this book and publish your thoughts here! (top)

Your Review

  1. You may optionally give a title for this comment.

  2. Worst to best, 1 to 5, what would you rate this one?

  3. The actual content of your comment. No HTML nor whatsoever allowed.

  4. The author of this comment.

  5. Which is smaller, elephant or mouse?

    Please answer the question by common sense.