Practical Information Security Management: A Complete Guide to Planning and Implementation

  • 6h 51m
  • Tony Campbell
  • Apress
  • 2016

Create appropriate, security-focused business propositions that consider the balance between cost, risk, and usability, while starting your journey to become an information security manager. Covering a wealth of information that explains exactly how the industry works today, this book focuses on how you can set up an effective information security practice, hire the right people, and strike the best balance between security controls, costs, and risks.

Practical Information Security Management provides a wealth of practical advice for anyone responsible for information security management in the workplace, focusing on the ‘how’ rather than the ‘what’. Together we’ll cut through the policies, regulations, and standards to expose the real inner workings of what makes a security management program effective, covering the full gamut of subject matter pertaining to security management: organizational structures, security architectures, technical controls, governance frameworks, and operational security.

This book was not written to help you pass your CISSP, CISM, or CISMP or become a PCI-DSS auditor. It won’t help you build an ISO 27001 or COBIT-compliant security management system, and it won’t help you become an ethical hacker or digital forensics investigator – there are many excellent books on the market that cover these subjects in detail. Instead, this is a practical book that offers years of real-world experience in helping you focus on the getting the job done.

What You Will Learn

  • Learn the practical aspects of being an effective information security manager
  • Strike the right balance between cost and risk
  • Take security policies and standards and make them work in reality
  • Leverage complex security functions, such as Digital Forensics, Incident Response and Security Architecture

Who This Book Is For

Anyone who wants to make a difference in offering effective security management for their business. You might already be a security manager seeking insight into areas of the job that you’ve not looked at before, or you might be a techie or risk guy wanting to switch into this challenging new career. Whatever your career goals are, Practical Security Management has something to offer you.

About the Author

Tony Campbell has been in the IT industry for over 25 years with the majority of his career providing consultancy services to the UK government in security architecture and security management. Prior to moving to Perth in 2013, Tony was Chief Security Architect on a large UK Ministry of Defence programme and managed a team of enterprise security architects. Since moving to Australia, he has provided strategic security consultancy to a variety of local government agencies and authored ISO27001 security manuals. Tony now works for Kinetic IT, a successful Australian owned and operated IT managed services provider where he has developed IT security strategies for both WA and Victorian clients, and is highly regarded for his insights by customers and colleagues alike.

In this Book

  • Evolution of a Profession
  • Threats and Vulnerabilities
  • The Information Security Manager
  • Organizational Security
  • Information Security Implementation
  • Standards, Frameworks, Guidelines, and Legislation
  • Protection of Information
  • Protection of People
  • Protection of Premises
  • Protection of Systems
  • Digital Evidence and Incident Response
  • Cloud Computing Security
  • Industrial Control Systems
  • Secure Systems Development