Cargando…
Managing information security breaches : studies from real life /
This book provides a general discussion and education about information security breaches, how they can be treated and what ISO27001 can offer in that regard, spiced with a number of real-life stories of information security incidents and breaches. These case studies enable an in-depth analysis of t...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Cambridgeshire, England :
IT Governance Publishing,
2014.
|
| Edición: | Second edition. |
| Temas: | |
| Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Foreword
- Preface
- About the Author
- Acknowledgements
- Contents
- Introduction
- Part 1 � General
- Chapter 1: Why Risk does Not Depend on Company Size
- Risk effect
- Propagation of damage (downstream effects)
- Culture
- Information security staff
- Cash reserves / cash at hand
- Ability to improvise / make quick decisions
- Preparedness
- Contacts with authority
- Chapter 2: Getting your Risk Profile Right
- Intuitive risk analysis
- Formal risk analysis
- Step 1 � Identifying threats
- Step 2 � Assigning damage and likelihoodStep 3 � Defining acceptable loss
- Step 4 � Defining mitigation priorities (business priorities)
- Residual risks
- Chapter 3: What is a Breach?
- Confidentiality breach
- Availability breach
- Integrity breach
- Impact
- Source
- External vs. internal
- Unintentional vs. intentional
- Manual vs. automatic
- Human vs. nature
- General treatment options
- Chapter 4: General Avoidance and Mitigation Strategies
- Introduction � general aspects, avoidance and related ISO27001 controls
- People
- A.7.1.1 � ScreeningMethods of screening
- A.7.1.2 � Terms and conditions of employment
- A.7.2.1 � Management responsibilities
- A.7.2.2 � Information security awareness, education and training
- A.7.2.3 � Disciplinary process
- A.7.3.1 � Termination or change of employment
- A.8.1.4 � Return of assets
- A.9.2.6 � Removal or adjustment of access rights
- Processes
- Technology
- ISO27001 Controls helpful for treatment of breaches
- A.6.1.3 � Contact with authorities
- A.7.2.2 � Information security awareness, education and trainingA.7.2.3 � Disciplinary process A.8.1.4 � Return of assets A.9.2.6 � Removal or adjustment of access rights
- A.12.2.1 � Controls against malware
- A.12.4.1 � Event logging and
- A.12.4.2 � Protection of log information
- A.16.1.1 � Responsibilities and procedures
- A.16.1.2 � Reporting information security events
- A.16.1.3 � Reporting security weaknesses
- A.16.1.4 � Assessment of and decision on information security events
- A.16.1.5 � Response to information security incidentsA.16.1.6 � Learning from information security incidents
- A.16.1.7 � Collection of evidence
- Strategies and tactics for treating breaches
- Tactical advice
- Regular meetings
- Time, time, time
- Rest
- People (number)
- International contacts
- Keep the information flowing
- Keep minutes
- Additional quality feedback
- Dimensions of treatment / mitigation of information security breaches
- None
- Internal investigation
- External investigation
- Joint task force