Language : English
Published : 2017-10-01
Pages : 336
Big Data Analytics in Cybersecurity and IT Management
The power of big data in cybersecurity — Big data analytics for network forensics — Dynamic analytics-driven assessment of vulnerabilities and exploitation — Big data analytics for mobile app security — Machine unlearning: repairing learning models in adversarial — Environments — Cybersecurity training — Machine unlearning: repairing learning models in adversarial environments — Big data analytics for mobile app security — Security, privacy and trust in cloud computing: challenges and solutions — Cybersecurity in internet of things (IOT) — Data visualization for cyber security — Analyzing deviant socio-technical behaviors using social network analysis and cyber forensics-based methodologies — Security tools — Data and research initiatives for cybersecurity analysis
Out of stock
Presents the concepts of ICT audit and control
Shows how to create a verifiable audit-based control structure that will ensure comprehensive security for systems and data
Explains how to establish systematic control and reporting procedures within a standard organizational framework and build auditable trust into the security of ICT operations
Defines a complete and correct set of control objectives along with monitoring and reporting systems
Discusses a formally defined and implemented infrastructure of best practices aimed specifically at optimizing the coordination and control of the security function
The Complete Guide to Cybersecurity Risks and Controls presents the fundamental concepts of information and communication technology (ICT) governance and control. In this book, you will learn how to create a working, practical control structure that will ensure the ongoing, day-to-day trustworthiness of ICT systems and data. The book explains how to establish systematic control functions and timely reporting procedures within a standard organizational framework and how to build auditable trust into the routine assurance of ICT operations.
The book is based on the belief that ICT operation is a strategic governance issue rather than a technical concern. With the exponential growth of security breaches and the increasing dependency on external business partners to achieve organizational success, the effective use of ICT governance and enterprise-wide frameworks to guide the implementation of integrated security controls are critical in order to mitigate data theft. Surprisingly, many organizations do not have formal processes or policies to protect their assets from internal or external threats.
The ICT governance and control process establishes a complete and correct set of managerial and technical control behaviors that ensures reliable monitoring and control of ICT operations. The body of knowledge for doing that is explained in this text. This body of knowledge process applies to all operational aspects of ICT responsibilities ranging from upper management policy making and planning, all the way down to basic technology operation.
Uses standards such as NIST 800-53, ISO 27001, and COBIT, and regulations such as HIPAA and PCI DSS as the foundation for the content
Reviews industry standards and presents representative procedures
Provides examples, checklists, sample policies and procedures, guidelines, and a synopsis of the applicable standards
Covers terminology, methods, concepts, and document structures
Discusses the key elements that make up each kind of document
Information Security Policies, Procedures, and Standards: A Practitioner’s Reference gives you a blueprint on how to develop effective information security policies and procedures. It uses standards such as NIST 800-53, ISO 27001, and COBIT, and regulations such as HIPAA and PCI DSS as the foundation for the content. Highlighting key terminology, policy development concepts and methods, and suggested document structures, it includes examples, checklists, sample policies and procedures, guidelines, and a synopsis of the applicable standards.
The author explains how and why procedures are developed and implemented rather than simply provide information and examples. This is an important distinction because no two organizations are exactly alike; therefore, no two sets of policies and procedures are going to be exactly alike. This approach provides the foundation and understanding you need to write effective policies, procedures, and standards clearly and concisely.
Developing policies and procedures may seem to be an overwhelming task. However, by relying on the material presented in this book, adopting the policy development techniques, and examining the examples, the task will not seem so daunting. You can use the discussion material to help sell the concepts, which may be the most difficult aspect of the process. Once you have completed a policy or two, you will have the courage to take on even more tasks. Additionally, the skills you acquire will assist you in other areas of your professional and private life, such as expressing an idea clearly and concisely or creating a project plan.
A clear, actionable blueprint for securing the vital information and IT services of global organizations of all sizes Information Assurance Handbook provides an overall strategy for safeguarding your organization’s critical data. The book presents a body of knowledge and outlines the steps necessary for senior management to effectively work with risk and learn to strategically, systematically, and economically plan for security challenges. You’ll learn how to implement technology, practices, and processes to mitigate and manage risk over time and also how to prevent, detect, contain, and recover from security breaches. The professional practices outlined are essential knowledge for effective security and risk management. Reveals how to predict known–and yet unknown–security risks Invaluable best practices technically vetted by a panel of global security leaders Outlines privacy law and critical standards and practices required to make strategic choices about compliance, risk acceptance, and performance Explains the critical differences between assets, threats, vulnerabilities, and controls to achieve effective decision-making for risk management throughout all levels of the organization.
About the Author
Corey Schou, Ph.D., is a fellow and vice chairperson of (ISC)2, the University Professor of Informatics and professor of computer science at Idaho State University, and the director of the Informatics Research Institute and the National Information Assurance Training and Education Center (NIATEC). Steven Hernandez, MBA, CISSP, is the chief information security officer for the Office of Inspector General at the U.S. Department of Health and Human Services (HHS).
Computer Security: Principles and Practice, 2e, is ideal for courses in Computer/Network Security.
In recent years, the need for education in computer security and related topics has grown dramatically – and is essential for anyone studying Computer Science or Computer Engineering. This is the only text available to provide integrated, comprehensive, up-to-date coverage of the broad range of topics in this subject. In addition to an extensive pedagogical program, the book provides unparalleled support for both research and modeling projects, giving students a broader perspective.