Rating:
Author: Michael E. Whitman
ISBN : B00B6DM3DW
New from $40.49
Format: PDF
Posts about Download The Book Free Management of Information Security for everyone book mediafire, rapishare, and mirror link Management of Information Security primarily focuses on the managerial aspects of information security, such as access control models, information security governance, and information security program assessment and metrics. Coverage on the foundational and technical components of information security is included to reinforce key concepts. The third edition includes up-to-date information on changes in the field such as revised sections on national and international laws and international standards like the ISO 27000 series. With these updates, Management of Information Security continues to offer a unique overview of information security from a management perspective while maintaining a finger on the pulse of industry changes and academic relevance.Direct download links available for Free Management of Information Security [Print Replica] [Kindle Edition]
- File Size: 13913 KB
- Print Length: 576 pages
- Publisher: Cengage Learning; 3 edition (September 24, 2013)
- Sold by: Cengage Learning
- Language: English
- ASIN: B00B6DM3DW
- Text-to-Speech: Not enabled
X-Ray for Textbooks:
- Lending: Not Enabled
- Amazon Best Sellers Rank: #396,022 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
Free Management of Information Security
If you're looking to get down into the nitty-gritty of infosec, for ways and methods of securing networks and systems, then this probably isn't the book you need. This is a textbook and so it overs a fairly high level viewpoint, even philosophical approach, to infosec. The granualarity just isn't there for the practising person to gain much from this in a substantive way.
That said, the book does provide a readable and useful overview of all aspects of the infosec planning and administration process. Each chapter has questions yet no answers. Chapters include:
Introduction to the management of info sec
Planning for infosec
Planning for contingencies
Information security policy
Developing the security program
Security Management models and practices
Risk Management: identifying and assessning risk
RIsk Management: Assessing and controlling risk
Protectiion Mechanisms
Personnel and security
Law and Ethics
Information Security Project management (the weakest chapter in the book...meant as an introduction)
While the authors won't tell you how to configure a firewall for example, they will teach you who, how and why this must be done and what must be done to guide and support decisions like this in an organizational environment. This book is about top down security management. It teaches you to use policy, procedures, people, programs, projects and planning in a three dimenional security matrix: confidentiality, integrity, availability, security, transmission, processing, policy, technology and education/training with regard to people, data, hardware, software and procedures, all within the methodology of the secSDLC.
This book is a textbook on the Management of Information Security. It IS NOT intended to get into the nitty-gritty of securing an information infrastructure. It is meant to teach MANAGEMENT and therefore focuses on management issues. It has a strong slant toward NIST publications, because it is intended to be a solution for college and university courses that are part of an NSA/DHS National Center of Academic Excellence in IA Education. As such it has to map content to the Committee on National Security Systems (CNSS) Training Standards, most specifically NSTISSI-4011, the National Training Standard for Information Systems Security (INFOSEC) Professionals and CNSSI-4014, the Information Assurance Training Standard for Information Systems Security Officers. It does this fairly well.
Someone commented that since the authors quote Charles Cresson Woods' books so much, why not just buy Wood's books? Obviously he did not price the Charles Cresson Wood books before he said this, as current editions of his books run six to eight HUNDRED dollars each--and people pay that because they think that much of his work. The fact that he allowed the authors to quote his material so extensively is a real "value added" feature of this text. Charles Cresson Woods' books are intended for an entirely different purpose than this book anyway.
Coming from a background as an Information Systems Security Officer in the U.S. Navy, this book fit naturally well with my background and experience in the field for teaching this subject. It might not be as good a fit for an instructor whose primary background is in the ISO 27000 series or in PCI DSS.
-
Download Link 2