FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W366426299> ?p ?o ?g. }

• W366426299 abstract "Getting Information Security Right: Top to Bottom Information Security Governance Tone at the Top Tone at the Bottom Governance, Risk, and Compliance (GRC) The Compliance Dilemma Suggested Reading Developing Information Security Strategy Evolution of Information Security Organization Historical Perspective Fear, Uncertainty, Doubt, Fear, Uncertainty, Doubt Understand the External Environment Regulatory Competition Emerging Threats Technology Cost Changes External Independent Research The Internal Company Culture Risk Appetite Speed Collaborative versus Authoritative Trust Level Growth Seeker or Cost Cutter Company Size Outsourcing Posture Prior Security Incidents, Audits Security Strategy Development Techniques Mind Mapping SWOT Analysis Balanced Scorecard Face-to-Face Interviews Security Planning Strategic Tactical Operational/Project Plans Suggested Reading Defining the Security Management Organization History of the Security Leadership Role Is Relevant The New Security Officer Mandate Day 1: Hey, I Got the Job! Security Leader Titles Techie versus Leader The Security Leaders Library Security Leadership Defined Security Leader Soft Skills Seven Competencies for Effective Security Leadership Security Functions Learning from Leading Organizations What Functions Should the Security Officer Be Responsible For? Assessing Risk and Determining Needs Functions Implement Policies and Control Functions Promote Awareness Functions Monitor and Evaluate Functions Reporting Model Suggested Reading Interacting with the C-Suite Communication between the CEO, CIO, Other Executives, and CISO 13 Lucky Questions to Ask One Another The CEO, Ultimate Decision Maker The CEO Needs to Know Why The CIO, Where Technology Meets the Business CIO's Commitment to Security Important The Security Officer, Protecting the Business The CEO, CIO, and CISO Are Business Partners Building Grassroots Support through an Information Security Council Establishing the Security Council Appropriate Security Council Representation -Inging the Council: Forming, Storming, Norming, and Performing Integration with Other Committees Establish Early, Incremental Success Let Go of Perfectionism Sustaining the Security Council End User Awareness Security Council Commitment Suggested Reading Managing Risk to an Acceptable Level Risk in Our Daily Lives Accepting Organizational Risk Just Another Set of Risks Management Owns the Risk Decision Qualitative versus Quantitative Risk Analysis Risk Management Process Risk Analysis Involvement Step 1: Categorize the System Step 2: Identify Potential Dangers (Threats) Step 3: Identify Vulnerabilities That Could Be Exploited Step 4: Identify Existing Controls Step 5: Determine Exploitation Likelihood Given Existing Controls Step 6: Determine Impact Severity Step 7: Determine Risk Level Step 8: Determine Additional Controls Risk Mitigation Options Risk Assumption Risk Avoidance Risk Limitation Risk Planning Risk Research Risk Transference Conclusion Suggested Reading Creating Effective Information Security Policies Why Information Security Policies Are Important Avoiding Shelfware Electronic Policy Distribution Canned Security Policies Policies, Standards, Guidelines Definitions Policies Are Written at a High Level Policies Security Policy Best Practices Types of Security Policies Standards Procedures Baselines Guidelines Combination of Policies, Standards, Baselines, Procedures, and Guidelines An Approach for Developing Information Security Policies Utilizing the Security Council for Policies The Policy Review Process Information Security Policy Process Suggested Reading Security Compliance Using Control Frameworks Security Control Frameworks Defined Security Control Frameworks and Standards Examples Heath Insurance Portability and Accountability Act (HIPAA) Federal Information Security Management Act of 2002 (FISMA) National Institute of Standards and Technology(NIST) Recommended Security Controls for Federal Information Systems (800-53) Federal Information System Controls Audit Manual (FISCAM) ISO/IEC 27001:2005 Information Security Management Systems-Requirements ISO/IEC 27002:2005 Information technology-Security Techniques-Code of Practice for Information Security Management Control Objectives for Information and Related Technology (COBIT) Payment Card Industry Data Security Standard (PCI DSS) Information Technology Infrastructure Library (ITIL) Security Technical Implementation Guides (STIGs) and National Security Agency (NSA) Guides Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbook The World Operates on Standards Standards Are Dynamic The How Is Typically Left Up to Us Key Question: Why Does the Standard Exist? Compliance Is Not Security, But It Is a Good Start Integration of Standards and Control Frameworks Auditing Compliance Adoption Rate of Various Standards ISO 27001/2 Certification NIST Certification Control Framework Convergence The 11-Factor Compliance Assurance Manifesto The Standards/Framework Value Proposition Suggested Reading Managerial Controls: Practical Security Considerations Security Control Convergence Security Control Methodology Security Assessment and Authorization Controls Planning Controls Risk Assessment Controls System and Services Acquisition Controls Program Management Controls Suggested Reading Technical Controls: Practical Security Considerations Access Control Controls Audit and Accountability Controls Identification and Authentication System and Communications Protections Suggested Reading Operational Controls: Practical Security Considerations Awareness and Training Controls Configuration Management Controls Contingency Planning Controls Incident Response Controls Maintenance Controls Media Protection Controls Physical and Environmental Protection Controls Personnel Security Controls System and Information Integrity Controls Suggested Reading The Auditors Have Arrived, Now What? Anatomy of an Audit Audit Planning Phase Preparation of Document Request List Gather Audit Artifacts Provide Information to Auditors On-Site Arrival Phase Internet Access Reserve Conference Rooms Physical Access Conference Phones Schedule Entrance, Exit, Status Meetings Set Up Interviews Audit Execution Phase Additional Audit Meetings Establish Auditor Communication Protocol Establish Internal Company Protocol Media Handling Audit Coordinator Quality Review The Interview Itself Entrance, Exit, and Status Conferences Entrance Meeting Exit Meeting Status Meetings Report Issuance and Finding Remediation Phase Suggested Reading Effective Security Communications Why a Chapter Dedicated to Security Communications? End User Security Awareness Training Awareness Definition Delivering the Message Step 1: Security Awareness Needs Assessment Step 2: Program Design Step 3: Develop Scope Step 4: Content Development Step 5: Communication and Logistics Plan Step 6: Awareness Delivery Step 7: Evaluation/Feedback Loops Security Awareness Training Does Not Have to Be Boring Targeted Security Training Continuous Security Reminders Utilize Multiple Security Awareness Vehicles Security Officer Communication Skills Talking versus Listening Roadblocks to Effective Listening Generating a Clear Message Influencing and Negotiating Skills Written Communication Skills Presentation Skills Applying Personality Type to Security Communications The Four Myers-Briggs Type Indicator (MBTI) Preference Scales Determining Individual MBTI Personality Summing Up the MBTI for Security Suggested Reading The Law and Information Security Civil Law versus Criminal Law Electronic Communications Privacy Act of 1986 (ECPA) The Computer Security Act of 1987 The Privacy Act of 1974 Sarbanes-Oxley Act of 2002 (SOX) Gramm-Leach-Bliley Act (GLBA) Health Insurance Portability and Accountability Act of 1996 Health Information Technology for Economic and Clinical Health (HITECH) Act Federal Information Security Management Act of 2002 (FISMA) Summary Suggested Reading Learning from Information Security Incidents Recent Security Incidents Texas State Comptroller Sony PlayStation Network Student Loan Social Security Numbers Stolen Social Security Numbers Printed on Outside of Envelopes Valid E-Mail Addresses Exposed Office Copier Hard Disk Contained Confidential Information Advanced Persistent Threat Targets Security Token Who Will Be Next? Every Control Could Result in an Incident Suggested Reading Ways to Dismantle Information Security Governance Efforts Final Thoughts Suggested Reading Index" @default.
• W366426299 created "2016-06-24" @default.
• W366426299 creator A5019469886 @default.
• W366426299 date "2016-04-19" @default.
• W366426299 modified "2023-09-27" @default.
• W366426299 title "Information Security Governance Simplified: From the Boardroom to the Keyboard" @default.
• W366426299 hasPublicationYear "2016" @default.
• W366426299 type Work @default.
• W366426299 sameAs 366426299 @default.
• W366426299 citedByCount "2" @default.
• W366426299 countsByYear W3664262992014 @default.
• W366426299 countsByYear W3664262992016 @default.
• W366426299 crossrefType "book" @default.
• W366426299 hasAuthorship W366426299A5019469886 @default.
• W366426299 hasConcept C10138342 @default.
• W366426299 hasConcept C144133560 @default.
• W366426299 hasConcept C162324750 @default.
• W366426299 hasConcept C17744445 @default.
• W366426299 hasConcept C180198813 @default.
• W366426299 hasConcept C187736073 @default.
• W366426299 hasConcept C189922023 @default.
• W366426299 hasConcept C199539241 @default.
• W366426299 hasConcept C29848774 @default.
• W366426299 hasConcept C38652104 @default.
• W366426299 hasConcept C39389867 @default.
• W366426299 hasConcept C39549134 @default.
• W366426299 hasConcept C41008148 @default.
• W366426299 hasConcept C527648132 @default.
• W366426299 hasConceptScore W366426299C10138342 @default.
• W366426299 hasConceptScore W366426299C144133560 @default.
• W366426299 hasConceptScore W366426299C162324750 @default.
• W366426299 hasConceptScore W366426299C17744445 @default.
• W366426299 hasConceptScore W366426299C180198813 @default.
• W366426299 hasConceptScore W366426299C187736073 @default.
• W366426299 hasConceptScore W366426299C189922023 @default.
• W366426299 hasConceptScore W366426299C199539241 @default.
• W366426299 hasConceptScore W366426299C29848774 @default.
• W366426299 hasConceptScore W366426299C38652104 @default.
• W366426299 hasConceptScore W366426299C39389867 @default.
• W366426299 hasConceptScore W366426299C39549134 @default.
• W366426299 hasConceptScore W366426299C41008148 @default.
• W366426299 hasConceptScore W366426299C527648132 @default.
• W366426299 hasLocation W3664262991 @default.
• W366426299 hasOpenAccess W366426299 @default.
• W366426299 hasPrimaryLocation W3664262991 @default.
• W366426299 hasRelatedWork W1168167240 @default.
• W366426299 hasRelatedWork W119270986 @default.
• W366426299 hasRelatedWork W1499142516 @default.
• W366426299 hasRelatedWork W1555628483 @default.
• W366426299 hasRelatedWork W156797904 @default.
• W366426299 hasRelatedWork W1819032329 @default.
• W366426299 hasRelatedWork W2005191069 @default.
• W366426299 hasRelatedWork W2005459083 @default.
• W366426299 hasRelatedWork W2012714294 @default.
• W366426299 hasRelatedWork W2013318708 @default.
• W366426299 hasRelatedWork W2070096775 @default.
• W366426299 hasRelatedWork W2133019773 @default.
• W366426299 hasRelatedWork W2133685846 @default.
• W366426299 hasRelatedWork W2250961013 @default.
• W366426299 hasRelatedWork W2402238898 @default.
• W366426299 hasRelatedWork W2678908138 @default.
• W366426299 hasRelatedWork W3005750480 @default.
• W366426299 hasRelatedWork W69924110 @default.
• W366426299 hasRelatedWork W78712225 @default.
• W366426299 hasRelatedWork W86408811 @default.
• W366426299 isParatext "false" @default.
• W366426299 isRetracted "false" @default.
• W366426299 magId "366426299" @default.
• W366426299 workType "book" @default.