Best practices for protecting critical data and systems
Information Assurance Handbook: Effective Computer Security and Risk Management Strategies discusses the tools and techniques required to prevent, detect, contain, correct, and recover from security breaches and other information assurance failures. This practical resource explains how to integrate information assurance into your enterprise planning in a non-technical manner. It leads you through building an IT strategy and offers an organizational approach to identifying, implementing, and controlling information assurance initiatives for small businesses and global enterprises alike.
Common threats and vulnerabilities are described and applicable controls based on risk profiles are provided. Practical information assurance application examples are presented for select industries, including healthcare, retail, and industrial control systems. Chapter-ending critical thinking exercises reinforce the material covered. An extensive list of scholarly works and international government standards is also provided in this detailed guide.
Comprehensive coverage includes:
Basic information assurance principles and concepts
Information assurance management system
Current practices, regulations, and plans
Impact of organizational structure
Asset management
Risk management and mitigation
Human resource assurance
Advantages of certification, accreditation, and assurance
Information assurance in system development and acquisition
Physical and environmental security controls
Information assurance awareness, training, and education
Access control
Information security monitoring tools and methods
Information assurance measurements and metrics
Incident handling and computer forensics
Business continuity management
Backup and restoration
Cloud computing and outsourcing strategies
Information assurance big data concerns