Information Security Management Principles - Third Edition

The official textbook for the BCS Certificate in Information Security Management Principles (CISMP) qualification.

Information is one of the currencies of today’s society. As access to fast, reliable data at work and at home becomes increasingly essential for day-to-day operations, new risks emerge that threaten the very information that enables businesses and helps society to function.

By focusing on the three main areas of information assurance – confidentiality, integrity and availability – this book gives you the skills to identify information security threats and protect yourself and your business against them.

Why read this book?

• Understand information threats and vulnerabilities, and implement countermeasures.
• Manage emerging risks to your data.
• Learn information assurance best practice from experienced authors.
• Supports the BCS Certification in Information Security Management Principles.

Contents 

1. INFORMATION SECURITY PRINCIPLES
   Concepts and definitions
   The need for, and benefits of, information security
   Sample questions
   
   
2. INFORMATION RISK
   Threats to, and vulnerabilities of, information systems
   Risk management
   Sample questions
   References and further reading
   
   
3. INFORMATION SECURITY FRAMEWORK
   Organisation and responsibilities
   Organisational policy, standards and procedures
   Information security governance
   Information assurance programme implementation
   Security incident management
   Legal framework
   Security standards and procedures
   Sample questions
   References
   
   
4. SECURITY LIFECYCLES
   The information lifecycle
   Testing, audit and review
   Systems development and support
   Sample questions
   Reference
   
   
5. PROCEDURAL AND PEOPLE SECURITY CONTROLS
   General controls
   People security
   User access controls
   Training and awareness
   Sample questions
   
   
6. TECHNICAL SECURITY CONTROLS
   Technical security
   Protection from malicious software
   Networks and communications
   Operational technology
   External services
   Cloud computing
   IT infrastructure
   Sample questions
   
   
7. PHYSICAL AND ENVIRONMENTAL SECURITY
   Physical security
   Different uses of controls
   Sample questions
   
   
8. DISASTER RECOVERY AND BUSINESS CONTINUITY MANAGEMENT
   Relationship between DR/BCP, risk assessment and impact analysis
   Resilience and redundancy
   Approaches to writing plans and implementing plans
   The need for documentation, maintenance and testing
   The need for links to managed service provision and outsourcing
   The need for secure off-site storage of vital material
   The need to involve personnel, suppliers and IT systems providers
   Relationship with security incident management
   Compliance with standards
   Sample questions
   
   
9. OTHER TECHNICAL ASPECTS
   Investigations and forensics
   Role of cryptography
   Threat intelligence
   Conclusion
   Sample questions
   References and further reading
   
   APPENDIX A
   Activity solution pointers
   Sample question answers
   Glossary