The official textbook for the BCS Certificate in Information Security Management Principles (CISMP) qualification.
Information is one of the currencies of today’s society. As access to fast, reliable data at work and at home becomes increasingly essential for day-to-day operations, new risks emerge that threaten the very information that enables businesses and helps society to function.
By focusing on the three main areas of information assurance – confidentiality, integrity and availability – this book gives you the skills to identify information security threats and protect yourself and your business against them.
Why read this book?
- Understand information threats and vulnerabilities, and implement countermeasures.
- Manage emerging risks to your data.
- Learn information assurance best practice from experienced authors.
- Supports the BCS Certification in Information Security Management Principles.
Contents
- INFORMATION SECURITY PRINCIPLES
Concepts and definitions
The need for, and benefits of, information security
Sample questions
- INFORMATION RISK
Threats to, and vulnerabilities of, information systems
Risk management
Sample questions
References and further reading
- INFORMATION SECURITY FRAMEWORK
Organisation and responsibilities
Organisational policy, standards and procedures
Information security governance
Information assurance programme implementation
Security incident management
Legal framework
Security standards and procedures
Sample questions
References
- SECURITY LIFECYCLES
The information lifecycle
Testing, audit and review
Systems development and support
Sample questions
Reference
- PROCEDURAL AND PEOPLE SECURITY CONTROLS
General controls
People security
User access controls
Training and awareness
Sample questions
- TECHNICAL SECURITY CONTROLS
Technical security
Protection from malicious software
Networks and communications
Operational technology
External services
Cloud computing
IT infrastructure
Sample questions
- PHYSICAL AND ENVIRONMENTAL SECURITY
Physical security
Different uses of controls
Sample questions
- DISASTER RECOVERY AND BUSINESS CONTINUITY MANAGEMENT
Relationship between DR/BCP, risk assessment and impact analysis
Resilience and redundancy
Approaches to writing plans and implementing plans
The need for documentation, maintenance and testing
The need for links to managed service provision and outsourcing
The need for secure off-site storage of vital material
The need to involve personnel, suppliers and IT systems providers
Relationship with security incident management
Compliance with standards
Sample questions
- OTHER TECHNICAL ASPECTS
Investigations and forensics
Role of cryptography
Threat intelligence
Conclusion
Sample questions
References and further reading
APPENDIX A
Activity solution pointers
Sample question answers
Glossary