E-Book Overview
This groundbreaking book helps you master the management of information security, concentrating on the proactive recognition and resolution of the practical issues of developing and implementing IT security for the enterprise. Drawing upon the authors?’ wealth of valuable experience in high-risk commercial environments, the work focuses on the need to align the information security process as a whole with the requirements of the modern enterprise, which involves empowering business managers to manage information security-related risk. Throughout, the book places emphasis on the use of simple, pragmatic risk management as a tool for decision-making. The first book to cover the strategic issues of IT security, it helps you to: understand the difference between more theoretical treatments of information security and operational reality; learn how information security risk can be measured and subsequently managed; define and execute an information security strategy design and implement a security architecture; and ensure that limited resources are used optimally.
E-Book Content
TLFeBOOK
A Practical Guide to Managing Information Security
TLFeBOOK
For a listing of recent titles in the Artech House Technology Management and Professional Development Library, turn to the back of this book.
TLFeBOOK
A Practical Guide to Managing Information Security Steve Purser
Artech House Boston • London www.artechhouse.com TLFeBOOK
Library of Congress Cataloging-in-Publication Data Purser, Steve. A practical guide to managing information security/Steve Purser. p. cm.—(Artech House technology management library) ISBN 1-58053-702-2 (alk. paper) 1. Computer security—Management. I. Title. II. Series. QA76.9.A25P88 2004 658.4’78—dc22
2004041025
British Library Cataloguing in Publication Data Purser, Steve A practical guide to managing information security. — (Artech House technology management library) 1. Management information systems—Security measures 2. Computer security I. Title 658.4’78 ISBN 1-58053-702-2
Cover design by Igor Valdman
© 2004 ARTECH HOUSE, INC. 685 Canton Street Norwood, MA 02062 Special permission to reproduce “CERT/CC Statistics 1988–2003,” © 2003 by Carnegie Mellon University, is granted by the Software Engineering Institute. CERT and CERT Coordination Center are registered in the U.S. Patent and Trademark Office by Carnegie Mellon University.
All rights reserved. Printed and bound in the United States of America. No part of this book may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without permission in writing from the publisher. All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Artech House cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. International Standard Book Number: 1-58053-702-2 Library of Congress Catalog Card number: 2004041025 10 9 8 7 6 5 4 3 2 1
TLFeBOOK
This book is dedicated to my wife, Katelijne, with sincere thanks for the continual help, support, and encouragement she has given me over the years.
TLFeBOOK
.
TLFeBOOK
Contents Preface
1
.
.
.
.
.
.
.
.
.
.
.
.
.
.
xiii
Acknowledgments .
.
.
.
.
.
.
.
.
.
.
xvii
The need for a proactive approach .
.
.
.
.
.