Book Image

Information Security Handbook

By : Darren Death
Book Image

Information Security Handbook

By: Darren Death

Overview of this book

Having an information security mechanism is one of the most crucial factors for any organization. Important assets of organization demand a proper risk management and threat model for security, and so information security concepts are gaining a lot of traction. This book starts with the concept of information security and shows you why it’s important. It then moves on to modules such as threat modeling, risk management, and mitigation. It also covers the concepts of incident response systems, information rights management, and more. Moving on, it guides you to build your own information security framework as the best fit for your organization. Toward the end, you’ll discover some best practices that can be implemented to make your security framework strong. By the end of this book, you will be well-versed with all the factors involved in information security, which will help you build a security framework that is a perfect fit your organization’s requirements.
Table of Contents (19 chapters)
Title Page
Credits
About the Author
About the Reviewers
www.PacktPub.com
Customer Feedback
Preface

Summary


In this chapter, we learned about the concepts necessary to develop an enterprise information security program plan. Remember that this program plan is a foundational document that will be used to establish how your information security program will function and interact with the rest of the business.

In this chapter, you learned:

  • How to develop your information security program objectives
  • You discovered elements that will assist you in creating a successful information security program
  • We discussed aligning your information security program with the business
  • We worked through key concepts in the development of the information security program plan

In the next chapter, we will be discussing continuous testing and monitoring. We will discover the various types of testing we can utilize to ensure information security controls have been deployed properly, and we will discuss how to best implement testing across the life of an information system.