Book Image

Information Security Handbook

By : Darren Death
Book Image

Information Security Handbook

By: Darren Death

Overview of this book

Having an information security mechanism is one of the most crucial factors for any organization. Important assets of organization demand a proper risk management and threat model for security, and so information security concepts are gaining a lot of traction. This book starts with the concept of information security and shows you why it’s important. It then moves on to modules such as threat modeling, risk management, and mitigation. It also covers the concepts of incident response systems, information rights management, and more. Moving on, it guides you to build your own information security framework as the best fit for your organization. Toward the end, you’ll discover some best practices that can be implemented to make your security framework strong. By the end of this book, you will be well-versed with all the factors involved in information security, which will help you build a security framework that is a perfect fit your organization’s requirements.
Table of Contents (19 chapters)
Title Page
Credits
About the Author
About the Reviewers
www.PacktPub.com
Customer Feedback
Preface

SDLC considerations for testing


Security testing fits into all parts of the SDLC/SELC and plays a vital role in ensuring the security of the information system, from project initiation until the information system has reached the end of its useful life and it is disposed of.

Project initiation

Conduct analysis of business needs: The information security professional must work closely with the business/mission users and the information technology staff to have a firm grasp of the solution that is required by the business and proposed by IT. This is an opportunity for the information security professional to add value to the project team by providing alternatives and ensuring that a secure proposal is developed.

During this phase, you will typically be conducting solution reviews versus outright technical testing. This is a very important part of the overall project life cycle, since this is where key project decisions are made from a business vision and technical direction perspective. These...