"CISO" / Category: business & economics / information management - Searchworks@Jio Institute Digital Library Search Results

151. Windows To Go : A Guide for Users and IT Professionals

Author: Joli Ballew and Joli Ballew
Subjects: Operating systems (Computers), Computer networks--Remote access
Abstract: Find out how to use, manage, deploy, and secure Windows To Go, the ultimate mobile edition of Windows 10, designed to boot directly from a USB stick. This book shows you how to use your Windows To Go drive to work at home and on the move and access local and network resources from anywhere. Readers responsible for deploying Windows To Go drives will also learn how to plan for, provision, deploy, and manage Windows To Go devices in the workplace in order to create an effective mobility solution for their users. A Windows To Go drive can be booted on any PC that meets the Windows 7 or later certification requirements, regardless of the operating system running on that PC.What You'll Learn:Understand how Windows To Go differs from a typical Windows installation on a desktopMeet the necessary hardware and software requirements for Windows To GoBoot your Windows To Go driveUse Windows To Go, at home and on the roadPlan and deploy Windows To Go in the workplaceSecure and protect Windows To Go drivesWho This Book Is For:End users and IT professionals
Published: 2016

152. IT-Management im Zeitalter der Digitalisierung : Auf dem Weg zur IT-Organisation der Zukunft

Author: Nils Urbach, Frederik Ahlemann, Nils Urbach, and Frederik Ahlemann
Subjects: Information technology--Management
Abstract: Dieses Buch thematisiert den drastischen Wandel, den die Geschäftswelt derzeit unter dem Stichwort Digitalisierung erlebt. Technologische Innovationen üben einen signifikanten Einfluss auf Prozesse, Produkte, Dienstleistungen und Geschäftsmodelle aus. Die resultierende Digitale Transformation hat disruptive Konsequenzen für viele Unternehmen und Branchen. Bislang haben sich viele IT-Organisationen darauf konzentriert, die Anforderungen der Fachbereiche möglichst effektiv und effizient in qualitativ hochwertige IT-Services zu übersetzen und diese zu betreiben. Nun sind sie in zunehmenden Maße gefordert, das Gesamtunternehmen aktiv mitzugestalten. Informationstechnologie realisiert Innovationen für das Business, und die IT-Organisation muss proaktiv und frühzeitig mit den Fachbereichen kooperieren, um solche Innovationen auf den Weg zu bringen. Dieses Buch zeigt, welche Implikationen die Digitalisierung für heutige IT-Organisationen mit ihren Strukturen, Prozessen und Menschen hat. Damitwendet es sich an IT-Führungskräfte, Manager, in deren Verantwortungsbereich die IT liegt, sowie praktisch interessierte Akademiker. Das Buch hilft, auf die Digitale Transformation nicht nur zu reagieren, sondern eine proaktive Rolle einzunehmen.
Published: 2016

153. Information Security Policies, Procedures, and Standards : A Practitioner's Reference

Author: Douglas J. Landoll and Douglas J. Landoll
Subjects: Business--Data processing--Security measures, Data protection, Computer security
Abstract: Information Security Policies, Procedures, and Standards: A Practitioner's Reference gives you a blueprint on how to develop effective information security policies and procedures. It uses standards such as NIST 800-53, ISO 27001, and COBIT, and regulations such as HIPAA and PCI DSS as the foundation for the content. Highlighting key terminology, policy development concepts and methods, and suggested document structures, it includes examples, checklists, sample policies and procedures, guidelines, and a synopsis of the applicable standards.The author explains how and why procedures are developed and implemented rather than simply provide information and examples. This is an important distinction because no two organizations are exactly alike; therefore, no two sets of policies and procedures are going to be exactly alike. This approach provides the foundation and understanding you need to write effective policies, procedures, and standards clearly and concisely.Developing policies and procedures may seem to be an overwhelming task. However, by relying on the material presented in this book, adopting the policy development techniques, and examining the examples, the task will not seem so daunting. You can use the discussion material to help sell the concepts, which may be the most difficult aspect of the process. Once you have completed a policy or two, you will have the courage to take on even more tasks. Additionally, the skills you acquire will assist you in other areas of your professional and private life, such as expressing an idea clearly and concisely or creating a project plan.
Published: 2016

154. Insider Threat : Prevention, Detection, Mitigation, and Deterrence

Author: Michael G. Gelles and Michael G. Gelles
Subjects: Business enterprises--Security measures, Employee crimes--Prevention, Risk assessment
Abstract: Insider Threat: Detection, Mitigation, Deterrence and Prevention presents a set of solutions to address the increase in cases of insider threat. This includes espionage, embezzlement, sabotage, fraud, intellectual property theft, and research and development theft from current or former employees. This book outlines a step-by-step path for developing an insider threat program within any organization, focusing on management and employee engagement, as well as ethical, legal, and privacy concerns. In addition, it includes tactics on how to collect, correlate, and visualize potential risk indicators into a seamless system for protecting an organization's critical assets from malicious, complacent, and ignorant insiders. Insider Threat presents robust mitigation strategies that will interrupt the forward motion of a potential insider who intends to do harm to a company or its employees, as well as an understanding of supply chain risk and cyber security, as they relate to insider threat. - Offers an ideal resource for executives and managers who want the latest information available on protecting their organization's assets from this growing threat - Shows how departments across an entire organization can bring disparate, but related, information together to promote the early identification of insider threats - Provides an in-depth explanation of mitigating supply chain risk - Outlines progressive approaches to cyber security
Published: 2016

155. Handbuch Unternehmenssicherheit : Umfassendes Sicherheits-, Kontinuitäts- und Risikomanagement mit System

Author: Klaus-Rainer Müller and Klaus-Rainer Müller
Subjects: Financial risk management, Financial security, Corporations--Finance
Abstract: Mit diesem Handbuch identifizieren Sie Risiken, bauen wegweisendes effizienzförderndes Handlungswissen auf und sichern so Ihr Unternehmen sowie seine Prozesse, Ressourcen und die Organisation ab. Der Autor führt Sie von den gesetzlichen, regulatorischen, normativen und geschäftspolitischen Sicherheits-, Kontinuitäts- und Risikoanforderungen bis zu Richtlinien, Konzepten und Maßnahmen. Die dreidimensionale Sicherheitsmanagementpyramide V sowie die innovative und integrative RiSiKo-Management-Pyramide V liefern ein durchgängiges, praxisorientiertes und systematisches Vorgehensmodell für den Aufbau und die Weiterentwicklung des Sicherheits-, Kontinuitäts- und Risikomanagements. Beispiele und Checklisten unterstützen Sie und der Online-Service des Autors bietet Ihnen zusätzliche News, Links und ergänzende Beiträge.
Published: 2015

156. IT Governance : An International Guide to Data Security and ISO27001/ISO27002

Author: Alan Calder, Steve Watkins, Alan Calder, and Steve Watkins
Subjects: Computer security, Data protection, Business enterprises--Computer networks--Security measures
Abstract: Faced with constant and fast-evolving threats to information security and with a growing exposure to cyber risk, managers at all levels and in organizations of all sizes need a robust IT governance system. Now in its sixth edition, the bestselling IT Governance provides guidance for companies looking to protect and enhance their information security management systems and protect themselves against cyber threats. This version has been fully updated to take account of current cyber security and advanced persistent threats and reflects the latest regulatory and technical developments, including the 2013 updates to ISO 27001/ISO 27002.Changes for this edition include: updates in line with the revised ISO 27001 standard and accompanying ISO 27002 code of practice for information security controls; full coverage of changes to data-related regulations in different jurisdictions and advice on compliance; guidance on the options for continual improvement models and control frameworks made possible by the new standard; new developments in cyber risk and mitigation practices; guidance on the new information security risk assessment process and treatment requirements. Including coverage of key international markets, IT Governance is the definitive guide to implementing an effective information security management and governance system.
Published: 2015

157. Security Supervision and Management : Theory and Practice of Asset Protection

Author: IFPO, Sandi J. Davies, Brion P. Gilbride, Chris A. Hertig, IFPO, Sandi J. Davies, Brion P. Gilbride, and Chris A. Hertig
Subjects: Private security services--Handbooks, manuals, etc, Police, Private--Training of--Handbooks, manuals, etc, Police, Private--Management--Handbooks, manuals, etc, Private security services--Management--Handbooks, manuals, etc
Abstract: Security Supervision and Management, Fourth Edition, fills the basic training needs for security professionals who want to move into supervisory or managerial positions. Covering everything needed from how to work with today's generation security force employees to the latest advances in the security industry, Security Supervision and Management, Fourth Edition, shows security officers how to become a more efficient and well-rounded security professional. Security Supervision and Management, Fourth Edition, is also the only text needed to prepare for the Certified in Security Supervision and Management (CSSM) designation offered by International Foundation for Protection Officers (IFPO). The IFPO also publishes The Professional Protection Officer: Practical Security Strategies and Emerging Trends, now in its 8th edition. - Core text for completing the Security Supervision and Management Program/Certified in Security Supervision and Management (CSSM) designation offered by IFPO - Contributions from more than 50 experienced security professionals in a single volume - Completely updated to reflect the latest procedural and technological changes in the security industry - Conforms to ANSI/ASIS standards
Published: 2015

158. Managing Online Risk : Apps, Mobile, and Social Media Security

Author: Deborah Gonzalez and Deborah Gonzalez
Subjects: Internet--Security measures, Computer networks--Security measures
Abstract: In recent years, building a corporate online presence has become nonnegotiable for businesses, as consumers expect to connect with them in as many ways as possible. There are benefits to companies that use online technology, but there are risks as well. Managing Online Risk presents the tools and resources needed to better understand the security and reputational risks of online and digital activity, and how to mitigate those risks to minimize potential losses. Managing Online Risk highlights security and risk management best practices that address concerns such as data collection and storage, liability, recruitment, employee communications, compliance violations, security of devices (in contexts like mobile, apps, and cloud computing), and more. Additionally, this book offers a companion website that was developed in parallel with the book and includes the latest updates and resources for topics covered in the book. - Explores the risks associated with online and digital activity and covers the latest technologies, such as social media and mobile devices - Includes interviews with risk management experts and company executives, case studies, checklists, and policy samples - A website with related content and updates (including video) is also available
Published: 2015

159. Corporate Security Management : Challenges, Risks, and Strategies

Author: Marko Cabric and Marko Cabric
Subjects: Corporations--Security measures--Management
Abstract: Corporate Security Management provides practical advice on efficiently and effectively protecting an organization's processes, tangible and intangible assets, and people. The book merges business and security perspectives to help transform this often conflicted relationship into a successful and sustainable partnership. It combines security doctrine, business priorities, and best practices to uniquely answer the Who, What, Where, Why, When and How of corporate security. Corporate Security Management explores the diverse structures of security organizations in different industries. It shows the crucial corporate security competencies needed and demonstrates how they blend with the competencies of the entire organization. This book shows how to identify, understand, evaluate and anticipate the specific risks that threaten enterprises and how to design successful protection strategies against them. It guides readers in developing a systematic approach to assessing, analyzing, planning, quantifying, administrating, and measuring the security function. - Addresses the often opposing objectives between the security department and the rest of the business concerning risk, protection, outsourcing, and more - Shows security managers how to develop business acumen in a corporate security environment - Analyzes the management and communication skills needed for the corporate security manager - Focuses on simplicity, logic and creativity instead of security technology - Shows the true challenges of performing security in a profit-oriented environment, suggesting ways to successfully overcome them - Illustrates the numerous security approaches and requirements in a wide variety of industries - Includes case studies, glossary, chapter objectives, discussion questions and exercises
Published: 2015

160. Big Data and Analytics : Strategic and Organizational Impacts

Author: Vincenzo Morabito and Vincenzo Morabito
Subjects: Machine theory, Economics, Data mining, Big data, Database management
Abstract: This book presents and discusses the main strategic and organizational challenges posed by Big Data and analytics in a manner relevant to both practitioners and scholars. The first part of the book analyzes strategic issues relating to the growing relevance of Big Data and analytics for competitive advantage, which is also attributable to empowerment of activities such as consumer profiling, market segmentation, and development of new products or services. Detailed consideration is also given to the strategic impact of Big Data and analytics on innovation in domains such as government and education and to Big Data-driven business models. The second part of the book addresses the impact of Big Data and analytics on management and organizations, focusing on challenges for governance, evaluation, and change management, while the concluding part reviews real examples of Big Data and analytics innovation at the global level. The text is supported by informative illustrations and case studies, so that practitioners can use the book as a toolbox to improve understanding and exploit business opportunities related to Big Data and analytics.
Published: 2015

161. Performing Information Governance : A Step-by-step Guide to Making Information Governance Work

Author: Anthony David Giordano and Anthony David Giordano
Subjects: Information resources management, Information resources management--Moral and ethical aspects
Abstract: Make Information Governance Work: Best Practices, Step-by-Step Tasks, and Detailed Deliverables Most enterprises recognize the crucial importance of effective information governance. However, few are satisfied with the value of their efforts to date. Information governance is difficult because it is a pervasive function, touching multiple processes, systems, and stakeholders. Fortunately, there are best practices that work. Now, a leading expert in the field offers a complete, step-by-step guide to successfully governing information in your organization. Using case studies and hands-on activities, Anthony Giordano fully illuminates the “who, what, how, and when” of information governance. He explains how core governance components link with other enterprise information management disciplines, and provides workable “job descriptions” for each project participant. Giordano helps you successfully integrate key data stewardship processes as you develop large-scale applications and Master Data Management (MDM) environments. Then, once you've deployed an information asset, he shows how to consistently get reliable regulatory and financial information from it. Performing Information Governance will be indispensable to CIOs and Chief Data Officers…data quality, metadata, and MDM specialists…anyone responsible for making information governance work. Coverage Includes Recognizing the hidden development and operational implications of information governance—and why it needs to be integrated in the broader organization Integrating information governance activities with transactional processing, BI, MDM, and other enterprise information management functions Establishing the information governance organization: defining roles, launching projects, and integrating with ongoing operations Performing information governance in transactional projects, including those using agile methods and COTS products Bringing stronger information governance to MDM: strategy, architecture, development, and beyond Governing information throughout your BI or Big Data project lifecycle Effectively performing ongoing information governance and data stewardship operational processes Auditing and enforcing data quality management in the context of enterprise information management Maintaining and evolving metadata management for maximum business value
Published: 2015

162. Measuring and Communicating Security's Value : A Compendium of Metrics for Enterprise Protection

Author: George Campbell and George Campbell
Subjects: Corporations--Security measures--Evaluation, Security systems--Management, Private security services--Evaluation
Abstract: In corporate security today, while the topic of information technology (IT) security metrics has been extensively covered, there are too few knowledgeable contributions to the significantly larger field of global enterprise protection. Measuring and Communicating Security's Value addresses this dearth of information by offering a collection of lessons learned and proven approaches to enterprise security management. Authored by George Campbell, emeritus faculty of the Security Executive Council and former chief security officer of Fidelity Investments, this book can be used in conjunction with Measures and Metrics in Corporate Security, the foundational text for security metrics. This book builds on that foundation and covers the why, what, and how of a security metrics program, risk reporting, insider risk, building influence, business alignment, and much more. - Emphasizes the importance of measuring and delivering actionable results - Includes real world, practical examples that may be considered, applied, and tested across the full scope of the enterprise security mission - Organized to build on a principal theme of having metrics that demonstrate the security department's value to the corporation
Published: 2015

163. Security Leader Insights for Success : Lessons and Strategies From Leading Security Professionals

Author: Dave Komendat and Dave Komendat
Subjects: Leadership, Success in business
Abstract: How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Success, a collection of timeless leadership best practices featuring insights from some of the nation's most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on leadership issues. Instead of re-inventing the wheel when faced with a new challenge, these proven practices and principles will allow you to execute with confidence knowing that your peers have done so with success. Security Leader Insights for Success is a part of Elsevier's Security Executive Council Risk Management Portfolio, a collection of real world solutions and'how-to'guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. - Each chapter can be read in five minutes or less, and is written by or contains insights from experienced security leaders. - Can be used to find illustrations and examples you can use to deal with a relevant issue. - Brings together the diverse experiences of proven security leaders in one easy-to-read resource.
Published: 2014

164. Measuring and Managing Information Risk : A FAIR Approach

Author: Jack Freund, Jack Jones, Jack Freund, and Jack Jones
Subjects: Risk management, Data protection, Computer security
Abstract: Using the factor analysis of information risk (FAIR) methodology developed over ten years and adopted by corporations worldwide, Measuring and Managing Information Risk provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity. Intended for organizations that need to either build a risk management program from the ground up or strengthen an existing one, this book provides a unique and fresh perspective on how to do a basic quantitative risk analysis. Covering such key areas as risk theory, risk calculation, scenario modeling, and communicating risk within the organization, Measuring and Managing Information Risk helps managers make better business decisions by understanding their organizational risk. - Uses factor analysis of information risk (FAIR) as a methodology for measuring and managing risk in any organization. - Carefully balances theory with practical applicability and relevant stories of successful implementation. - Includes examples from a wide variety of businesses and situations presented in an accessible writing style.
Published: 2014

165. Confessions of a Successful CIO : How the Best CIOs Tackle Their Toughest Business Challenges

Author: Dan Roberts, Brian Watson, Dan Roberts, and Brian Watson
Subjects: Chief information officers, Information technology--Management, Chief information officers--Case studies, Information technology--Management--Case studi, BUSINESS & ECONOMICS / Strategic Planning
Abstract: Be the most effective CIO you can be—by learning from the best in the business Today's Chief Information Officers must be an entirely new breed of technology leader. With ever-changing demands from the business, and in an increasingly technology-centric business environment, CIOs must find game-changing innovations and process improvements that make a real impact on the bottom line. Business executives need their CIOs to be real partners—speaking the language of the business and donning their strategist caps—not just commodity managers. Those IT leaders who fail to break out of the order-taker, utility manager mold will, simply put, be looking for a new job. In Confessions of a Successful CIO: How the Best CIOs Tackle Their Toughest Business Challenges, current and future CIOs will gain invaluable perspectives from the stories of today's best IT leaders. These acclaimed leaders—each profiled in their own chapter—explain the toughest business decision they had to make, and how the outcome influenced and impacted their leadership style. These in-depth anecdotes take the reader inside some of the most challenging business climates imaginable and chronicle how these elite CIOs made the decisions that mattered. Read detailed case studies of how some of the best CIOs have handled their most challenging business problems Learn how the best CIOs anticipate changes to their business and respond—before the business comes knocking Explore how these top-flight CIOs make critical decisions around strategy and IT to not only benefit their companies, but in some cases, to save them from becoming obsolete. Analyze their perspectives on managing people, crises and balancing the risks and rewards of their'bet the farm'strategies Confessions of a Successful CIO is the new playbook for learning how to take risks, respond to crises, and create more value from IT. Each chapter presents a different challenge, giving present-day and future IT leaders the chance to examine, analyze and learn so that they can be just as successful as the CIOs they're reading about.
Published: 2014

166. Safeguarding Intangible Assets

Author: Michael D. Moberly and Michael D. Moberly
Subjects: Corporate culture, Organizational behavior, Intangible property, Reputation, Value
Abstract: Safeguarding Intangible Assets provides strategies for preserving and enhancing a company's intangible assets to increase its profitability, competitiveness, and sustainability. Intangible assets such as patents, trademarks, copyrights, methodologies, and brand typically account for 80 percent of an organization's value and revenue. There are many forces making it more and more difficult to protect these assets, and securing them is a complex issue often overlooked by security and risk managers. Many security managers do not have adequate policies or procedures in place to protect these assets from compromise, infringement, and theft. Safeguarding Intangible Assets provides managers with the tools necessary for protecting these assets through effective and consistent oversight designed to preserve their control, use, and ownership. The book offers strategies for various types of business transactions, such as mergers and acquisitions, corporate-university R&D alliances, new product launches, early stage firms, and university-based spin-offs. - Offers step-by-step guidelines and best practices for establishing and maintaining an intangible asset protection program - Provides intangible asset risk management strategies that preserve the company's value, revenue, and competitive advantages - Shows how to collaboratively build a company culture that anticipates and recognizes intangible asset risks in everyday transactions and operations - Strengthens the interface with other departments'security practices, including IT, management, legal, accounting, finance, and risk management
Published: 2014

167. The Manager's Handbook for Business Security

Author: George Campbell and George Campbell
Subjects: Business enterprises--Security measures, Risk management
Abstract: The Manager's Handbook for Business Security is designed for new or current security managers who want build or enhance their business security programs. This book is not an exhaustive textbook on the fundamentals of security; rather, it is a series of short, focused subjects that inspire the reader to lead and develop more effective security programs.Chapters are organized by topic so readers can easily—and quickly—find the information they need in concise, actionable, and practical terms. This book challenges readers to critically evaluate their programs and better engage their business leaders. It covers everything from risk assessment and mitigation to strategic security planning, information security, physical security and first response, business conduct, business resiliency, security measures and metrics, and much more.The Manager's Handbook for Business Security is a part of Elsevier's Security Executive Council Risk Management Portfolio, a collection of real world solutions and'how-to'guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. - Chapters are organized by short, focused topics for easy reference - Provides actionable ideas that experienced security executives and practitioners have shown will add value to the business and make the manager a more effective leader - Takes a strategic approach to managing the security program, including marketing the program to senior business leadership and aligning security with business objectives
Published: 2014

168. Cyber Threat! : How to Manage the Growing Risk of Cyber Attacks

Author: MacDonnell Ulsch and MacDonnell Ulsch
Subjects: Business enterprises--Computer networks--Security measures, Corporations--Security measures, Computer crimes--Prevention, Computer networks--Security measures, Computer security
Abstract: Conquering cyber attacks requires a multi-sector, multi-modal approach Cyber Threat! How to Manage the Growing Risk of Cyber Attacks is an in-depth examination of the very real cyber security risks facing all facets of government and industry, and the various factors that must align to maintain information integrity. Written by one of the nation's most highly respected cyber risk analysts, the book describes how businesses and government agencies must protect their most valuable assets to avoid potentially catastrophic consequences. Much more than just cyber security, the necessary solutions require government and industry to work cooperatively and intelligently. This resource reveals the extent of the problem, and provides a plan to change course and better manage and protect critical information. Recent news surrounding cyber hacking operations show how intellectual property theft is now a matter of national security, as well as economic and commercial security. Consequences are far-reaching, and can have enormous effects on national economies and international relations. Aggressive cyber forces in China, Russia, Eastern Europe and elsewhere, the rise of global organized criminal networks, and inattention to vulnerabilities throughout critical infrastructures converge to represent an abundantly clear threat. Managing the threat and keeping information safe is now a top priority for global businesses and government agencies. Cyber Threat! breaks the issue down into real terms, and proposes an approach to effective defense. Topics include: The information at risk The true extent of the threat The potential consequences across sectors The multifaceted approach to defense The growing cyber threat is fundamentally changing the nation's economic, diplomatic, military, and intelligence operations, and will extend into future technological, scientific, and geopolitical influence. The only effective solution will be expansive and complex, encompassing every facet of government and industry. Cyber Threat! details the situation at hand, and provides the information that can help keep the nation safe.
Published: 2014

169. Information Risk Management : A Practitioner's Guide

Author: David Sutton and David Sutton
Subjects: Information technology--Management, Risk management
Abstract: Information risk management (IRM) is about identifying, assessing and prioritising risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It also includes a chapter on applying IRM in the public sector. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management.
Published: 2014

170. Informationsmanagement : Grundlagen, Aufgaben, Methoden

Author: Lutz J. Heinrich, René Riedl, Dirk Stelzer, Lutz J. Heinrich, René Riedl, and Dirk Stelzer
Subjects: Information retrieval, Information organization
Abstract: Informationsmanagement ist das auf Information und Kommunikation gerichtete Leitungshandeln in Organisationen, also alle Führungsaufgaben, die sich mit Information und Kommunikation befassen. In diesem Lehr- und Managementbuch werden in 45 Lerneinheiten die Grundlagen und Aufgaben des Informationsmanagements und die Methoden dargestellt, die zur Unterstützung der Aufgabenerfüllung geeignet sind. Mit fünf Fallstudien werden Probleme, Lösungswege und Ergebnisse von Forschungsvorhaben und wissenschaftlich begleiteter Entwicklungsarbeit gezeigt.Die Lerneinheiten sind klar und einheitlich strukturiert: Lernziele, Definitionen der verwendeten Begriffe und Kontrollfragen erleichtern das Selbststudium; der Lernstoff ist in Abschnitte gegliedert und wird durch Abbildungen ergänzt; Forschungsbefunde belegen seine wissenschaftliche und praktische Bedeutung; Praxisbeispiele beschreiben Probleme und Problemlösungen; Vertiefungsliteratur, Informationsmaterial und einschlägige Normen ermöglichen eine weiterführende Beschäftigung mit dem Lernstoff.
Published: 2014

171. Security Leader Insights for Information Protection : Lessons and Strategies From Leading Security Professionals

Author: Bob Fahy and Bob Fahy
Subjects: Data protection, Data security
Abstract: How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Information Protection, a collection of timeless leadership best practices featuring insights from some of the nation's most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on security's role in information protection. Instead of re-inventing the wheel when faced with a new challenge, these proven practices and principles will allow you to execute with confidence knowing that your peers have done so with success. It includes chapters on the collaboration between corporate and information security, emerging issues in information protection, and information protection regulations and standards. Security Leader Insights for Information Protection is a part of Elsevier's Security Executive Council Risk Management Portfolio, a collection of real world solutions and'how-to'guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. - Each chapter can be read in five minutes or less, and is written by or contains insights from experienced security leaders. - Can be used to find illustrations and examples you can use to deal with a relevant issue. - Brings together the diverse experiences of proven security leaders in one easy-to-read resource.
Published: 2014

172. Security Leader Insights for Effective Management : Lessons and Strategies From Leading Security Professionals

Author: Randy Harrison and Randy Harrison
Subjects: Risk managers, Security systems--Management, Business enterprises--Security measures
Abstract: How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Effective Management, a collection of timeless leadership best practices featuring insights from some of the nation's most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on topics such as the characteristics of effective security leaders and programs, leading through difficult times, budget issues, and aligning security with business goals. Instead of re-inventing the wheel when faced with a new challenge, these proven practices and principles will allow you to execute with confidence knowing that your peers have done so with success. Security Leader Insights for Effective Management is a part of Elsevier's Security Executive Council Risk Management Portfolio, a collection of real world solutions and'how-to'guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. - Each chapter can be read in five minutes or less, and is written by or contains insights from experienced security leaders. - Can be used to find illustrations and examples you can use to deal with a relevant issue. - Brings together the diverse experiences of proven security leaders in one easy-to-read resource.
Published: 2014

173. Measures and Metrics in Corporate Security

Author: George Campbell and George Campbell
Subjects: Corporations--Security measures
Abstract: The revised second edition of Measures and Metrics in Corporate Security is an indispensable guide to creating and managing a security metrics program. Authored by George Campbell, emeritus faculty of the Security Executive Council and former chief security officer of Fidelity Investments, this book shows how to improve security's bottom line and add value to the business. It provides a variety of organizational measurements, concepts, metrics, indicators and other criteria that may be employed to structure measures and metrics program models appropriate to the reader's specific operations and corporate sensitivities. There are several hundred examples of security metrics included in Measures and Metrics in Corporate Security, which are organized into categories of security services to allow readers to customize metrics to meet their operational needs. Measures and Metrics in Corporate Security is a part of Elsevier's Security Executive Council Risk Management Portfolio, a collection of real world solutions and'how-to'guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. - Describes the basic components of a metrics program, as well as the business context for metrics - Provides guidelines to help security managers leverage the volumes of data their security operations already create - Identifies the metrics security executives have found tend to best serve security's unique (and often misunderstood) missions - Includes 375 real examples of security metrics across 13 categories
Published: 2014

174. Enterprise Identity Management : Towards an Investment Decision Support Approach

Author: Denis Royer and Denis Royer
Subjects: Data protection, Information technology--Security measures, Computer networks--Security measures, Computer networks--Access control
Abstract: The introduction of Enterprise Identity Management Systems (EIdMS) in organizations even beyond the purely technological level is a costly and challenging endeavor. However, for decision makers it seems difficult to fully understand the impacts and opportunities arising from the introduction of EIdMS. This book explores the relevant aspects for an ex-ante evaluation of EIdMS. Therefore it examines this domain by employing a qualitative expert interview study to better understand the nature of EIdMS, as they are situated between security and productive IT systems. To this regard, the focus is put on the general nature of EIdMS projects and the constructs being relevant for analyzing such projects in the decision support phase. Based on the derived constructs and thematic topics from the interviews, an explanatory model for EIdMS introductions is derived and iteratively improved and evaluated. Finally, a possible application use-case for the creation of adequate decision support tools is presented.
Published: 2013

175. Information Security Management Principles

Author: David Alexander, Amanda Finch, David Sutton, Andy Taylor, David Alexander, Amanda Finch, David Sutton, and Andy Taylor
Subjects: Computer security--Management, Data protection
Abstract: In today's technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. The second edition includes the security of cloud-based resources and the contents have been revised to reflect the changes to the BCS Certification in Information Security Management Principles which the book supports.
Published: 2013

176. Information Security Policy Development for Compliance : ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0

Author: Barry L. Williams and Barry L. Williams
Subjects: Data protection, Computer networks--Security measures, Computer security, Access control
Abstract: Although compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control. Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will help readers elicit management opinions on information security and document the formal and informal procedures currently in place. Topics covered include:Entity-level policies and procedures, Access-control policies and procedures, Change control and change management, System information integrity and monitoring, System services acquisition and protection, Informational asset management, Continuity of operations. The book supplies you with the tools to use the full range of compliance standards as guides for writing policies that meet the security needs of your organization. Detailing a methodology to facilitate the elicitation process, it asks pointed questions to help you obtain the information needed to write relevant policies. More importantly, this methodology can help you identify the weaknesses and vulnerabilities that exist in your organization. A valuable resource for policy writers who must meet multiple compliance standards, this guidebook is also available in eBook format. The eBook version includes hyperlinks beside each statement that explain what the various standards say about each topic and provide time-saving guidance in determining what your policy should include.
Published: 2013

177. Availability, Reliability, and Security in Information Systems and HCI : IFIP WG 8.4, 8.9, TC 5 International Cross-Domain Conference, CD-ARES 2013, Regensburg, Germany, September 2-6, 2013, Proceedings

Author: Alfredo Cuzzocrea, Christian Kittl, Dimitris E. Simos, Edgar Weippl, Lida Xu, Alfredo Cuzzocrea, Christian Kittl, Dimitris E. Simos, Edgar Weippl, and Lida Xu
Subjects: Application software, Data protection, Information storage and retrieval systems, Cryptography, Data encryption (Computer science), Electronic commerce, Business information services
Abstract: This book constitutes the refereed proceedings of the IFIP WG 8.4, 8.9, TC 5 International Cross-Domain Conference on Availability, Reliability and Security, CD-ARES 2013, held in Regensburg, Germany, in September 2013. The 21 revised papers presented were carefully reviewed and selected for inclusion in the volume. The papers concentrate on the many aspects of information systems bridging the gap between research results in computer science and the many application fields. They are organized in the following topical sections: economic, ethical, legal, multilingual, organizational and social aspects; context-oriented information integration; data/information management as a service; context-oriented information integration and location-aware computing; security and privacy; risk management and business continuity; and security and privacy and location based applications. Also included are 15 papers from a special session on Human-Computer Interaction and Knowledge Discovery (HCI-KDD 2013).
Published: 2013

178. Unmasking Project Management : The Business Perspective of Information Systems Success

Author: C. Moraveck and C. Moraveck
Subjects: Information technology--Management, Information technology projects--Management, Project management
Abstract: Unmasking Project Management helps professionals in information technology (IT) and business identify successful approaches to management of information systems (MIS) that will work for their organizations and projects.
Published: 2013

179. Accounting Information Systems, Australasian Edition

Author: Marshall B. Romney, Joseph Mula, Paul J. Steinbart, Ray McNamara, Trevor Tonkin, Marshall B. Romney, Joseph Mula, Paul J. Steinbart, Ray McNamara, and Trevor Tonkin
Abstract: Developed especially for Australasian AIS courses Accounting Information Systems has been extensively revised to incorporate local laws, standards and business practices. The text has a new and flexible structure developed especially for Australasian AIS courses, while also retaining the features that make the US edition easy to use. Important concepts such as systems cycles, controls, auditing, fraud and cybercrime, ethics and the REA data model are brought to life by a wide variety of Australasian case studies and examples. With a learning and teaching resource package second to none, this is the perfect resource for one-semester undergraduate and graduate courses in Accounting Information Systems. Samples Download the detailed table of contents > Preview sample pages from Accounting Information Systems, Australasian edition > Student resources: Chapter 4: S&S In-Chapter Database.accdb > Chapter 9: Spreadsheet for Problem 9.7 >
Published: 2012

180. Low Tech Hacking : Street Smarts for Security Professionals

Author: Terry Gudaitis, Jennifer Jabbusch, Russ Rogers, Jack Wiles, Sean Lowther, Terry Gudaitis, Jennifer Jabbusch, Russ Rogers, Jack Wiles, and Sean Lowther
Subjects: Computer security, Computer hackers
Abstract: Low Tech Hacking teaches your students how to avoid and defend against some of the simplest and most common hacks. Criminals using hacking techniques can cost corporations, governments, and individuals millions of dollars each year. While the media focuses on the grand-scale attacks that have been planned for months and executed by teams and countries, there are thousands more that aren't broadcast. This book focuses on the everyday hacks that, while simple in nature, actually add up to the most significant losses. It provides detailed descriptions of potential threats and vulnerabilities, many of which the majority of the information systems world may be unaware. It contains insider knowledge of what could be your most likely low-tech threat, with timely advice from some of the top security minds in the world. Author Jack Wiles spent many years as an inside penetration testing team leader, proving that these threats and vulnerabilities exist and their countermeasures work. His contributing authors are among the best in the world in their respective areas of expertise. The book is organized into 8 chapters covering social engineering; locks and ways to low tech hack them; low tech wireless hacking; low tech targeting and surveillance; low tech hacking for the penetration tester; the law on low tech hacking; and information security awareness training as a countermeasure to employee risk. This book will be a valuable resource for penetration testers, internal auditors, information systems auditors, CIOs, CISOs, risk managers, fraud investigators, system administrators, private investigators, ethical hackers, black hat hackers, corporate attorneys, and members of local, state, and federal law enforcement. - Contains insider knowledge of what could be your most likely Low Tech threat - Includes timely advice from some of the top security minds in the world - Covers many detailed countermeasures that you can employ to improve your security posture
Published: 2012

181. Information Systems: Crossroads for Organization, Management, Accounting and Engineering : ItAIS: The Italian Association for Information Systems

Author: Marco De Marco, Dov Te'eni, Valentina Albano, Stefano Za, Marco De Marco, Dov Te'eni, Valentina Albano, and Stefano Za
Subjects: Information technology, Internet, Computer networks, Business--Data processing, Engineering--Data processing, Management--Data processing, Electronic data processing
Abstract: This book examines a wide range of issues that characterize the current IT based innovation trends in organizations. It contains a collection of research papers focusing on themes of growing interest in the field of Information Systems, Organization Studies, Management, Accounting and Engineering. The book offers a multidisciplinary view on Information Systems with the aim of disseminating academic knowledge. It would be particularly relevant to IT practitioners such as information systems managers and IT consultants.The 12 sections cover a broad spectrum of topics including: eServices in Public and Private Sectors; Organizational Change and the Impact of ICT in Public and Private Sectors; Information and Knowledge Management; Human-Computer Interaction; Information Systems, Innovation Transfer, and New Business Models; Business Intelligence Systems, their Strategic Role and Organizational Impacts; New Ways to Work and Interact with the Internet; IS, IT and Security; Blending Design and Behavioral Research in Information Systems; Professional Skills, Certification of Curricula, Online Education and Communities; IS Design, IS Development, Metrics and Compliance; ICT4LAW: Information and communication technologies to help firms, public administrations, legislators and citizens to operate in a highly regulated world.The content of each section is based on a selection of original double-blind peer reviewed contributions.
Published: 2012

182. Thor's Microsoft Security Bible : A Collection of Practical Security Techniques

Author: Timothy "Thor" Mullen and Timothy "Thor" Mullen
Subjects: Computer security--Handbooks, manuals, etc, Microsoft software--Security measures--Handbooks, manuals, etc
Abstract: Thor's Microsoft Security Bible provides a one-stop-shop for Microsoft-related security techniques and procedures as applied to the typical deployment of a Microsoft-based infrastructure. Written by world-renowned security expert Timothy Thor Mullen, the book presents a fascinating collection of practical and immediately implementable Microsoft security techniques, processes and methodologies uniquely illustrated through real-world process examples. This book contains detailed security concepts and methodologies described at every level: Server, Client, Organizational Structure, Platform-specific security options, and application specific security (IIS, SQL, Active Directory, etc.). It also includes new, never-before-published security tools complete with source code; detailed technical information on security processes for all major Microsoft applications; unique project-based storytelling delivery, combining multiple security techniques and methods together for real-world solutions to security challenges in actual business use cases; reference-style content for access to specific application security techniques and methods; actual author opinion and guidance as not only HOW to go about security particular applications, but WHY to do so. This book will be of interest to systems and network administrators, IT managers, security and network engineers, and database administrators. - Named the 2011 Best Systems Administration Book by InfoSec Reviews - Detailed technical information on security processes for all major Microsoft applications - Unique project-based'storytelling'delivery, combining multiple security techniques and methods together for real-world solutions to security challenges in actual business use cases - Reference-style content for access to specific application security techniques and methods - Actual author opinion and guidance as not only HOW to go about security particular applications, but WHY to do so
Published: 2011

183. IT-Risiko-Management mit System : Von den Grundlagen bis zur Realisierung - Ein praxisorientierter Leitfaden

Author: Hans-Peter Königs and Hans-Peter Königs
Subjects: Business information services, Strategic planning, Leadership, Electronic data processing—Management, Data protection, Application software
Abstract: Der praxisbezogene Leitfaden für das IT-Risiko-Management im Unternehmen ist branchenneutral und angepasst an die aktuelle Situation der Standardisierung, der IT Governance und der aktuellen Rahmenwerke (z. B. CobiT). Systematisch werden die Risiken rund um die Informationen, IT-Systeme und IT-Dienstleistungen behandelt. Der Leser erhält alles, was zur Analyse und Bewältigung dieser Risiken methodisch erforderlich ist, um es in der Praxis sicher umsetzen zu können. Ein beispielhafter Risiko-Management-Prozess zeigt auf, wie die IT-Risiken zusammen mit anderen wichtigen Risiken in die Management-Prozesse des Unternehmens einbezogen werden. Auf diese Weise wird den Anforderungen der'Corporate Governance'zum Wohle des Unternehmens umfassend Rechnung getragen.In dieser 3. Auflage sind Compliance-Themen aus der Perspektive Risiko-Management wie Basel II, SOX und Schweizerisches Obligationenrecht aktualisiert. Das Geschäftskontinuitäts- und Notfall-Managements basierend auf heutigen Standards (z. B. BS 25999-x) wird vertieft behandelt. Außerdem ergänzt ein zusätzliches Kapitel die Thematik der Kosten-Nutzen-Analyse in der IT aus Risikosicht.
Published: 2011

184. Effective Security Management

Author: Charles A. Sennewald, Curtis Baillie, Charles A. Sennewald, and Curtis Baillie
Subjects: Security systems--Management
Abstract: Effective Security Management, Sixth Edition teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. The author, Charles Sennewald, brings common sense, wisdom, and humor to this bestselling introduction to security management that is ideal for both new and experienced security managers. The sixth edition of this classic professional reference work on the topic includes newly updated and expanded coverage of topics such as the integration of security executive into the business, background checks and hiring procedures, involvement in labor disputes, organized crime, and the role of social media. Offers the most current picture of the role and duties of security managers Includes three new chapters on security ethics and conflicts of interest, convergence in security management, and ISO security standards, along with coverage of new security jobs titles and duties Contains updated contributions from leading security experts Colin Braziel, Karim Vellani, and James Broder Case studies and examples from around the world are included to facilitate further understanding
Published: 2011

185. Risk Service Engineering : Informationsmodelle für das Risikomanagement

Author: Michael Schermann and Michael Schermann
Subjects: Business information services, Financial services industry
Abstract: Der effektive Umgang mit Risiken gehört zu den elementaren Voraussetzungen erfolgreichen unternehmerischen Handelns. Michael Schermann präsentiert eine Modellierungsmethode, die Risikomanager bei der systematischen Entwicklung von Maßnahmen zur Risikosteuerung unterstützt. Im Kern steht das Konzept der Risk Services als spezifische Dienstleistungen zur Sicherung des Wertbeitrags des Informationsmanagements. Als Fundament der Methodenentwicklung dient eine kritische Auseinandersetzung mit gängigen Konzepten des Risikomanagements.
Published: 2011

186. Health-Care Telematics in Germany : Design and Application of a Security Analysis Method

Author: Ali Sunyaev and Ali Sunyaev
Subjects: Health services administration, Business information services, Management
Abstract: Health-care telematics in Germany have been a much discussed topic in recent years. Based on the methodological foundation of design-oriented artifact construction in Information Systems (IS) research, in particular method engineering, Ali Sunyaev develops a method for the organizational and technical analysis of security issues in health care using tools, methods, and processes in a structured and traceable way. He identifies security problems in the current concept of German health-care telematics and derives recommendations for future developments in the health-care sector.
Published: 2011

187. Official (ISC)2 Guide to the CSSLP

Author: Mano Paul and Mano Paul
Subjects: Computer software--Development, Computer security
Abstract: As the global leader in information security education and certification, (ISC)2 has a proven track record of educating and certifying information security professionals. Its newest certification, the Certified Secure Software Lifecycle Professional (CSSLP) is a testament to the organization's ongoing commitment to information and software security
Published: 2011

188. Security Risk Management : Building an Information Security Risk Management Program From the Ground Up

Author: Evan Wheeler and Evan Wheeler
Subjects: Risk management, Risk management--Security measures
Abstract: Security Risk Management is the definitive guide for building or running an information security risk management program. This book teaches practical techniques that will be used on a daily basis, while also explaining the fundamentals so students understand the rationale behind these practices. It explains how to perform risk assessments for new IT projects, how to efficiently manage daily risk activities, and how to qualify the current risk level for presentation to executive level management. While other books focus entirely on risk analysis methods, this is the first comprehensive text for managing security risks. This book will help you to break free from the so-called best practices argument by articulating risk exposures in business terms. It includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment. It explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk. It also presents a roadmap for designing and implementing a security risk management program. This book will be a valuable resource for CISOs, security managers, IT managers, security consultants, IT auditors, security analysts, and students enrolled in information security/assurance college programs. - Named a 2011 Best Governance and ISMS Book by InfoSec Reviews - Includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment - Explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk - Presents a roadmap for designing and implementing a security risk management program
Published: 2011

189. Managing Information Technology

Author: Carol V. Brown, Daniel W DeHayes, Jeffrey Slater, Wainright E. Martin, William C. Perkins, Carol V. Brown, Daniel W DeHayes, Jeffrey Slater, Wainright E. Martin, and William C. Perkins
Abstract: A thorough and practical guide to IT management practices and issues. Through an approach that offers up-to-date chapter content and full-length case studies, Managing Information Technology presents in-depth coverage on IS management practices and technology trends. The sixth edition has been thoroughly updated and streamlined to reflect current IS practices.
Published: 2011

190. Information Security Management : Concepts and Practice

Author: Bel G. Raggad and Bel G. Raggad
Subjects: Computer security--Management, Data protection
Abstract: Information security cannot be effectively managed unless secure methods and standards are integrated into all phases of the information security life cycle. And, although the international community has been aggressively engaged in developing security standards for network and information security worldwide, there are few textbooks available that
Published: 2010

191. Seven Deadliest USB Attacks

Author: Brian Anderson, Barbara Anderson, Brian Anderson, and Barbara Anderson
Subjects: Computer networks--Security measures, Computer security
Abstract: Seven Deadliest USB Attacks provides a comprehensive view of the most serious types of Universal Serial Bus (USB) attacks. While the book focuses on Windows systems, Mac, Linux, and UNIX systems are equally susceptible to similar attacks. If you need to keep up with the latest hacks, attacks, and exploits effecting USB technology, then this book is for you. This book pinpoints the most dangerous hacks and exploits specific to USB, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. The attacks outlined in this book are intended for individuals with moderate Microsoft Windows proficiency. The book provides the tools, tricks, and detailed instructions necessary to reconstruct and mitigate these activities while peering into the risks and future aspects surrounding the respective technologies. There are seven chapters that cover the following: USB Hacksaw; the USB Switchblade; viruses and malicious codes; USB-based heap overflow; the evolution of forensics in computer security; pod slurping; and the human element of security, including the risks, rewards, and controversy surrounding social-engineering engagements. This book was written to target a vast audience including students, technical staff, business leaders, or anyone seeking to understand fully the removable-media risk for Windows systems. It will be a valuable resource for information security professionals of all levels, as well as web application developers and recreational hackers. - Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally - Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how - Institute countermeasures, don't be caught defenseless again, and learn techniques to make your computer and network impenetrable
Published: 2010

192. Information Resources Management: Concepts, Methodologies, Tools and Applications

Author: author unknown and author unknown
Subjects: Information resources management
Abstract: 'This work is a comprehensive, four-volume reference addressing major issues, trends, and areas for advancement in information management research, containing chapters investigating human factors in IT management, as well as IT governance, outsourcing, and diffusion'--Provided by publisher.
Published: 2010

193. Official (ISC)2® Guide to the ISSMP® CBK®

Author: Joseph Steinberg, Harold F. Tipton, Joseph Steinberg, and Harold F. Tipton
Subjects: Computer security--Management--Examinations --, Electronic data processing departments--Security, Data protection--Examinations--Study guides, Electronic data processing personnel--Certificat
Abstract: As the recognized leader in the field of information security education and certification, the (ISC)2 promotes the development of information security professionals around the world. The Certified Information Systems Security Professional-Information Systems Security Management Professional (CISSP-ISSMP) examination assesses individuals understa
Published: 2009

194. The Effective CIO : How to Achieve Outstanding Success Through Strategic Alignment, Financial Management, and IT Governance

Author: Eric J. Brown, William A. Yarberry Jr, Eric J. Brown, and William A. Yarberry Jr
Subjects: Chief information officers, Information technology--Management, Information resources management
Abstract: In a business world of uncertain budgets, relentless technology changes, scarce management talent, and intense production demands, theory is good, but practice sells. The Effective CIO: How to Achieve Outstanding Success through Strategic Alignment, Financial Management, and IT Governance is all about practice, successfully delivering the nuts-and-bolts for effective governance execution. It helps to dissolve the negative image many CIOs have as remote, purely rational decision machines, while demonstrating how to improve quality and throughput in your business.This authoritative text includes governance checklists, sample IT controls, merger and acquisition recommendations, and a detailed framework for IT policies. Authored by two highly regarded IT management experts, the book provides not only a survey of existing strategies, but also includes detailed problem-solving ideas, such as how to structure optimal IT and telecom contracts with suppliers, the implications of SOP-98, and accounting for software costs. The book seamlessly brings together two perspectives - that of a working CIO who must cope with day-to-day pressures for results, and that of an IT audit consultant with a special focus on governance and internal control. Unlike many other CIO-related books that merely discuss strategies, The Effective CIO includes easy-to-follow guidelines and governance principles that can be implemented immediately.
Published: 2009

195. How to Complete a Risk Assessment in 5 Days or Less

Author: Thomas R. Peltier and Thomas R. Peltier
Subjects: Risk assessment, Risk management, Crisis management, Emergency management
Abstract: Successful security professionals have had to modify the process of responding to new threats in the high-profile, ultra-connected business environment. But just because a threat exists does not mean that your organization is at risk. This is what risk assessment is all about. How to Complete a Risk Assessment in 5 Days or Less demonstrates how to identify threats your company faces and then determine if those threats pose a real risk to the organization. To help you determine the best way to mitigate risk levels in any given situation, How to Complete a Risk Assessment in 5 Days or Less includes more than 350 pages of user-friendly checklists, forms, questionnaires, and sample assessments. Presents Case Studies and Examples of all Risk Management Components based on the seminars of information security expert Tom Peltier, this volume provides the processes that you can easily employ in your organization to assess risk. Answers such FAQs as: Why should a risk analysis be conducted Who should review the results? How is the success measured? Always conscious of the bottom line, Peltier discusses the cost-benefit of risk mitigation and looks at specific ways to manage costs. He supports his conclusions with numerous case studies and diagrams that show you how to apply risk management skills in your organization-and it's not limited to information security risk assessment. You can apply these techniques to any area of your business. This step-by-step guide to conducting risk assessments gives you the knowledgebase and the skill set you need to achieve a speedy and highly-effective risk analysis assessment in a matter of days.
Published: 2009

196. HOWTO Secure and Audit Oracle 10g and 11g

Author: Ron Ben-Natan and Ron Ben-Natan
Subjects: Oracle (Computer file), Computer security, Data protection, Database security
Abstract: This guide demonstrates how to secure sensitive data and comply with internal and external audit regulations using Oracle 10g and 11g. It provides the hands-on guidance required to understand the complex options provided by Oracle and the know-how to choose the best option for a particular case. The book presents specific sequences of actions that should be taken to enable, configure, or administer security-related features. It includes best practices in securing Oracle and on Oracle security options and products. By providing specific instructions and examples this book bridges the gap between the individuals who install and configure a security feature and those who secure and audit it.
Published: 2009

197. Knowledge Retention : Strategies and Solutions

Author: Jay Liebowitz and Jay Liebowitz
Subjects: Knowledge management, Human capital--Management
Abstract: As the baby boomer generation approaches retirement age, many organizations are facing the potential crisis of lost knowledge. Devised to help those organizations who are dependent on the accumulated knowledge of stakeholders, this book details a proactive approach to knowledge retention. Written by Jay Liebowitz, one of the most sought after knowledge management experts, this text explains how to identify at risk knowledge areas, and then demonstrates how to keep those areas from becoming knowledge vacuums. To reinforce his points, the book contains case studies from The Aerospace Corporation, Chevron, and Knowledge Harvesting Inc., who have become models for the implementation of knowledge retention strategies.
Published: 2009

198. The Business Value of IT : Managing Risks, Optimizing Performance and Measuring Results

Author: Michael D. S. Harris, David Herron, Stasia Iwanicki, Michael D. S. Harris, David Herron, and Stasia Iwanicki
Subjects: Information technology--Economic aspects
Abstract: In order to maximize IT resources and justify IT expenditures, CIO's and other IT managers must be able to identify meaningful metrics and explain them in a way that management can understand. The Business Value of IT: Managing Risks, Optimizing Performance, and Measuring Results solves this problem by providing practical answers to
Published: 2008

199. Enterprise Applications and Services in the Finance Industry : 3rd International Workshop, FinanceCom 2007, Montreal, Canada, December 8, 2007, Revised Papers

Author: Daniel Veit, Dennis Kundisch, Tim Weitzel, Christof Weinhardt, Fethi A. Rabhi, Federico Rajola, Daniel Veit, Dennis Kundisch, Tim Weitzel, Christof Weinhardt, Fethi A. Rabhi, and Federico Rajola
Subjects: Financial services industry--Information technology--Congresses
Published: 2008

200. Oracle Identity Management : Governance, Risk, and Compliance Architecture, Third Edition

Author: Marlin B. Pohlman and Marlin B. Pohlman
Subjects: QA76.9.A25
Abstract: In the third edition of this popular reference, identity management specialist Marlin B. Pohlman offers a definitive guide for corporate stewards struggling with the challenge of meeting regulatory compliance. He examines multinational regulations, delves into the nature of governance, risk, and compliance (GRC), and outlines a common taxonomy for the GRC space. He also cites standards that are used, illustrating compliance frameworks such as BSI, ITIL, and COBIT. The text focuses on specific software components of the Oracle Identity Management solution and includes elements of the Oracle compliance architecture.
Published: 2008

Searchworks

Select search scope, currently: Articles Catalog books, media & more in Jio Institute collections Articles journal articles & other e-resources

Search

Search Constraints

Refine your results

Search Limiters

Topic

Publication Year Range

Language

Category

Publication Type

Database

Publisher

210 results on '"CISO"'

Search Results

Catalog

Select search scope, currently: Articles

Catalog

books, media & more in Jio Institute collections

Articles

journal articles & other e-resources