This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers: Fundamentals of information security providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors. Fundamentals of management of information security - explains what information security management is about and its objectives. Details are also given on implementing the process and the continuous effort required to maintain its quality. ITIL V3 and Information Security Management - shows the links with the other ITIL processes. Shows how integrating the Information Security Management activities into existing processes and activities not only supports efficiencies but ultimately is the key way to achieve effective Information Security Management. Implementing Information Security Management - gives practical advice how to put Information Security Management into practice. From awareness in the organization via documentation required to maturity models; this guidance describes best practices for realizing Information Security Management.

This groundbreaking new title looks at Information Security from defining what security measures positively support the business, to implementation to maintaining the required level and anticipating required changes. It covers: Fundamentals of information security – providing readers insight and give background about what is going to be managed. Topics covered include: types of security controls, business benefits and the perspectives of business, customers, partners, service providers, and auditors. Fundamentals of management of information security - explains what information security management is about and its objectives. Details are also given on implementing the process and the continuous effort required to maintain its quality. ITIL V3 and Information Security Management - shows the links with the other ITIL processes. Shows how integrating the Information Security Management activities into existing processes and activities not only supports efficiencies but ultimately is the key way to achieve effective Information Security Management. Implementing Information Security Management - gives practical advice how to put Information Security Management into practice. From awareness in the organization via documentation required to maturity models; this guidance describes best practices for realizing Information Security Management.

Besides the Information Security Management Professional based on ISO/IEC 27001 Courseware revised Edition– English (ISBN: 9789401803656) publication you are advised to obtain the publication Information Security Management with ITIL® V3 (ISBN: 9789087535520). Information is crucial for the continuity and proper functioning of both individual organizations and the economies they fuel; this information must be protected against access by unauthorized people, protected against accidental or malicious modification or destruction and must be available when it is needed. The EXIN Information Security Management (based on ISO/IEC 27001) certification program consist out of three Modules: Foundation, Professional and Expert. This book is the officially by Exin accredited courseware for the Information Security Management Professional training. It includes: • Trainer presentation handout • Sample exam questions • Practical assignments • Exam preparation guide The module Information Security Management Professional based on ISO/IEC 27001 tests understanding of the organizational and managerial aspects of information security. The subjects of this module are Information Security Perspectives (business, customer, and the service provider) Risk Management (Analysis of the risks, choosing controls, dealing with remaining risks) and Information Security Controls (organizational, technical and physical controls). The program and this courseware are intended for everyone who is involved in the implementation, evaluation, and reporting of an information security program, such as an Information Security Manager (ISM), Information Security Officer (ISO) or a Line Manager, Process Manager or Project Manager with security responsibilities. Basic knowledge of Information Security is recommended, for instance through the EXIN Information Security Foundation based on ISO/IEC 27001 certification. Information is crucial for the continuity and proper functioning of both individual organizations and the economies they fuel; this information must be protected against access by unauthorized people, protected against accidental or malicious modification or destruction and must be available when it is needed. The EXIN Information Security Management (based on ISO/IEC 27001) certification program consist out of three Modules: Foundation, Professional and Expert. This book is the officially by Exin accredited courseware for the Information Security Management Professional training. It includes: • Trainer presentation handout • Sample exam questions • Practical assignments • Exam preparation guide The module Information Security Management Professional based on ISO/IEC 27001 tests understanding of the organizational and managerial aspects of information security. The subjects of this module are Information Security Perspectives (business, customer, and the service provider) Risk Management (Analysis of the risks, choosing controls, dealing with remaining risks) and Information Security Controls (organizational, technical and physical controls). The program and this courseware are intended for everyone who is involved in the implementation, evaluation, and reporting of an information security program, such as an Information Security Manager (ISM), Information Security Officer (ISO) or a Line Manager, Process Manager or Project Manager with security responsibilities. Basic knowledge of Information Security is recommended, for instance through the EXIN Information Security Foundation based on ISO/IEC 27001 certification.

ITIL(R) is a framework for IT service management and provides best management practice to meet ISO/IEC 20k. This guide introduces ITIL both to Foundation Exam candidates and to people who require a practical understanding of IT sevice management. An ITIL(R) Licensed Product.

Create appropriate, security-focused business propositions that consider the balance between cost, risk, and usability, while starting your journey to become an information security manager. Covering a wealth of information that explains exactly how the industry works today, this book focuses on how you can set up an effective information security practice, hire the right people, and strike the best balance between security controls, costs, and risks. Practical Information Security Management provides a wealth of practical advice for anyone responsible for information security management in the workplace, focusing on the ‘how’ rather than the ‘what’. Together we’ll cut through the policies, regulations, and standards to expose the real inner workings of what makes a security management program effective, covering the full gamut of subject matter pertaining to security management: organizational structures, security architectures, technical controls, governance frameworks, and operational security. This book was not written to help you pass your CISSP, CISM, or CISMP or become a PCI-DSS auditor. It won’t help you build an ISO 27001 or COBIT-compliant security management system, and it won’t help you become an ethical hacker or digital forensics investigator – there are many excellent books on the market that cover these subjects in detail. Instead, this is a practical book that offers years of real-world experience in helping you focus on the getting the job done. What You Will Learn Learn the practical aspects of being an effective information security manager Strike the right balance between cost and risk Take security policies and standards and make them work in reality Leverage complex security functions, such as Digital Forensics, Incident Response and Security Architecture Who This Book Is For“/div>divAnyone who wants to make a difference in offering effective security management for their business. You might already be a security manager seeking insight into areas of the job that you’ve not looked at before, or you might be a techie or risk guy wanting to switch into this challenging new career. Whatever your career goals are, Practical Security Management has something to offer you.

Updated annually to keep up with the increasingly fast pace of change in the field, the Information Security Management Handbook is the single most comprehensive and up-to-date resource on information security (IS) and assurance. Facilitating the up-to-date understanding required of all IS professionals, the Information Security Management Handbook