Sunday, February 15, 2009

Exploring Getting Started with Computing Concepts or Managing Information Security Risks

Exploring Getting Started with Computing Concepts

Author: Robert T Grauer

The Exploring series helps students master the How and Why of performing tasks in Office to gain a greater understanding of how to use the individual applications together to solve business problems. Exploring titles feature Perfect pages where every step of every hands-on exercise as well as every end-of-chapter problem begins on a new page and has its own screen shot to make it easier to follow. Each chapter contains Hands-on Exercises, Capstone Exercises, and Mini-Cases for practicing and reviewing skills acquired. 

Ideal for students and individuals seeking a comprehensive introduction to computer concepts for Microsoft Office 2007.



See also: The Leaders We Need or Presidential Humor

Managing Information Security Risks: The OCTAVE Approach

Author: Christopher J Alberts

Information security requires far more than the latest tool or technology. Organizations must understand exactly what they are trying to protect--and why--before selecting specific solutions. Security issues are complex and often are rooted in organizational and business concerns. A careful evaluation of security needs and risks in this broader context must precede any security implementation to insure that all the relevant, underlying problems are first uncovered.

The OCTAVE approach for self-directed security evaluations was developed at the influential CERT(R) Coordination Center. This approach is designed to help you:


  • Identify and rank key information assets
  • Weigh threats to those assets
  • Analyze vulnerabilities involving both technology and practices

OCTAVE(SM) enables any organization to develop security priorities based on the organization's particular business concerns. The approach provides a coherent framework for aligning security actions with overall objectives.

Managing Information Security Risks, written by the developers of OCTAVE, is the complete and authoritative guide to its principles and implementations. The book:

  • Provides a systematic way to evaluate and manage information security risks
  • Illustrates the implementation of self-directed evaluations
  • Shows how to tailor evaluation methods to different types of organizations

Special features of the book include:

  • A running example to illustrate important concepts and techniques
  • A convenient set of evaluation worksheets
  • A catalog of best practices to which organizations can comparetheir own



0321118863B05172002

Booknews

Written for people who manage information security risks for their organizations, this book details a security risk evaluation approach called "OCTAVE." The book provides a framework for systematically evaluating and managing security risks, illustrates the implementation of self-directed evaluations, and shows how to tailor evaluation methods to the needs of specific organizations. A running example illustrates key concepts and techniques. Evaluation worksheets and a catalog of best practices are included. The authors are on the technical staff of the Software Engineering Institute. Annotation c. Book News, Inc., Portland, OR



Table of Contents:
List of Figures
List of Tables
Preface
Acknowledgments
Pt. IIntroduction1
Ch. 1Managing Information Security Risks3
Ch. 2Principles and Attributes of Information Security Risk Evaluations17
Pt. IIThe OCTAVE Method41
Ch. 3Introduction to the OCTAVE Method43
Ch. 4Preparing for OCTAVE59
Ch. 5Identifying Organizational Knowledge (Processes 1 to 3)81
Ch. 6Creating Threat Profiles (Process 4)109
Ch. 7Identifying Key Components (Process 5)137
Ch. 8Evaluating Selected Components (Process 6)157
Ch. 9Conducting the Risk Analysis (Process 7)169
Ch. 10Developing a Protection Strategy - Workshop A (Process 8A)191
Ch. 11Developing a Protection Strategy - Workshop B (Process 8B)227
Pt. IIIVariations on the OCTAVE Approach239
Ch. 12An Introduction to Tailoring OCTAVE241
Ch. 13Practical Applications255
Ch. 14Information Security Risk Management275
Glossary293
Bibliography301
App. ACase Scenario for the OCTAVE Method311
App. B: Worksheets363
App. C: Catalog of Practices443
About the Authors457
Index461

No comments:

Post a Comment