MARC details
000 -LEADER |
fixed length control field |
08030cam a2200445 i 4500 |
003 - CONTROL NUMBER IDENTIFIER |
control field |
CUTN |
005 - DATE AND TIME OF LATEST TRANSACTION |
control field |
20231202113058.0 |
008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION |
fixed length control field |
150626s2015 enk 001 0 eng |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
International Standard Book Number |
9780749474058 (paperback) |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
Cancelled/invalid ISBN |
9780749474065 (e) |
041 ## - LANGUAGE CODE |
Language |
English |
042 ## - AUTHENTICATION CODE |
Authentication code |
pcc |
082 00 - DEWEY DECIMAL CLASSIFICATION NUMBER |
Classification number |
005.8 |
Edition number |
23 |
Item number |
CAL |
084 ## - OTHER CLASSIFICATION NUMBER |
Classification number |
BUS083000 |
-- |
COM053000 |
-- |
COM032000 |
-- |
BUS033070 |
Source of number |
bisacsh |
100 1# - MAIN ENTRY--PERSONAL NAME |
Personal name |
Calder, Alan, |
245 10 - TITLE STATEMENT |
Title |
IT governance : |
Remainder of title |
an international guide to data security and ISO27001/ISO27002 / |
Statement of responsibility, etc |
Alan Calder and Steve Watkins. |
250 ## - EDITION STATEMENT |
Edition statement |
Sixth edition. |
300 ## - PHYSICAL DESCRIPTION |
Extent |
x, 348 pages ; |
Dimensions |
25 cm |
500 ## - GENERAL NOTE |
General note |
Includes index, |
505 8# - FORMATTED CONTENTS NOTE |
Contents |
Machine generated contents note: Introduction01 Why is information security necessary? -- The nature of information security threats -- Information insecurity -- Impacts of information security threats -- Cybercrime -- Cyberwar -- Advanced persistent threat -- Future risks -- Legislation -- Benefits of an information security management system02 The UK Combined Code, the FRC Risk Guidance and Sarbanes-Oxley -- The Combined Code -- The Turnbull Report -- The Corporate Governance Code -- Sarbanes-Oxley -- Enterprise risk management -- Regulatory compliance -- IT governance03 ISO27001 -- Benefits of certification -- The history of ISO27001 and ISO27002 -- The ISO/IEC 27000 series of standards -- Use of the standard -- ISO/IEC 27002 -- The Plan-Do-Check-Act and process approach -- Structured approach to implementation -- Management system integration -- Documentation -- Continual improvement and metrics04 Organizing information security -- Internal organization -- Management review -- The information security manager -- The cross-functional management forum -- The ISO27001 project group -- Specialist information security advice -- Segregation of Duties -- Contact with special interest groups -- Contact with authorities -- Information security in project management -- Independent review of information security -- Summary05 Information security policy and scope -- Context of the Organization -- Information security policy -- A policy statement -- Costs and the monitoring of progress06 The risk assessment and Statement of Applicability -- Establishing security requirements -- Risks, impacts and risk management -- Cyber Essentials -- Selection of controls and Statement of Applicability -- Gap analysis -- Risk assessment tools -- Risk treatment plan -- Measures of effectiveness07 Mobile devices -- Mobile devices and teleworking -- Teleworking08 Human resources security -- Job descriptions and competency requirements -- Screening -- Terms and conditions of employment -- During employment -- Disciplinary process -- Termination or change of employment09 Asset management -- Asset owners -- Inventory -- Acceptable use of assets -- Information classification -- Unified classification markings -- Government classification markings -- Information lifecycle -- Information labelling and handling -- Non-disclosure agreements and trusted partners10 Media handling -- Physical media in transit11 Access control -- Hackers -- Hacker techniques -- System configuration -- Access control policy -- Network Access Control12 User access management -- User access provisioning13 System and application access control -- Secure log-on procedures -- Password management system -- Use of privileged utility programs -- Access control to program source code14 Cryptography -- Encryption -- Public key infrastructure -- Digital signatures -- Non-repudiation services -- Key management -- 15 Physical and environmental security -- Secure areas -- Delivery and loading areas16 Equipment security -- Equipment siting and protection -- Supporting utilities -- Cabling security -- Equipment maintenance -- Removal of assets -- Security of equipment and assets off-premises -- Secure disposal or reuse of equipment -- Clear desk and clear screen policy17 Operations security -- Documented operating procedures -- Change management -- Separation of development, testing and operational environments -- Back-up18 Controls against malicious software (malware) -- Viruses, worms, Trojans and rootkits -- Spyware -- Anti-malware software -- Hoax messages and Ransomware -- Phishing and pharming -- Anti-malware controls -- Airborne viruses -- Technical vulnerability management19 Communications management -- Network security management20 Exchanges of information -- Information transfer policies and procedures -- Agreements on information transfers -- E-MAIL and Social Media -- Security risks in e-mail -- Spam -- Misuse of the internet -- Internet acceptable use policy -- Social media21 System acquisition, development and maintenance -- Security requirements analysis and specification -- Securing application services on public networks -- E-commerce issues -- Security technologies -- Server security -- Server virtualization -- Protecting application services transactions22 Development and support processes -- Secure Development policy -- Secure systems engineering principles -- Secure development environment -- Security and acceptance testing23 Supplier relationships -- Information security policy for supplier relationships -- Addressing security within supplier agreements -- ICT Supply Chain -- Monitoring and review of supplier services -- Managing changes to supplier services24 Monitoring and information security incident management -- Logging and monitoring -- Information security events & improvements -- Incident management - responsibilities and procedures -- Reporting information security events -- Reporting software malfunctions -- Assessment of and decision on information security events -- Response to information security incidents -- Legal admissibility25 Business and information security continuity management -- ISO22301 -- The business continuity management process -- Business continuity and risk assessment -- Developing and implementing continuity plans -- Business continuity planning framework -- Testing, maintaining and reassessing business continuity plans -- Information security continuity26 Compliance -- Identification of applicable legislation -- Intellectual property rights -- Protection of organizational records -- Privacy and protection of personally identifiable information -- Regulation of cryptographic controls -- Compliance with security policies and standards27 The ISO27001 audit -- Selection of auditors -- Initial audit -- Preparation for audit -- TerminologyAppendix 1: Useful websites -- Appendix 2: Further reading -- Index. |
520 ## - SUMMARY, ETC. |
Summary, etc |
"Faced with constant and fast-evolving threats to information security and with a growing exposure to cyber risk, managers at all levels and in organizations of all sizes need a robust IT governance system. Now in its sixth edition, the bestselling IT Governance provides best-practice guidance for companies looking to protect and enhance their information security management systems and protect themselves against cyber threats. IT Governance has been fully updated to take account of current cyber security and advanced persistent threats and reflects the latest regulatory and technological developments, including the 2013 updates to ISO27001/ISO27002. Changes for this edition include: |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
Topical term or geographic name as entry element |
Computer security. |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
Topical term or geographic name as entry element |
Data protection. |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
Topical term or geographic name as entry element |
Business enterprises |
650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
Topical term or geographic name as entry element |
BUSINESS & ECONOMICS / Information Management. |
650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
Topical term or geographic name as entry element |
COMPUTERS / Security / General. |
650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
Topical term or geographic name as entry element |
COMPUTERS / Information Technology. |
650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
Topical term or geographic name as entry element |
BUSINESS & ECONOMICS / Insurance / Risk Assessment & Management. |
700 1# - ADDED ENTRY--PERSONAL NAME |
Personal name |
Watkins, Steve, |
942 ## - ADDED ENTRY ELEMENTS (KOHA) |
Source of classification or shelving scheme |
Dewey Decimal Classification |
Koha item type |
General Books |
100 1# - MAIN ENTRY--PERSONAL NAME |
Dates associated with a name |
1957- |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
General subdivision |
Computer networks |
-- |
Security measures. |
650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
Source of heading or term |
bisacsh |
9 (RLIN) |
4 |
650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
Source of heading or term |
bisacsh |
9 (RLIN) |
4 |
650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
Source of heading or term |
bisacsh |
9 (RLIN) |
4 |
650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM |
Source of heading or term |
bisacsh |
9 (RLIN) |
4 |
700 1# - ADDED ENTRY--PERSONAL NAME |
Dates associated with a name |
1970- |
906 ## - LOCAL DATA ELEMENT F, LDF (RLIN) |
a |
7 |
b |
cbc |
c |
orignew |
d |
1 |
e |
ecip |
f |
20 |
g |
y-gencatlg |