IT Governance

"Written for managers, this addresses how they should comply with best practice on the security, confidentiality and integrity of data stored on IT systems." - "The Times". "Should be read by every computer professional with responsibility for security." - "IMIS Journal". The development of IT governance - which recognizes the convergence between business and IT management - makes it essential for managers at all levels and in organizations of all sizes to understand how best to deal with information security risks. Also, the Turnbull report on company risk management (alongside laws and regulations throughout the OECD) gives company directors a legal responsibility to act on computer and information security. Containing the latest revisions to BS7799 and ISO17799, this book guides business managers through the issues involved in achieving ISO certification in Information Security Management and covers all aspects of data security. "Focuses primarily on the strategic and operational aspects of information security, guiding the businessperson through the process of implementing internationally recognized best practice in information security." Journal of Economic Literature "Written for managers, this addresses how they should comply with best practice on the security, confidentiality and integrity of data stored on IT systems." The Times "Should be read by every computer professional with responsibility for security." IMIS JournalWhy is information security necessary? The Combined Code and the Turnbull Report. BS7799. Information security management. Information security policy and scope. The risk assessment and statement applicability. Security of third party access and outsourcing. Asset classification and control. Personnel security. Physical and environmental security. Equipment security. General security controls. Communications and operations management. Controls against malicious software. Housekeeping, network management and media handling. Exchanges of information and software. E-mail and Internet use. Access control. Network access control. Operating system access control. Application access control. Mobile computing and teleworking. Systems development and maintenance. Cryptographic controls. Security in development and support process. Business continuity management. Compliance. The BS7799 audit.