The Information Systems Security Officer's Guide
eBook - ePub

The Information Systems Security Officer's Guide

Establishing and Managing a Cyber Security Program

Gerald L. Kovacich

  1. 360 pages
  2. English
  3. ePUB (adapté aux mobiles)
  4. Disponible sur iOS et Android
eBook - ePub

The Information Systems Security Officer's Guide

Establishing and Managing a Cyber Security Program

Gerald L. Kovacich

DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations

À propos de ce livre

The Information Systems Security Officer's Guide: Establishing and Managing a Cyber Security Program, Third Edition, provides users with information on how to combat the ever-changing myriad of threats security professionals face. This entirely updated edition presents practical advice on establishing, managing, and evaluating a successful information protection program in a corporation or government agency, covering everything from effective communication to career guidance for the information security officer.

The book outlines how to implement a new plan or evaluate an existing one, and is especially targeted to those who are new to the topic. It is the definitive resource for learning the key characteristics of an effective information systems security officer (ISSO), and paints a comprehensive portrait of an ISSO's duties, their challenges, and working environments, from handling new technologies and threats, to performing information security duties in a national security environment.

  • Provides updated chapters that reflect the latest technological changes and advances in countering the latest information security threats and risks and how they relate to corporate security and crime investigation
  • Includes new topics, such as forensics labs and information warfare, as well as how to liaison with attorneys, law enforcement, and other agencies others outside the organization
  • Written in an accessible, easy-to-read style

Foire aux questions

Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via l’application. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă  la bibliothĂšque et Ă  toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode d’abonnement : avec l’abonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă  12 mois d’abonnement mensuel.
Qu’est-ce que Perlego ?
Nous sommes un service d’abonnement Ă  des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă  toute une bibliothĂšque pour un prix infĂ©rieur Ă  celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte Ă  haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que The Information Systems Security Officer's Guide est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă  The Information Systems Security Officer's Guide par Gerald L. Kovacich en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Negocios y empresa et GestiĂłn de la informaciĂłn. Nous disposons de plus d’un million d’ouvrages Ă  dĂ©couvrir dans notre catalogue.

Informations

Année
2016
ISBN
9780128023792
Section II
The Duties and Responsibilities of a Cyber Security Officer

Introduction

Section I provided a basic understanding of the external world, with all its many threats to information and information systems—all of which have a direct bearing on the cyber security officer and his or her job. Section II provides a more internal, business focus on the world of the cyber security officer.
Section II begins with the identification of the position, duties, and responsibilities of the corporation cyber security officer. It progresses through a discussion of:
‱ establishing and managing a cyber security program;
‱ strategic, tactical, and annual plans;
‱ developing and managing a cyber security organization and its functions;
‱ measuring cyber security costs, failures, and successes through metrics management;
‱ supporting the investigative staff; and
‱ an overview of the cyber security program in a nation-state’s national security environment.
Chapter 6

The Cyber Security Officer’s Position, Duties, and Responsibilities

Abstract

The objective of this chapter is to define the role that the cyber security officer will play in a corporation or government agency. In this case, it is the role of the cyber security officer in an international corporation. The duties and responsibilities of a cyber security officer vary depending on the place of employment. However, in this case, we are assuming the cyber security officer has the perfect position because it is one all cyber security officers should strive to attain in order to “do it right the first time.”

Keywords

Cellular phones; Cyber security officer; Management blank check; Mission statements; Project management; Quality statements; Risk management; Vision statements
Responsible, who wants to be responsible? Whenever something bad happens, it’s always, who’s responsible for this?
Jerry Seinfeld1
Chapter Objective
The objective of this chapter is to define the role that the cyber security officer will play in a corporation or government agency. In this case, it is the role of the cyber security officer in an international corporation. The duties and responsibilities of a cyber security officer vary depending on the place of employment. However, in this case, we are assuming the cyber security officer has the perfect position because it is one all cyber security officers should strive to attain in order to “do it right the first time.”

Introduction

The role of the cyber security officer is more demanding now than ever before, owing to advances in technology, especially in miniaturization and mobility; more national and global network interfaces to his or her corporation; and more sophisticated attacks. The challenges have never been greater but they will be over time.

Where It Began and Its Evolution and Revolution

We began with only physical security, as after all, the ENIAC and other computers did not connect to the world. A guard, a paper-authorized personnel access list, an alarm, and such were all that were needed in those early days. But as the computer evolved over time, so did the profession of the cyber security officer.
The security profession at that time was primarily made up of retired or former law enforcement or military personnel, who had no interest in computer security. They knew physical security, investigations, and personnel security. This new thing called a computer was best left to the computer scientists and engineers.
As systems evolved, so did the departments responsible for their support. Departments that were once engineering departments perhaps became information resource management departments and later became known as information technology (IT) departments. The protection of this new technology stayed with the IT people. However, the computer security positions within the IT departments also evolved.
As the microprocessor and its related technology developed, the once-separated telecommunications and computer staffs began their integration. Consequently, the “computer security” profession began to also consider the protection of information as it flowed through telecommunications links. As the Internet evolved, the need for protecting information as it was displayed, such as on Web sites, also became an important task for those responsible for protecting the hardware, software, and firmware.
Information and related systems are some of a business’s most valuable assets, one can argue, second only to the employees. In fact, although no one in management within a business would ever prioritize assets to place information and systems above the employees—at least not publicly—people can always be replaced, and replaced at less cost and adverse impact to the business, than trade secrets and information networks. However, that will probably remain an unspoken issue because of the sensitive nature of valuing machines over humans.
When we think about it, though, information really is business’s No. 1 asset. After all, employees can be terminated, even replaced by computers, and the business survives. In fact, profits may even increase because of lower labor costs. However, eliminate an intranet or national or global information infrastructure connection and the business could be lost.
Today, the cyber security officer position is generally still part of the IT department’s function. Now, the cyber security officer is responsible for the protection of information and the systems that store, process, transmit, and display that information. The cyber security officer profession has matured into a separate profession, and in most large-to-medium companies, it is more than a part-time job or additional responsibility these days. In smaller businesses it remains mostly a part-time job or is outsourced with other security-related functions.
Information systems of various types, such as cellular phones, notebook computers, personal digital assistants, and fax machines, are all used to process, store, transmit, and display information. These devices are becoming more and more integrated into one device. Couple this phenomenon with the hard copies being produced, and one finds that information may be protected on an intranet but leaked through a cellular phone or printed on paper and then taken out of the business’s facilities.
Case Study
Cellular phones are becoming smaller and smaller. Digital cameras are also being installed into these cellular phones. Since management wants their employees to have the latest high-technology devices that help support the business in the most efficient and effective way possible, employees are issued cellular phones. The cellular phones with digital cameras integrated into them allow employees to digitally send photographs as part of their business communications processes. It also provides the opportunity for the employee to photograph sensitive documents, facilities, and such and send the photos directly to unauthorized sources. Thus, there is now another method of performing “Netspionage” (network-enabled espionage). As a cyber security officer, do you have policies, etc., in place to mitigate this new threat?
The cyber security officer position must evolve to be responsible not only for protecting information and systems related to, or the responsibility of, the IT department, but also for protecting all of the business’s information assets. It is ridiculous to have the business security professional responsible f...

Table des matiĂšres

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. About the Author
  7. Preface
  8. Acknowledgments
  9. Introduction
  10. Section I. The Working Environment of the Cyber Security Officer
  11. Section II. The Duties and Responsibilities of a Cyber Security Officer
  12. Section III. The Global, Professional, and Personal Challenges of a Cyber Security Officer
  13. Index
Normes de citation pour The Information Systems Security Officer's Guide

APA 6 Citation

Kovacich, G. (2016). The Information Systems Security Officer’s Guide (3rd ed.). Elsevier Science. Retrieved from https://www.perlego.com/book/1832682/the-information-systems-security-officers-guide-establishing-and-managing-a-cyber-security-program-pdf (Original work published 2016)

Chicago Citation

Kovacich, Gerald. (2016) 2016. The Information Systems Security Officer’s Guide. 3rd ed. Elsevier Science. https://www.perlego.com/book/1832682/the-information-systems-security-officers-guide-establishing-and-managing-a-cyber-security-program-pdf.

Harvard Citation

Kovacich, G. (2016) The Information Systems Security Officer’s Guide. 3rd edn. Elsevier Science. Available at: https://www.perlego.com/book/1832682/the-information-systems-security-officers-guide-establishing-and-managing-a-cyber-security-program-pdf (Accessed: 15 October 2022).

MLA 7 Citation

Kovacich, Gerald. The Information Systems Security Officer’s Guide. 3rd ed. Elsevier Science, 2016. Web. 15 Oct. 2022.