The Complete Guide to Cybersecurity Risks and Controls
$117.95
The Complete Guide to Cybersecurity Risks and Controls
presents the fundamental concepts of information and communication
technology (ICT) governance and control. In this book, you will learn
how to create a working, practical control structure that will ensure
the ongoing, day-to-day trustworthiness of ICT systems and data. The
book explains how to establish systematic control functions and timely
reporting procedures within a standard organizational framework and how
to build auditable trust into the routine assurance of ICT operations.
The book is based on the belief that ICT operation is a strategic
governance issue rather than a technical concern. With the exponential
growth of security breaches and the increasing dependency on external
business partners to achieve organizational success, the effective use
of ICT governance and enterprise-wide frameworks to guide the
implementation of integrated security controls are critical in order to
mitigate data theft. Surprisingly, many organizations do not have formal
processes or policies to protect their assets from internal or external
threats.
The ICT governance and control process establishes a complete and
correct set of managerial and technical control behaviors that ensures
reliable monitoring and control of ICT operations. The body of knowledge
for doing that is explained in this text. This body of knowledge
process applies to all operational aspects of ICT responsibilities
ranging from upper management policy making and planning, all the way
down to basic technology operation.
Features:
* Presents the concepts of ICT audit and control
* Shows how to create a verifiable audit-based control structure that will ensure comprehensive security for systems and data
* Explains how to establish systematic control and reporting procedures within a standard organizational framework and build auditable trust into the security of ICT operations
* Defines a complete and correct set of control objectives along with monitoring and reporting systems
* Discusses a formally defined and implemented infrastructure of best practices aimed specifically at optimizing the coordination and control of the security function
