Publisher's Synopsis
This book demonstrates how information security requires a deep understanding of an organization's assets, threats, and processes, combined with security measures that can best protect organizational security. It provides step-by-step guidance on how to analyze business processes from a security perspective, while also introducing international accepted security concepts and techniques with their requirements designing security technologies and strategies. Hence, this interdisciplinary book is intended for business and technology audiences as a professional book.
Organizations must first understand the threats that an organization may be prone to, including different types of security attacks, social engineering, and fraud incidents, as well as addressing applicable regulation standards. This international edition covers International Data Security Standards, American security regulation, and European General Data Protection Regulation (GDPR). Developing a security risk profile helps to estimate the potential costs that an organization may be prone to, including how much should be spent on security controls. Security planning must include designing information security, as well as network and physical security, incident response and metrics. Business continuity considers how a business responds to the loss of IT service. Optional areas that may be applicable include data privacy, cloud security, zero trust, secure software requirements and lifecycle, security by design and default, and artificial intelligence in security.
This professional book targets practitioners in business, IT, security, software development or security risk as well as advanced-level computer science students. This book enables computer science, information technology, or business students to implement a case study or a best practice example for an application domain of their choosing.
