Enterprise Information Security
Information Security for Non-Technical Decision Makers

By Peter Gregory
Financial Times / Pearson Education
December 2003
ISBN: 0-273-66157-4
167 Pages, Illustrated, 8 ¼" x 11 ¾"
$199.50 paper original

Information security has existed as a formal discipline since the mainframe era. Infosec, as it is sometimes called, has evolved over time and has spawned a number of formal methodologies. Universities and corporate research and development have developed several security models that have been used as a design basis for access control and trust mechanisms.

Written in user-friendly terms, but using a vocabulary that security practitioners also understand, this briefing will enable the reader to get to grips with security issues so they can make informed decisions on threats and risks facing their business.

Contents include: Security is on center stage, Threats and Vulnerabilities, Security Fundamentals - The Principles and the Mechanisms Behind Them, Security Policies and Requirements - Defining the Standard of Architecture and Behavior, Security is About People's Behavior, Protecting Corporate Information Beyond the Corporate Boundaries, Privacy, Action Items.

List of tables List of figures Executive summary Introduction Security is on center stage The priority of information security Impact of 2001 events Proliferation of extranets Insiders the real threat Unprecedented dependence on information technology Summary Threats and vulnerabilities Introduction Threats Vulnerabilities Summary Security fundamentals – the principles and the mechanisms behind them Introduction Identification and authentication Authenticating other systems Authorization Access control Encryption Non-repudiation Integrity Audit Availability Security mechanisms work together Summary Security policies and requirements – defining the standard of architecture and behaviour Introduction What are information security policies? Who writes security policies? Audience Policy development Awareness Enforcement and effectiveness Summary Security is about people’s behaviour Introduction Technology is not the solution The ‘people threat’ Mitigating the threat Trust Summary Protecting corporate information beyond the corporate boundaries Introduction The new world Regaining control Summary Privacy Introduction What is personal information? It’s all about trust Privacy policy How security supports privacy Privacy certifications Summary Action items Most important and urgent action items (Quadrant I) Most important but less urgent action items (Quadrant II) Important and urgent action items (Quadrant III) Important and less urgent action items (Quadrant IV) Epilogue References/sources for additional information

Return to the Businesss Titles Home Page