cart

Members

Join Login

Membership and collaboration facilitated by Member 365.

Members

Join Login

Membership and collaboration facilitated by Member 365.

Industry News

  • News
  • The Complete Guide to Cybersecurity Risks and Controls

The Complete Guide to Cybersecurity Risks and Controls

Discusses a formally defined and implemented infrastructure of best practices aimed specifically at optimizing the coordination and control of the security function.

publication

Authors

Anne Kohnke, Dan Shoemaker, Ken E. Sigler

Features

  • Presents the concepts of ICT audit and control
  • Shows how to create a verifiable audit-based control structure that will ensure comprehensive security for systems and data
  • Explains how to establish systematic control and reporting procedures within a standard organizational framework and build auditable trust into the security of ICT operations
  • Defines a complete and correct set of control objectives along with monitoring and reporting systems
  • Discusses a formally defined and implemented infrastructure of best practices aimed specifically at optimizing the coordination and control of the security function

Summary

The Complete Guide to Cybersecurity Risks and Controls presents the fundamental concepts of information and communication technology (ICT) governance and control. In this book, you will learn how to create a working, practical control structure that will ensure the ongoing, day-to-day trustworthiness of ICT systems and data. The book explains how to establish systematic control functions and timely reporting procedures within a standard organizational framework and how to build auditable trust into the routine assurance of ICT operations.

The book is based on the belief that ICT operation is a strategic governance issue rather than a technical concern. With the exponential growth of security breaches and the increasing dependency on external business partners to achieve organizational success, the effective use of ICT governance and enterprise-wide frameworks to guide the implementation of integrated security controls are critical in order to mitigate data theft. Surprisingly, many organizations do not have formal processes or policies to protect their assets from internal or external threats.

The ICT governance and control process establishes a complete and correct set of managerial and technical control behaviors that ensures reliable monitoring and control of ICT operations. The body of knowledge for doing that is explained in this text. This body of knowledge process applies to all operational aspects of ICT responsibilities ranging from upper management policy making and planning, all the way down to basic technology operation.



The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.


giving

Save money and support the Colloquium for Information Systems Security Education.


Recent Posts