Copyright -- CONTENTS -- LIST OF FIGURES AND TABLES -- AUTHORS -- ACKNOWLEDGEMENTS -- ABBREVIATIONS -- PREFACE -- 1 INFORMATION SECURITY PRINCIPLES -- CONCEPTS AND DEFINITIONS -- THE NEED FOR, AND BENEFITS OF, INFORMATION SECURITY -- POINTERS FOR ACTIVITIES IN THIS CHAPTER -- 2 INFORMATION RISK -- THREATS TO, AND VULNERABILITIES OF, INFORMATION SYSTEMS -- RISK MANAGEMENT -- POINTERS FOR ACTIVITIES IN THIS CHAPTER -- 3 INFORMATION SECURITY FRAMEWORK -- ORGANISATIONS AND RESPONSIBILITIES -- ORGANISATIONAL POLICY, STANDARDS AND PROCEDURES -- INFORMATION SECURITY GOVERNANCE -- INFORMATION SECURITY IMPLEMENTATION -- SECURITY INCIDENT MANAGEMENT -- LEGAL FRAMEWORK -- SECURITY STANDARDS AND PROCEDURES -- POINTERS FOR ACTIVITIES IN THIS CHAPTER -- 4 PROCEDURAL AND PEOPLE SECURITY CONTROLS -- PEOPLE -- USER ACCESS CONTROLS -- TRAINING AND AWARENESS -- POINTERS FOR ACTIVITIES IN THIS CHAPTER -- 5 TECHNICAL SECURITY CONTROLS -- PROTECTION FROM MALICIOUS SOFTWARE -- NETWORKS AND COMMUNICATIONS -- EXTERNAL SERVICES -- CLOUD COMPUTING -- IT INFRASTRUCTURE -- POINTERS FOR ACTIVITIES IN THIS CHAPTER -- 6 SOFTWARE DEVELOPMENT AND LIFE CYCLE -- TESTING, AUDIT AND REVIEW -- SYSTEMS DEVELOPMENT AND SUPPORT -- POINTERS FOR ACTIVITIES IN THIS CHAPTER -- 7 PHYSICAL AND ENVIRONMENTAL SECURITY -- LEARNING OUTCOMES -- GENERAL CONTROLS -- PHYSICAL SECURITY -- TECHNICAL SECURITY -- PROCEDURAL SECURITY -- PROTECTION OF EQUIPMENT -- PROCESSES TO HANDLE INTRUDER ALERTS -- CLEAR SCREEN AND DESK POLICY -- MOVING PROPERTY ON AND OFF SITE -- PROCEDURES FOR SECURE DISPOSAL -- SECURITY REQUIREMENTS IN DELIVERY AND LOADING AREAS -- POINTERS FOR ACTIVITIES IN THIS CHAPTER -- 8 DISASTER RECOVERY AND BUSINESS CONTINUITY MANAGEMENT -- LEARNING OUTCOMES -- DR/BCP, RISK ASSESSMENT AND IMPACT ANALYSIS -- WRITING AND IMPLEMENTING PLANS -- DOCUMENTATION, MAINTENANCE AND TESTING.

LINKS TO MANAGED SERVICE PROVISION AND OUTSOURCING -- SECURE OFF-SITE STORAGE OF VITAL MATERIAL -- INVOLVEMENT OF PERSONNEL, SUPPLIERS AND IT SYSTEMS PROVIDERS -- SECURITY INCIDENT MANAGEMENT -- COMPLIANCE WITH STANDARDS -- POINTERS FOR THE ACTIVITY IN THIS CHAPTER -- 9 OTHER TECHNICAL ASPECTS -- INVESTIGATIONS AND FORENSICS -- ROLE OF CRYPTOGRAPHY -- POINTERS FOR THE ACTIVITY IN THIS CHAPTER -- APPENDIX A -- GLOSSARY -- INDEX -- Back Cover.