| | |  | | Home » Information Security Architecture: An Integrated Approach to Security in the Organization, Second Edition | | | | | | | Description: | | Information Security Architecture, Second Edition incorporates the knowledge developed during the past decade that has pushed the information security life cycle from infancy to a more mature, understandable, and manageable state. It simplifies security by providing clear and organized methods and by guiding you to the most effective resources available.
In addition to the components of a successful Information Security Architecture (ISA) detailed in the previous edition, this volume also discusses computer incident/emergency response. The book describes in detail every one of the eight ISA components. Each chapter provides an understanding of the component and details how it relates to the other components of the architecture. The text also outlines how to establish an effective plan to implement each piece of the ISA within an organization.
The second edition has been modified to provide security novices with a primer on general security methods. It has also been expanded to provide veteran security professionals with an understanding of issues related to recent legislation, information assurance, and the latest technologies, vulnerabilities, and responses. | | | Product Details: | | | Author:
| Jan Killmeyer | | Hardcover:
| 424 pages | | Publisher:
| Auerbach Publications | | Publication Date:
| January 13, 2006 | | Language:
| English | | ISBN:
| 0849315492 | | Product Width:
| 1.56 centimeters | | Product Height:
| 2.31 centimeters | | Product Weight:
| 0.02 pounds | | Package Length:
| 9.3 inches | | Package Width:
| 6.3 inches | | Package Height:
| 1.1 inches | | Package Weight:
| 1.35 pounds | | Average Customer Rating:
|  based on 9 reviews |
| | | | Customer Reviews: | |
Average Customer Review:
 ( 9 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
23 of 24 found the following review helpful:
 THOROUGH REFERENCE GUIDEMar 23, 2001
By Karen A. Patterson
"Author"
This was a great reference to start an Information Security Architecture project. There are many guidelines, procedures and forms that take the guess work out of the administration of such a project. The book is great at keeping you on track with your security objectives. I have found that it is so easy with such large projects to lose sight of the objectives. Security is not only technical assessments of the network and operating components but also a combination of management and administration of personnel, policies and procedures and continuous application of pressure to meeting the security requirements of an organization. This book provides excellent value for the price.
12 of 16 found the following review helpful:
Very InformativeMar 14, 2001
By Linda Frattaroli
I have worked with Jan with our security project & the company I work for has really benefited from the knowledge and expertise from Jan's book. In addition, we have used the structure she illustrates in "Information Security Architecture" for implementing our company's Security Project and it is well underway due to Jan's helpful contribution. I recommend this to anyone who will be working to lay the groundwork for Security purposes. This is a valuable piece of information - Great work Jan!
5 of 6 found the following review helpful:
 Book is a good foundation upon which to build a security architectureFeb 01, 2007
By Ben Rothke
"Author of 'Computer Security: 20 Things Every Employee Should Know'"
Architecture is the art and science of designing buildings and other structures. Using some creative license, it also encompasses the design of any entity, including information systems and their security components. But while no one would build a building without an architect, IT departments routinely design computer systems without considering the security architecture, instead believing that firewalls and other devices are quick and durable fixes.
Nothing could be further from the truth. In Information Security Architecture, author Jan Killmeyer Tudor shows that an effective and comprehensive information security infrastructure is best developed within the framework of an information security architecture (ISA), given today's distributed nature of client/server computing. In the past, when systems were closed and proprietary, security wasn't as compelling a need as it is in today's open systems.
The book covers important ISA issues such as the nature of the organization, policies and standards, baselines and risk assessment, awareness and training, compliance, and more. An underlying message is that these components must work in concert to form a cohesive ISA. Hardware and software are ineffective if they are not integrated into the ISA.
A dominant theme throughout is that implementing security technologies requires an understanding not only of the technologies' return on investment to the organization but also of the risks and vulnerabilities related to these technologies. This ISA methodology gives security professionals an excellent method for achieving just that.
Given how important policy is to an ISA, the book has several appendices that include policies, procedures, and work plans. These provide a fine foundation upon which to build a security architecture.
7 of 9 found the following review helpful:
A Realistic Approach to the Implementation of SecurityMar 01, 2001
By Bob Ondrejko
There is so much involved in implementing security effectively throughout an organization. Without detailed experience it is easy to get lost in the midst of it all. Jan Tudor's book provides an organized thought process to the tasks at hand when implementing security in an integrated approach. This book provides a good combination of management, administration and technical implementations to security. The checklists, templates and forms eliminate the need to start an ISA project from scratch. This book is highly recommended and practical if you are going to take on such a project.
12 of 17 found the following review helpful:
 Is there a lower rating available?Oct 26, 2004
By Phil McKrackin
"Phil"
As a Certified Information Systems Security Professional, I can definitively state that this book does not cover everything that needs to be covered or in any depth whatsoever. I got this book based on the glowing reviews I found here, and I'm at a loss as to why these reviews would have recommended it.
The most aggrevating part about this book is the subtitle "An Integrated Approach to Security in the Organization." The book not only lacks effective security integration techniques, it doesn't seem to address the entire organization where it tries its half-hearted integration.
See all 9 customer reviews on Amazon.com
| | |
|
