Atnaujinkite slapukų nuostatas

El. knyga: IT Governance and Information Security: Guides, Standards, and Frameworks [Taylor & Francis e-book]

(Charles Darwin University, Australia), , ,
  • Formatas: 322 pages, 47 Tables, black and white; 52 Line drawings, black and white; 4 Halftones, black and white; 56 Illustrations, black and white
  • Serija: Advances in Cybersecurity Management
  • Išleidimo metai: 21-Dec-2021
  • Leidėjas: CRC Press
  • ISBN-13: 9781003161998
Kitos knygos pagal šią temą:
  • Taylor & Francis e-book
  • Kaina: 92,31 €*
  • * this price gives unlimited concurrent access for unlimited time
  • Standartinė kaina: 131,88 €
  • Sutaupote 30%
IT Governance and Information Security: Guides, Standards, and FrameworksDidesnis paveikslėlis
  • Formatas: 322 pages, 47 Tables, black and white; 52 Line drawings, black and white; 4 Halftones, black and white; 56 Illustrations, black and white
  • Serija: Advances in Cybersecurity Management
  • Išleidimo metai: 21-Dec-2021
  • Leidėjas: CRC Press
  • ISBN-13: 9781003161998
Kitos knygos pagal šią temą:
Taylor & Francis e-booksMore info about Taylor & Francis e-books
Partnerių interneto svetainė: https://www.taylorfrancis.com/books/9781003161998
IT governance seems to be one of the best strategies to optimize IT assets in an economic context dominated by information, innovation, and the race for performance. The multiplication of internal and external data and increased digital management, collaboration, and sharing platforms exposes organizations to ever-growing risks. Understanding the threats, assessing the risks, adapting the organization, selecting and implementing the appropriate controls, and implementing a management system are the activities required to establish proactive security governance that will provide management and customers the assurance of an effective mechanism to manage risks.

IT Governance and Information Security: Guides, Standards, and Frameworks is a fundamental resource to discover IT governance and information security. This book focuses on the guides, standards, and maturity frameworks for adopting an efficient IT governance and information security strategy in the organization. It describes numerous case studies from an international perspective and brings together industry standards and research from scientific databases. In this way, this book clearly illustrates the issues, problems, and trends related to the topic while promoting the international perspectives of readers.

This book offers comprehensive coverage of the essential topics, including:















IT governance guides and practices;





IT service management as a key pillar for IT governance;





Cloud computing as a key pillar for Agile IT governance;





Information security governance and maturity frameworks.





In this new book, the authors share their experience to help you navigate todays dangerous information security terrain and take proactive steps to measure your companys IT governance and information security maturity and prepare your organization to survive, thrive, and keep your data safe. It aspires to provide a relevant reference for executive managers, CISOs, cybersecurity professionals, engineers, and researchers interested in exploring and implementing efficient IT governance and information security strategies.
Preface xv
About the Authors xvii
Introduction 1(6)
Book Topic
1(2)
Book Overview
3(1)
Book Objectives
3(1)
The Book's Organization
4(1)
Section 1: IT Governance: Definitions and Standards
4(1)
Section 2: Maturity Frameworks for Information Technology Governance
5(1)
Section 3: Maturity Frameworks for Information Security Governance
5(2)
Section 1 IT Governance: Definitions and Standards 7(78)
1 Information System and IT Governance Evolution
9(36)
1.1 Introduction
9(25)
1.1.1 Information System Definition and Objective
11(1)
1.1.2 Information System Concept
12(3)
1.1.3 Concepts of Enterprise Application
15(1)
1.1.4 Features of Enterprise Applications
16(1)
1.1.5 Autonomy
16(1)
1.1.6 Distribution
17(1)
1.1.7 Heterogeneity
17(1)
1.1.8 Dynamism
17(1)
1.1.9 EIS and Company Strategy
18(2)
1.1.10 Enterprise Information Systems Complexity
20(1)
1.1.11 Complexity Factors
20(1)
1.1.12 Evolution of EIS's
21(1)
1.1.13 IT Governance
22(4)
1.1.14 Urbanization
26(3)
1.1.14.1 The Metaphor of the City
26(2)
1.1.14.2 The Urbanization of Information System
28(1)
1.1.15 Flexibility
29(1)
1.1.16 Agility
30(16)
1.1.16.1 IS Organizational Design
30(2)
1.1.16.2 Competencies and Skills of IS Professionals
32(1)
1.1.16.3 IS Development
33(1)
1.1.16.4 Design of IT Infrastructure
33(1)
1.2 Summary
34(11)
2 IT Governance and Information Security: Guides and Standards
45(40)
2.1 Introduction
45(1)
2.2 Research Methodology
46(11)
2.2.1 The Word of the IT Governance Subject
49(3)
2.2.2 The Word of IT Governance Usage
52(1)
2.2.3 The Word of the IT Governance System
53(2)
2.2.4 The Word of IT Governance Development
55(2)
2.3 IT Governance Standards
57(17)
2.3.1 COBIT
61(4)
2.3.2 LIBRARY (ITIL)
65(1)
2.3.3 Structure of ITIL v4
66(2)
2.3.4 CMMI
68(2)
2.3.4.1 Level 1: Initial
69(1)
2.3.4.2 Level 2: Managed
69(1)
2.3.4.3 Level 3: Defined
69(1)
2.3.4.4 Level 4: Quantitatively Managed
70(1)
2.3.4.5 Level 5: Optimizing
70(1)
2.3.5 Committee of Sponsoring Organizations of the Treadway Commission (COSO)
70(2)
2.3.6 PMBOOK
72(1)
2.3.7 ISO/IEC 27001: 2005 (Revised by ISO/IEC 27001: 2013)
72(2)
2.4 ISO/IEC 27002: 2005 (Revised by ISO/IEC 27002: 2013)
74(1)
2.5 ISO/IEC 27002: 2005 (Revised by ISO/IEC 27002: 2021)
74(5)
2.5.1 NIST
75(1)
2.5.2 Core Framework
75(1)
2.5.3 Implementation Tiers
76(1)
2.5.4 Framework Profile
76(1)
2.5.5 Comparison and Analysis
76(3)
2.6 Summary
79(6)
Section 2 Maturity Frameworks for Information Technology Governance 85(102)
3 IT Governance in Organizations: A Maturity Framework Based on COBIT 5
87(42)
3.1 Introduction
87(2)
3.2 Background and Literature Review
89(2)
3.3 Theoretical Framework
91(5)
3.4 Research Methodology
96(2)
3.5 Exploring IT Governance in MENA Medium and Large Organizations
98(3)
3.5.1 Data Collection
99(1)
3.5.2 Data Analysis
100(1)
3.6 Results
101(4)
3.7 Case Study
105(18)
3.7.1 Data Collection
111(3)
3.7.2 Data Analysis
114(1)
3.7.3 Assessing Capability Maturity
114(2)
3.7.4 Capability Level Analysis
116(1)
3.7.5 Maturity Level Analysis
116(1)
3.7.6 Goals Cascade
117(2)
3.7.7 Discussion
119(4)
3.8 Summary
123(6)
4 IT Service Management as a Key Pillar for IT Governance: A Maturity Framework Based on ITILv4
129(28)
4.1 Introduction
129(2)
4.2 Related Research
131(2)
4.2.1 Agility in Literature
132(1)
4.3 The Proposed ITSM/ITAM Framework
133(14)
4.3.1 IT Service Management (ITSM)
135(2)
4.3.2 IT Asset Management (ITAM)
137(1)
4.3.3 IT Security Management
138(1)
4.3.4 Agility Management
139(6)
4.3.5 The Proposed Agile ITSM/ITAM Framework
145(2)
4.4 Use Case
147(7)
4.4.1 Discover
147(1)
4.4.2 ITSM Audit Score
147(1)
4.4.3 ITAM Audit Result
147(1)
4.4.4 IT Security Audit Result
148(1)
4.4.5 Do
149(3)
4.4.5.1 The Practical Framework to Enhance ITSM/ITAM Efficiency
149(3)
4.4.6 Act
152(1)
4.4.7 Benefits of the Proposed Agile ITSM/ITAM after Implementation in the Organization
153(1)
4.5 Summary
154(3)
5 Cloud Computing as a Key Pillar for Agile IT Governance
157(30)
5.1 Introduction
157(1)
5.2 Literature Review
158(1)
5.3 Theoretical Foundation
159(2)
5.4 Combining DOI and TOE
161(2)
5.5 Research Model and Hypotheses
163(1)
5.6 The Innovation Characteristics
163(3)
5.7 Technological Readiness
166(1)
5.8 The Organization Context
166(1)
5.9 The Environmental Context
167(1)
5.10 Research Methodology
167(1)
5.10.1 Quantitative Methodology
167(1)
5.10.2 Measurement Model
168(1)
5.11 Data Collection
168(1)
5.12 Results
169(4)
5.13 Finding
173(1)
5.14 Organizational Context
174(1)
5.15 Environmental Context
174(1)
5.16 Discussion and Interpretations
174(1)
5.17 The Proposed Cloud Governance Framework
175(1)
5.18 Policies and Principles
175(2)
5.19 Organization
177(2)
5.20 Financials
179(1)
5.21 Process
180(2)
5.22 Summary
182(5)
Section 3 Maturity Frameworks for Information Security Governance 187(106)
6 Information Security Governance: Best Practices in Organizations
189(26)
6.1 Introduction
189(1)
6.2 Literature Review and Background
190(2)
6.3 Research Methodology
192(5)
6.3.1 Data Collection
192(2)
6.3.2 Demography Characteristics
194(1)
6.3.3 Measurement Survey Model
195(2)
6.4 Survey Results
197(7)
6.4.1 IT Security Governance Knowledge
197(1)
6.4.2 Conditions for Implementing Information Security Governance
197(2)
6.4.3 Strategic Issues in Information Security Governance
199(1)
6.4.4 IT Security Governance Strategy and Metrics
200(1)
6.4.5 IT Service and Asset Security Management
200(1)
6.4.6 Vulnerability and Risk Management
201(1)
6.4.7 Information Security Compliance, Control, and Verification
201(1)
6.4.8 Organizational Maturity of Information Security Governance
202(2)
6.5 Discussion and Interpretation
204(3)
6.6 Summary
207(4)
Appendix 1
211(2)
Appendix 2
213(2)
7 Information Security Governance: A Maturity Framework Based on ISO/IEC 27001
215(32)
7.1 Introduction
215(2)
7.2 Theoretical Framework
217(6)
7.2.1 Framework Overview
218(1)
7.2.2 Framework Core
219(3)
7.2.3 Framework Maturity Profile
222(1)
7.3 Use Case
223(13)
7.3.1 Data Collection
224(1)
7.3.2 Data Analysis
225(1)
7.3.3 Conducting Assessments
225(1)
7.3.4 Assessing Capability Maturity
226(1)
7.3.5 Developing Improvement Action Plans
227(9)
7.4 Summary
236(3)
Appendix 1
239(2)
Appendix 2
241(6)
8 Information Security Policy: A Maturity Framework Based on ISO/IEC 27002
247(46)
8.1 Introduction
247(4)
8.1.1 Problem Statement
249(1)
8.1.2 Research Question/Approach
250(1)
8.1.3 Purpose
250(1)
8.2 Background
251(11)
8.2.1 The ISO/IEC 2700x Family
254(8)
8.2.1.1 ISO/IEC 27001
255(1)
8.2.1.2 ISO/IEC 27002: 2005 (Revised by ISO/IEC 27002: 2013)
256(1)
8.2.1.3 ISO/IEC 27002: 2005
256(1)
8.2.1.4 ISO/IEC 27002: 2005
256(5)
8.2.1.5 Other ISO 27000 Standards
261(1)
8.3 Research Methodology
262(5)
8.3.1 Data Collection
262(1)
8.3.2 Data Analysis
263(1)
8.3.3 Results and Discussion
264(3)
8.4 Case Study
267(12)
8.4.1 ISSP Global Plan
269(1)
8.4.2 Preamble
269(1)
8.4.3 Context
270(1)
8.4.4 Perimeter
270(1)
8.4.5 ISSP Issues in the PUBLIC_ORG
270(1)
8.4.6 Security Requirements
271(1)
8.4.7 Security Clauses
271(8)
8.4.7.1 Organization of Information Security
271(2)
8.4.7.2 Information System Security Policy
273(1)
8.4.7.3 Asset Management
274(1)
8.4.7.4 Human Resources Security
274(1)
8.4.7.5 Physical and Environmental Safety
275(1)
8.4.7.6 Operations Management
275(1)
8.4.7.7 Access Controls
276(1)
8.4.7.8 Cryptography
277(1)
8.4.7.9 System Acquisition, Development, and Maintenance of Information Security
277(1)
8.4.7.10 Supplier Relationships
278(1)
8.4.7.11 Compliance
278(1)
8.5 Summary
279(4)
Appendix 1
283(10)
Conclusion 293(2)
References 295(22)
Acronyms 317(2)
Index 319
Yassine Maleh (http://orcid.org/0000-0003-4704-5364) is a PhD of the University Hassan 1st in Morocco in the field of Internet of Things Security and privacy, since 2013. He is Senior Member of IEEE, Member of the International Association of Engineers IAENG and The Machine Intelligence Research Labs. Dr Maleh has made contributions in the fields of information security and privacy, Internet of Things Security, Wireless and Constrained Networks Security. His research interests include Information Security and Privacy, Internet of Things, Networks Security, Information system and IT Governance. He has published over than 70 papers (Book chapters, international journals and conferences/workshops), and 8 edited books and 3 authored books. He is the editor in chief of the International Journal of Smart Security Technologies (IJSST). He serves as an Associate Editor for IEEE Access (2019 Impact Factor 4.098), the International Journal of Digital Crime and Forensics (IJDCF) and the International Journal of Information Security and Privacy (IJISP). He was also a Guest Editor of a special issue on Recent Advances on Cyber Security and Privacy for Cloud-of-Things of the International Journal of Digital Crime and Forensics (IJDCF), Volume 10, Issue 3, July-September 2019. He has served and continues to serve on executive and technical program committees and as a reviewer of numerous international conference and journals such as Elsevier Ad Hoc Networks, IEEE Network Magazine, IEEE Sensor Journal, ICT Express, and Springer Cluster Computing. He was the Publicity chair of BCCA 2019 and the General Chair of the MLBDACP 19 symposium and ICI2C21 conference. He received Publon Top 1% reviewer award for the years 2018 and 2019

Mamoun Alazab (https://orcid.org/0000-0002-1928-3704) is the Associate Professor in the College of Engineering, IT and Environment at Charles Darwin University, Australia. He received his Ph.D. degree is in Computer Science from the Federation University of Australia, School of Science, Information Technology and Engineering. He is a cyber security researcher and practitioner with industry and academic experience. Dr Alazabs research is multidisciplinary that focuses on cyber security and digital forensics of computer systems including current and emerging issues in the cyber environment like cyber-physical systems and the internet of things, by taking into consideration the unique challenges present in these environments, with a focus on cybercrime detection and prevention. He looks into the intersection use of machine learning as an essential tool for cybersecurity, for example, for detecting attacks, analyzing malicious code or uncovering vulnerabilities in software. He has more than 100 research papers. He is the recipient of short fellowship from Japan Society for the Promotion of Science (JSPS) based on his nomination from the Australian Academy of Science. He delivered many invited and keynote speeches, 27 events in 2019 alone. He convened and chaired more than 50 conferences and workshops. He is the founding chair of the IEEE Northern Territory Subsection: (Feb 2019 current). He is a Senior Member of the IEEE, Cybersecurity Academic Ambassador for Oman's Information Technology Authority (ITA), Member of the IEEE Computer Society's Technical Committee on Security and Privacy (TCSP) and has worked closely with government and industry on many projects, including IBM, Trend Micro, the Australian Federal Police (AFP), the Australian Communications and Media Authority (ACMA), Westpac, UNODC, and the Attorney Generals Department.

Sahid Abdelkbir is from Morocco. He is a PhD Student at the University Hassan 1st in Settat Morocco, since 2014. He received his Master degree (2012) in Computer Sciences from the Faculty of Science and Technology Settat, Morocco, and his Bachelor in Networks and IT Systems (2009) from Hassan 1st University Morocco. His research interests include Information Systems, IT Service Management, IT Security and IT Agility. He is the author of the book Strategic Information System Agility: From Theory to Practices, by Emerald.

Mustapha Belaissaoui is a Professor of Computer Science at Hassan 1st Univesity, Settat, Morocco, President of the Moroccan Association of Free Software (AMP2L), and Head of Master Management Information System and Communication. He obtained his PhD in Artificial Intelligenc from Mohammed V University in Rabat. His research interests are Combinatorial Optimization, Artificial Intelligence and Information Systems. He is the author and co-author of more than 70 papers including journals, conferences, chapters, and books, which appeared in refereed specialized journals and symposia.
Pastovi nuoroda: https://www.kriso.lt/db/9781003161998_pe.html
Raktažodžiai: