Description
Here's a unique and practical book that addresses the rapidly growing problem of information security, privacy, and secrecy threats and vulnerabilities. This authoritative resource helps you understand what really needs to be done to protect sensitive data and systems and how to comply with the burgeoning roster of data protection laws and regulations. The book examines the effectiveness and weaknesses of current approaches and guides you towards practical methods and doable processes that can bring about real improvement in the overall security environment. You gain insight into the latest security and privacy trends, learn how to determine and mitigate risks, and discover the specific dangers and responses regarding the most critical sectors of a modern economy.
Table Of Contents
Part I: Trends; Privacy Roles and Responsibilities - Background. Observations. Recommendations. Future Trends.; Data Protection - Background. Observations. Recommendations. Future Trends.; IT Operational Pressures on Information Security - Background. Observations. Recommendations. Future Trends.; Information Classification - Background. Observations. Recommendation. Future Trends. ; Human Factors - Background. Observations. Recommendations. Future Trends.; Part II: Risks; Making the Case for Replacing Risk-Based Security -Introduction. Why Risk Assessment and Risk Management Fail. Conclusion.; The Economics of Loss - Security as the Prevention of Loss. Quantifying the Risk of Loss. Refining the Basic Risk Equation. The Problem of Quantifying Loss Itself. Confronting the Reality of Hypothetical Actions. Overcoming the Fixation on Assets. Overcoming the Fixation on Market Value. Overcoming the Fixation on Productivity. Overcoming the Neglect of Substitutes. Taking Account of the Duration and Extent of the Effects. Distinguishing Between the Different Business Categories of Attacks. Putting the Proper Risk Estimates Back into the ROI Calculation.; Legal and Regulatory Obligations - The Expanding Duty to Provide Security. The Emergence of a Legal Standard for Compliance. The Imposition of a Duty to Warn of Security Breaches. Conclusion.; Telecommunications - Security Issues in Mobile Telecommunications. Security Issues in Global Telecommunications. Security Issues in Internet Protocol-Based Telecommunications. Security Issues in Bandwidth-Increasing Telecommunications.; Part III: Experience; Financial Services - Laws, Regulations, and Supervisory Requirements. Future Focus. Compliance Challenges.; Energy - Overview of Sector. Risks Related to Security and Privacy. How Risks Are Addressed. Documentation and Its Relation to Information Security. Conclusion.; Transportation Security - Overview. Technology 's Role in Transportation Security. Security in Transit. Best Practices Applied.; Academia - Overview. Case Studies. Protection.; Appendix. About the Authors. Index.;
Author
-
C. Warren Axelrod
C. Warren Axelrod is the president of C. Warren Axelrod, LLC. He was previously the research director for financial services for the U.S. Cyber Consequences Unit and an executive adviser to the Financial Services Technology Consortium. He was also the chief privacy officer and business information security officer for U.S. Trust. He has been a senior information technology executive in financial services for more than 25 years, has contributed to numerous conferences and seminars, and has published extensively. Dr. Axelrod is the author of Enterprise Information Security and Privacy and Outsourcing Information Security (Artech House 2009, 2004). He holds a Ph.D. in managerial economics from Cornell University, and a B.Sc. in electrical engineering and an M.A. in economics and statistics from Glasgow University. He is certified as a CISSP and CISM.
-
Jennifer Bayuk
Jennifer L. Bayuk is an independent consultant on topics including information security policy, process, management, and metrics. Ms. Bayuk has been a chief information officer at a major financial firm, a manager of information systems audit, a big 4 security consultant and auditor, and security software engineer at AT&T Bell Laboratories. She is a well-published author and holds masters degrees in computer science and philosophy.
-
Daniel Schutzer
Daniel Schutzer is the executive director of the Financial Services Technology Consortium (FSTC), responsible for its day-to-day operation. He is also a member of the BITS Advisory Council, an ASC X9 Board member and a fellow of the New York Academy of Sciences. Dan was previously a director and senior vice president of Citigroup for over 23 years. Dr. Schutzer holds an M.S.E.E. and a Ph.D. from Syracuse University, and a B.S.E.E. from City College of New York. He has authored over 65 publications and 7 books.