IT Security Risk Control Management: An Audit Preparation Plan

IT Security Risk Control Management: An Audit Preparation Plan

<p>Follow step-by-step guidance to craft a successful security program. You will identify with the paradoxes of information security and discover handy tools that hook security controls into business processes.</p><p>Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking.</p><p><b>What You Will Learn:</b><br></p><ul><li>Build a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constantly changing threats<br></li><li>Prepare  for and pass such common audits as PCI-DSS, SSAE-16, and ISO 27001<br></li><li>Calibrate the scope, and customize security controls to fit into an organization’s culture<br></li><li>Implement the most challenging processes, pointing out common pitfalls and distractions<br></li><li>Frame security and risk issues to be clear and actionable so that decision makers, technical personnel, and users will listen and value your advice</li></ul><p></p> <p></p> <p></p> <p></p> <p></p> <p></p> <p><b>Who This Book Is For:</b></p> <p>IT professionals moving into the security field; new security managers, directors, project heads, and would-be CISOs; and security specialists from other disciplines moving into information security (e.g., former military security professionals, law enforcement professionals, and physical security professionals)</p>