Security And Control In Information Systems

With the advent of electronic commerce, and the increasing sophistication of the information systems used in business organizations, control and security have become key management issues. Responsibility for ensuring that controls are well designed and properly managed can no longer simply be delegated to the technical experts. It has become an area in which the whole management team needs to be involved. This comprehensive review, written for the business reader, includes coverage of recent developments in electronic commerce, as well as the more traditional systems found in many organizations, both large and small. Intended for any manager whose work depends on financial or other business information, it includes case studies, summaries and review questions, making it equally suitable as a source text for students of business studies at postgraduate or advanced level.

"Information Systems for Business and Beyond introduces the concept of information systems, their use in business, and the larger impact they are having on our world."--BC Campus website.

Computers at Risk presents a comprehensive agenda for developing nationwide policies and practices for computer security. Specific recommendations are provided for industry and for government agencies engaged in computer security activities. The volume also outlines problems and opportunities in computer security research, recommends ways to improve the research infrastructure, and suggests topics for investigators. The book explores the diversity of the field, the need to engineer countermeasures based on speculation of what experts think computer attackers may do next, why the technology community has failed to respond to the need for enhanced security systems, how innovators could be encouraged to bring more options to the marketplace, and balancing the importance of security against the right of privacy.

This book comprises a set of chapters that introduce various topics pertinent to novel approaches towards enhancing cyber-physical measures for increased security and resilience levels in control systems. The unifying theme of these approaches lies in the utilization of knowledge and models of the physical systems, rather than an attempt to reinvigorate conventional IT-based security measures. The contributing authors present perspectives on network security, game theory, and control, as well as views on how these disciplines can be combined to design resilient, safe, and secure control systems. The book explores how attacks in different forms, such as false data injections and denial-of-service can be very harmful, and may not be detected unless the security measures exploit the physical models. Several applications are discussed, power systems being considered most thoroughly. Because of its interdisciplinary nature—techniques from systems control, game theory, signal processing and computer science all make contributions—Security and Resilience of Control Systems will be of interest to academics, practitioners and graduate students with a broad spectrum of interests.

The new edition of a bestseller, Information Technology Control and Audit, Fourth Edition provides a comprehensive and up-to-date overview of IT governance, controls, auditing applications, systems development, and operations. Aligned to and supporting the Control Objectives for Information and Related Technology (COBIT), it examines emerging trend

PART OF THE JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES Revised and updated with the latest information from this fast-paced field, Fundamentals of Information System Security, Second Edition provides a comprehensive overview of the essential concepts readers must know as they pursue careers in information systems security. The text opens with a discussion of the new risks, threats, and vulnerabilities associated with the transformation to a digital world, including a look at how business, government, and individuals operate today. Part 2 is adapted from the Official (ISC)2 SSCP Certified Body of Knowledge and presents a high-level overview of each of the seven domains within the System Security Certified Practitioner certification. The book closes with a resource for readers who desire additional material on information security standards, education, professional certifications, and compliance laws. With its practical, conversational writing style and step-by-step examples, this text is a must-have resource for those entering the world of information systems security. New to the Second Edition: - New material on cloud computing, risk analysis, IP mobility, OMNIBus, and Agile Software Development. - Includes the most recent updates in Information Systems Security laws, certificates, standards, amendments, and the proposed Federal Information Security Amendments Act of 2013 and HITECH Act. - Provides new cases and examples pulled from real-world scenarios. - Updated data, tables, and sidebars provide the most current information in the field.

Have you been asked to perform an information systems audit and don't know where to start? Examine a company's hardware, software, and data organization and processing methods to ensure quality control and security with this easy, practical guide to auditing computer systems--the tools necessary to implement an effective IS audit. In nontechnical language and following the format of an IS audit program, you'll gain insight into new types of security certifications (e.g., TruSecure, CAP SysTrust, CPA WebTrust) as well as the importance of physical security controls, adequate insurance, and digital surveillance systems. Order your copy today!

Learn how information theoretic approaches can inform the design of more secure information systems and networks with this expert guide. Covering theoretical models, analytical results, and the state of the art in research, it will be of interest to researchers, graduate students, and practitioners working in communications engineering.