Information security handbook

Automation of clerical processes makes information systems more vulnerable, because they no longer require the prudent manual checks and balances which were once an unspoken part of the job. When combined with the pressures of cost of implementation and timescale, this has meant that few, if any, security controls have been built into these systems. This book examines modern systems of information security and how, in the modern office environment, security systems have often been overlooked. The authors argue that it is often the case that security deficits are not detected until a breach of security occurs. This means that security systems are not implemented until a breach of security occures. Information sources have consequently become more attractive for criminal and terrorist groups who are then in a position to demand high rewards for minimal effort. A single compromised password can lead to fraud involving electronic funds transfer (EFT), or to exposure of corporate secrets through industrial espionage. This book is designed to help managers to become acquainted with the risks involved and to help them to minimize the chance of an unwanted incident and reduce the effect of any damage. The first chapter provides the foundation upon which subsequent sections are built, but the authors do not expect the work to be read in sequence, from cover to cover, as a novel. Hence a question and answer format has been adopted.

• Security management and policy
• risk management
• contingency planning and damage avoidance
• information security and the law
• monitoring and audit control
• access control
• security of stored data and programs
• communications security
• formal models of secure systems.