1 The Organizational Context
1.1 Organizational Theory
1.2 organizational Purpose
1.3 The Organizational Environment and Competition
1.4 Strategy and Planning
1.5 Managing the Organization
1.6 Decision-Making
1.7 Culture
1.8 Case Study
1.9 Summary
2 Business Information Systems (BIS)
2.1 System and their Components
2.2 Types of BIS
2.3 technology Resources
2.4 Hardware and Software
2.4.1 Application Software
2.4.2 Application Specific Software
2.4.3 System Software Overview
2.4.4 Operating Systems
2.4.5 Network Management Programs
2.4.6 System Support Programs
2.4.7 A Database Management System
2.5 Databases
2.5.1 Foundation Data Concept
2.5.2 Hardware
2.6 Networks
2.7 The Internet and Internet Technologies
2.7.1 Intranets
2.7.2 Extranets
2.7.3 Internet Mail
2.7.4 Worldwide Web
2.8 E-Business and E-Commerce
2.9 BIS Development
2.9.1 Business Information Systems Acquisitions
2.9.2 Frameworks for Developing Business Information Systems
2.9.3 The BIS Project: Systems Analysis
2.9.4 BIS Project Management
2.10 BIS Management
2.10.1 BIS Strategy
2.10.2 Information Value
2.10.3 Information and Data Quality
2.10.4 Resourcing Information Services
2.11 BIS and Competitive Advantage
2.12 BIS and Decision-Making
2.12.1 Business Intelligence (BI)
2.13 Summary
3 Risk Management
3.1 Introduction
3.2 The Meaning and Components of Risk and related Constructs
3.2.1 Risk Components
3.2.2 Uncertainty
3.3 Risk Management Process
3.3.1 Risk Problem Structuring
3.3.2 Risk Decisions
3.3.3 Risk Control
3.4 Strategic Management of Business Risk
3.5 Standards and Codes
3.5.1 Risk Standards
3.6 Business Continuity Management (BCM)
3.6.1 Why should Organizations think about BCM and Associated Activities?
3.6.2 What is BCM?
3.6.3 Business Continuity Management Process
3.7 Summary
4 Security – An Introduction
4.1 Introduction
4.2 Security Problems
4.3 Security Objectives
4.4 Security Principles
4.5 Security Controls
4.5.1 Management Controls
4.5.2 Operational Controls
4.5.3 Technical Controls
4.5.4 Security Requirements
4.6 Security Strategies
4.7 Security Systems and their Maintenance
4.8 Summary
5 Threats, Hazards and Vulnerabilities
5.1 Introduction
5.2 IS Threats
5.3 Vulnerability
5.3.1 What makes IS Components Vulnerable
5.4 Threat and Vulnerability Identification
5.4.1 Threat Analysis
5.5 Threat Modelling
5.5.1 Information Flow Diagrams (IFD)
5.5.2 Context Diagram
5.5.3 Data-Flow Diagrams (DFD)
5.5.4 Decision-Flow Diagram
5.5.5 Entity Relationship Diagram (ERD)
5.5.6 Threat Analysis Outputs
5.6 Identifying and Assessing BI Rosks
5.6.1 Judging Probability and Estimating Impacts
5.6.2 Recording Judgements and Assessments
5.7 Case Study
5.8 Summary
6 Controls and Countermeasures
6.1 What are the Purposes of IS Security Controls and Countermeasures?
6.2 What are the Information System (IS) Controls and Countermeasures?
6.2.1 Formal and Informal Controls
6.2.2 Physical and Environmental Security
6.2.3 Identification, Authentication and Logical Access Controls
6.2.4 Cryptography
6.2.5 Case Study
6.2.6 Malicious Code Protection
6.2.7 Network Protection
6.3 Security Concerns
6.4 IS Resources
6.5 Summary
7 Business Information Risk Management
7.1 Introduction
7.2 BIR Strategies
7.3 ISSM – M in Practice
7.4 Applying the ISSM Model to MCL
7.4.1 MCL Context
7.4.2 MCL Needs Assessment
7.4.3 MCL Safeguards
7.4.4 Selection of Safeguards and Controls
7.4.5 MCL IS Security Objectives Strategy Policy and Procedures
7.4.6 Discussion
7.5 Managing IS Risks – Challenges and Issues
7.6 Summary
8 Legislation, Standards and Codes
8.1 Legislation
8.1.1 Data Protection Act
8.1.2 The Computer Misuse Act (CMA)
8.1.3 Copyright, Designs and Patents Act 1988
8.2 Standards
8.2.1 Risk Standard
8.3 Codes
8.4 Summary
9 Securing Data, Databases and Software
9.1 Introduction
9.2 Data and Databases
9.2.1 Data Structures
9.2.2 Organizing and Accessing Data
9.2.3 Sharing and Manipulating Data
9.3 Security Concerns
9.3.1 Database Threats and Vulnerabilities
9.4 Controls and Safeguards
9.5 Database Design
9.5.1 Database Integrity
9.5.2 Data Integrity
9.6 Database Administration
9.6.1 Identification and Authentication and Authorisation
9.6.2 Social Engineering
9.7 Database Security Summary
9.7.1 Part 2 – Security Software
9.8 Application Software
9.8.1 Malicious Code
9.8.2 Controlling and Safeguarding Against Malicious Code
9.8.3 Software Piracy
9.9 System Software
9.9.1 Identification and Authentication Vulnerabilities
9.10 Summary
10 Securing the Digital Organization
10.1 Introduction
10.2 The Digital Firm and E-Business
10.2.1 Trust
10.3 Threats, Vulnerabilities and E-Business Risks
10.3.1 Identity Risks ‘Pretending to be Someone Else’
10.3.2 Denial of Service Attacks
10.3.3 Repudiation
10.3.4 Summary of Threats and Vulnerbility
10.4 Controls, Safeguards and Countermeasures
10.4.1 Cryptographic Controls
10.5 Summary
11 Security Conscience
11.1 Introduction
11.2 The ‘Need’
11.3 The ‘Message’
11.4 Communication
11.5 The Individual
11.6 The Organization and Security Culture
11.7 Summary
12 Security Organization
12.1 Introduction
12.2 Scope
12.3 IS/IT Security Organization
12.4 Roles and Responsibilities
12.4.1 Management
12.4.2 Security Professionals
12.4.3 Control Implementation and Maintenance
12.4.4 Users
12.5 Information Security Professionals
12.6 Specialist Modes of Operation
12.7 Summary
| 