Roadmap to Information Security

Part I: OVERVIEW OF THE SECURITY LANDSCAPE.1. Introduction to the Roadmap to Information Security Roadmap.2. Threats to Information Assets.3. Attacks on Information Assets.Part II: STRATEGIC INFORMATION SECURITY: SECURITY GOVERNANCE.4. Information Technology and Information Security Governance.5. Information Security Roles and Responsibilities.6. Positioning the Information Security Function.7. Conducting an Information Security Assessment.Part III: STRATEGIC INFORMATION SECURITY: RISK MANAGEMENT.8. Risk Management: Risk Identification.9. Risk Management: Risk Assessment.10. Risk Management: Risk Control.11. Alternate Approaches to Risk Management.PART IV: STRATEGIC INFORMATION SECURITY: STANDARDS, REGULATIONS, LAW AND ETHICS.12. Standards for Managing the Information Security Program.13. Emerging Trends in Certification and Accreditation.14. Dealing with Regulatory Compliance and Key Legal Issues.15. Other Important Laws for Every IT/Security Manager.16. Ethics in IT and Information Security.Part V: TACTICAL INFORMATION SECURITY: POLICIES AND PROGRAMS.17. Information Security Policy: Development and Implementation.18. Information Security Policy Types: EISP, ISSP, SysSP.19. Employment Policies and Practices.20. Implementing Security Education, Training, and Awareness Programs.Part VI: TACTICAL INFORMATION SECURITY: CONTINGENCY PLANNING.21. Contingency Planning: Planning for the Worst.22. The Incident Response Plan.23. The Disaster Recovery Plan.24. The Business Continuity Plan.Part VII: OPERATIONAL INFORMATION SECURITY: NETWORK SECURITY.25. Communications and Operations Management.26. Firewalls.27. Protecting Remote Access.28. Intrusion Detection Systems.29. Scanning and Analysis Tools.Part VIII: OPERATIONAL INFORMATION SECURITY: CRYPTOGRAPHY AND ACCESS CONTROLS.30. Cryptography in Theory.31. Cryptography in Practice.32. Access Controls and Biometrics.33. Physical Security.Part IX: SUPPLEMENTAL MATERIALS.Appendix A: Information Security Self-Assessment