This book supplies a blueprint on how to develop effective information security policies and procedures. It uses standards such as NIST 800-53, ISO 27001, and COBIT, and regulations such as HIPAA and PCI DSS as the foundation for the content. Highlighting key terminology, policy development concepts and methods, and suggested document structures
A Complete Guide for Performing Security Risk Assessments
This third edition enhances its coverage of critical topics like threat analysis, data gathering, and risk assessment methods, while introducing new subjects vital for contemporary assessment projects, including cloud security and supply chain management. It serves as a comprehensive resource for understanding and implementing effective security risk assessment strategies in today's evolving landscape.