Principles of information systems security : text and cases /
Gurpreet Dhillon.
- Hoboken, NJ : John Wiley & Sons, c2007.
- xii, 451 p. : ill. ; 25 cm.
Includes bibliographical references and index.
Ch 1: Information System Security: nature and scope -- Technical Aspects of Information System Security -- Ch 2: Security of Technical Systems in Organizations: an introduction -- Ch 3: Designing Technically Secure IS: formal models -- Ch 4: Encryption and Technical IS Security -- Ch 5: Controls and System Development -- Formal Aspects of Information System Security -- Ch 6: Security of Formal Systems in Organizations: an introduction -- Ch 7: Information System Security Management and Policy -- Ch 8: Risk Management for Information System Security -- Ch 9: Monitoring and Audit Control for Information System Security -- Informal Aspects of Information System Security -- Ch 10: Security of Informal Systems in Organizations: an introduction -- Ch 11: Corporate Governance for Information System Security -- Ch 12: Developing an Information System Security Culture -- Regulatory Aspects of Information System Security -- Ch 13: Security Standards and Evaluation Criteria -- Ch 14: Legal Aspects of IS Security - to deal with encryption -- Ch 15: Computer Forensics -- Ch 16: Conclusion -- Cases -- C1: The Case of Password Management in local government -- C2: The Case of client server system implementation and Information System Security -- C3: The Case of Information System Security in Health Care Administration -- C4: Computer crime and the Demise of Barings Bank case -- C5: The Role of IT Systems in the Demise of Drexel Burnham Lambert -- C6: The Case of Security Management at the Tower -- C7: It won't part you hair: the INSLAW Affair -- C8: M&M Procurement Inc.
The real threat to information system security comes from people, not computers. That's why students need to understand both the technical implementation of security controls, as well as the softer human behavioral and managerial factors that contribute to the theft and sabotage proprietary data. Addressing both the technical and human side of IS security, Dhillon's Information Systems Security: A Management Challenge equips managers (and those training to be managers) with an understanding of a broad range issues related to information system security management, and specific tools and techniques to support this managerial orientation. Coverage goes well beyond the technical aspects of information system security to address formal controls (the rules and procedures that need to be established for bringing about success of technical controls), as well as informal controls that deal with the normative structures that exist within organizations.