Information Security: Managing the Legal RisksCCH Australia Limited, 2009 - 374 psl. This book provides users with essential facts on this major new area of legal risk for businesses and government agencies. This book contains a primer on information security, an analysis of the legal exposures that can flow from security breaches, and practical advice on the management of those risks. |
Turinys
Availability | 9 |
Acceptable Use Foundation Concepts Security Cost and Usability Layers | 15 |
External threats | 23 |
PART 2 | 25 |
How does it happen? | 29 |
Phishing and Spear Phishing | 35 |
Insecure Web Applications Insecure Wireless Networks Social Engineering Chapter 3 Inside jobs and data leakage | 43 |
Lost and Stolen Laptops | 51 |
DUTIES STANDARDS AND PROTECTIVE MEASURES | 185 |
Reasonable care | 191 |
Practical Implementation of a Risk Management Regime | 216 |
Relating the Assets to the Business Processes | 223 |
Assessing the Risk | 229 |
The Risk Register Conclusions 235 | 235 |
Asset Management | 251 |
Defensive Strategies | 291 |
The TJX Case | 64 |
Theft or Leakage of Commercially Confidential Information | 71 |
Chapter 5 | 79 |
Computerised IndustrialOperational Environment | 95 |
Privacy legislation | 101 |
Privacy at common | 115 |
Tort of Invasion of Privacy | 125 |
43 | 130 |
Introduction | 131 |
Implied Contracts | 140 |
Conclusions | 148 |
Other liability scenarios | 165 |
Disciplinary Issues and Compensation | 299 |
Conclusions | 306 |
46 | 310 |
ISOIEC 17799 Sections Full List | 319 |
Sources of Further | 327 |
Case Table | 347 |
47 | 348 |
353 | |
356 | |
361 | |
Kiti leidimai - Peržiūrėti viską
Pagrindiniai terminai ir frazės
access controls access rights accessed September 2009 acquiring bank agreements application attacks Australian botnet breach of confidence Business Continuity Plan cause of action claim COBIT common law compliance computer room conduct confidential information contract corporate courts credit card data centre data storage devices database devices director documented duty duty of care employee encryption ensure example exploit firewall hacker hacking identified identity theft implement information security breaches information security policies information security regime infrastructure internal issuing banks Jane Doe laptops liability malware obligations organisation organisation’s outsource particular password patch management PCI DSS personal information plaintiff policies and procedures policy set potential practical Pty Ltd reasonable regard requirements result risk management scenario section 52 security incidents sensitive server Snide specific staff third party tort tort of negligence types USB stick vulnerabilities Whilst