To my parents
Robert M. and Alice B. Davis
Information technology (IT) assets must be protected from external and internal activities detrimental to effective and efficient functionality. For this purpose, mechanisms exist that can be utilized to ensure hardware, software, and other resources are operated on by only those tasks that have gained proper authorization. Protection is the mechanism for controlling access of programs, processes, and users to resources defined by an information security system. This mechanism must enable specification of the controls to be imposed, together with some means of enforcement. Contextually, security protects the information stored in IT architectural items, as well as the physical resources deployed, from unauthorized access, malicious destruction or altercation, and accidental introduction of inconsistency.
“Ensuring Information Assets Protection” was written to provide governance, risk and compliance practitioners with quality subject matter for managing generally accepted safeguarding responsibilities. Hopefully, the stated objective is accomplished to the satisfaction of those who decided to utilize this publication.
This publication is one in a series of titles addressing information security governance (ISG), protection risks, and employee compliance. In contrast with other similar information security publications, this publication contributes researchable supporting coverage of key information assets protection (IAP) processes as well as functional knowledge of managerial practices.
“Ensuring Information Assets Protection” presents a proven approach to deploying entity-centric IT security frameworks, architectures, methods, and techniques. In terms of content, this publication converts selected standards and guidelines into practical applications using detailed examples and conceptual graphics. Through this publication, security professionals will acquire an appreciation for the complexities associated with ensuring an adequate information security program.