IT Security Risk Control Management: An Audit Preparation Plan - Softcover

From the Back Cover

Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking.

IT Security Risk Control Management provides step-by-step guidance for IT professionals on how to craft a successful security program. Readers will identify with the paradoxes of information security and discover handy tools that hook security controls into business processes, including:

• Building a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constant changing threats
  
• Preparing for and passing such common audits as PCI-DSS, SSAE-16, and ISO 27001.
  
• Calibrating the scope, and customizing security controls to fit into an organization’s culture.
  
• Implementing the most challenging processes, pointing out common pitfalls and distractions.
  
• Framing security and risk issues to be clear and actionable so that decision makers, technical personnel, and users will listen and value your advice.
  

With IT Security Risk Control Management, you will be able to construct an information security program, from inception to audit, with enduring, practical, hands-on advice, and actionable strategies for IT professionals.

About the Author

Ray Pompon is currently the Director of Security at Linedata. With over 20 years of experience in Internet security, he works closely with Federal investigators in cyber-crime investigations and apprehensions. He has been directly involved in several major intrusion cases, including the FBI undercover Flyhook operation and the NW Hospital botnet prosecution. For six years, Ray was president and founder of the Seattle chapter of InfraGard, the FBI public-private partnership. He is a lecturer and on the board of advisors for three information assurance certificate programs at the University of Washington. Ray has written many articles and white papers on advanced technology topics and is frequently asked to speak as a subject matter expert on Internet security issues. National journalists have solicited and quoted his thoughts and perspective on the topic of computer security numerous times. He is a Certified Information Systems Security Professional as well as GIAC certified in the Law of Data Security & Investigations.