Risk Analysis & IT Management

Page 1


Page 4

Page 7

Visit us at

www.crcpress.com Page 10

Page 11

to view more information and complete tables of contents for these and many other related books.

Want to maximize your buying power?

Page 20

Order directly from our online store and

Receive FREE Standard Shipping with every order, big or small.

MBITM30_MC_3.1510gtr

Page 16


Risk Analysis and IT Management

Information Security Risk Analysis, Third Edition Thomas R. Peltier Thomas R. Peltier Associates, LLC, Wyandotte, Michigan, USA

Successful security professionals have had to modify the process of responding to new threats in the high-profile, ultra-connected business environment. But just because a threat exists does not mean that your organization is at risk. Information Security Risk Analysis, Third Edition demonstrates how to identify threats your company faces and then determine if those threats pose a real risk to your organization. Providing access to more than 350 pages of helpful ancillary materials, this volume effectively: • Presents and explains the key components of risk management • Demonstrates how the components of risk management are absolutely necessary and work in your organization and business situation • Shows how a cost-benefit analysis is part of risk management and how this analysis is performed as part of risk mitigation • Explains how to draw up an action plan to protect the assets of your organization when the risk assessment process concludes • Examines the difference between a Gap Analysis and a Security or Controls Assessment • Presents case studies and examples of all risk management components Authored by renowned security expert and certification instructor, Thomas Peltier, this authoritative reference provides the knowledge and the skill-set needed to achieve a highly effective risk analysis assessment in a matter of days. Supplemented with online access to user-friendly checklists, forms, questionnaires, sample assessments, and other documents, this work is truly a one-stop, how-to resource for industry and academia professionals. Contents: Introduction. Risk Management. Risk Assessment Process. Quantitative Versus Qualitative Risk Assessment. Other Forms of Qualitative Risk Assessment. Facilitated Risk Analysis and Assessment Process (FRAAP). Variations on the FRAAP. Mapping Controls. Business Impact Analysis (BIA). Conclusion. Catalog no. K11810, March 2010 456 pp., ISBN: 978-1-4398-3956-0, $79.95 / £49.99

For more information and complete contents, visit www.crcpress.com

3


Risk Analysis and IT Management

Information Security Management Concepts and Practice Bel G. Raggad Pace University, Pleasantville, New York, USA

Information security cannot be effectively managed unless secure methods and standards are integrated into all phases of the information security life cycle. And, although the international community has been aggressively engaged in developing security standards for network and information security worldwide, there are few resources available that provide clear guidance on how to properly apply the new standards in conducting security audits and creating risk-driven information security programs. An authoritative and practical resource, Information Security Management: Concepts and Practice provides a general overview of security auditing before examining the various elements of the information security life cycle. It explains the ISO 17799 standard and walks readers through the steps of conducting a nominal security audit that conforms to the standard. The text also provides detailed guidance for conducting an in-depth technical security audit leading to certification against the 27001 standard. Topics addressed include cyber security, security risk assessments, privacy rights, HIPAA, SOX, intrusion detection systems, security testing activities, cyber terrorism, and vulnerability assessments. Features • Presents all steps for conducting a nominal security audit that conforms with the ISO 17799 standard • Details the steps for conducting an in-depth technical security audit leading to certification against the ISO 27001 standard • Provides a detailed methodology for devising a risk-driven security program and an information security management system • Supplies a general overview of security auditing • Includes case studies demonstrating the security audit methodology This self-contained text is filled with review questions, workshops, and real-world examples that illustrate effective implementation and security auditing methodologies. It also includes a detailed security auditing methodology readers can use to devise and implement effective risk-driven security programs that touch all phases of a computing environment—including the sequential stages needed to maintain virtually air-tight IS management systems that conform to the latest ISO standards. Contents: Introduction. Security Plan. Security Analysis. Security Design. Security Implementation. Security Review. Continual Security. Index.

Catalog no. AU7854, January 2010 871 pp., ISBN: 978-1-4200-7854-1, $79.95 / £49.99

4

SAVE 15% when you order online at www.crcpress.com


Risk Analysis and IT Management

Official (ISC)2 Guide to the CISSP CBK, Second Edition Edited by

Harold F. Tipton HFT Associates, Villa Park, California, USA

“… ideal not only for information security professionals attempting to achieve CISSP certification but also for those who are trying to decide which, if any, certification to pursue. Executives and organizational managers who want a more complete understanding of all the elements that are required in effectively protecting their enterprise will also find this guide extremely useful.” —Tony Baratta, CISSP-ISSAP, ISSMP, SSCP, Director of Professional Programs, (ISC)2, from the Foreword

Recognized as one of the best tools available for studying for the (ISC)2 CISSP examination, this second edition reflects the latest developments in this ever-changing field. Endorsed by the (ISC)2, this book provides unrivaled preparation for the certification exam that is both up to date and authoritative. Compiled and reviewed by CISSPs and (ISC)2 members, the text provides an exhaustive review of the 10 current domains of the CBK— and the high-level topics contained in each domain. Features: • Provides detailed security analysis that is compiled and reviewed by CISSPs and (ISC)2 members • Delivers a thorough analysis of all ten CISSP CBK domains • Provides guidance for towards a professional certification that is a true career differentiator • Contains a total of 200 CISSP exam sample questions • Includes a full test simulation on CD ROM This edition includes a CD with over 200 sample questions, sample exams, and a full test simulation that provides the same number and types of questions with the same allotment of time allowed in the actual exam. It will even grade the exam, provide the correct answers, and identify areas where more study is needed. It also supplies ready access to best practices for implementing new technologies, dealing with current threats, incorporating new security tools, and managing the human factor of security. Contents: Information Security and Risk Management. Access Control. Cryptography. Physical (Environmental) Security. Security Architecture and Design. Business Continuity and Disaster Recovery Planning. Telecommunications and Network Security. Operations Security. Law, Regulations, Compliance, and Investigation. Catalog no. K10480, January 2010 1112 pp., ISBN: 978-1-4398-0959-4, $69.95 / £44.99 For more information and complete contents, visit www.crcpress.com

5


Risk Analysis and IT Management

The Decision Model A Business Logic Framework Linking Business and Technology Barbara von Halle and Larry Goldberg Knowledge Partners International, Mendham, New Jersey, USA

Read the Reviews: “... an important book … shows how a new way of using rules located in a common evaluation module can greatly simplify a business process and make it far easier to modify when the need arises.” —From the Foreword by Ken Orr, Topeka, Kansas

“… provides a framework and model that takes our field to the next level …” —Len Silverston, Bestselling Author

“… presents a formal, and yet practical, model for business logic and business rules …” —Andrew Spanyi, Bestselling Author

“I suspect this will be the handbook in this area for quite some time and a must read for all levels in IT …” —Thomas Wolfe, Capricorn Technology Group

Written by pioneering consultants and bestselling authors with proven track records, this book provides a platform for rethinking how to view, design, execute, and govern business logic. The book explains how to implement the Decision Model, a stable, rigorous model of core business logic that informs current and emerging technology. Features • Introduces the Decision Model as a new formalism for business logic • Covers the relevance of the model to current and emerging practices, trends, and standards such as SOA, BPM, EDM, and business knowledge management • Shows how to use agile and iterative techniques to create a Decision Model • Explains how to use the Decision Model for integrating technology and business processes • Includes a reference guide to formal definitions and examples of every part of the Decision Model • Provides a well-defined, well-formed logical framework that bridges the gap between business and technology disciplines The authors supply a strong theoretical foundation, while succinctly defining the path needed to incorporate agile and iterative techniques for developing a model that will be the cornerstone for continual growth. The book not only defines the Decision Model but also demonstrates how it can be used to organize decision structures for maximum stability, agility, and technology independence and provide input into automation design. Catalog no. AU2817, 2010 553 pp., ISBN: 978-1-4200-8281-4, $59.95 / £36.99

6

SAVE 15% when you order online at www.crcpress.com


Risk Analysis and IT Management The SIM Guide to Enterprise Architecture

Lean Six Sigma Secrets for the CIO William Bentley

Edited by

Peter Davis & Associates, GA, USA

Leon Kappelman

Peter T. Davis

University of North Texas, Denton, Texas, USA

Peter Davis & Associates, Toronto, Ontario, Canada

Read the Reviews:

Read the Reviews:

“… a visionary yet practical guide … the best and most comprehensive book that I have seen …“

“In a conversational, easy to digest manner, Bill and Peter deliver the tools you need to dig below the surface and get to the root of efficiency matters so that your organization can both survive and thrive in the coming years.”

—Ed Trainor, CIO & Senior Vice President, IS, Amtrak

“The best in the field bringing clarity to EA. You’ll learn why its value for goal-oriented, integrated systems is undeniable.” —Joe Tenczar, Sr. Director of Technology/CIO, Hard Rock International

“A compelling book co-authored by the ‘who’s who’ in the EA space. ...An excellent source for real world, practical insight and ideas.” —Michael Rapken - CIO and Executive Vice President, YRC Worldwide, Inc.

“… offers many perspectives on the approach to formalizing the process of EA within your organization.” —Doug Watson, Vice President, CIO Americas, Bacardi

“… a valuable and comprehensive reference that every practitioner should own …“ —Scott Bernard, PhD, Deputy CIO, Federal Railroad Administration / Editor, Journal of Enterprise Architecture

Beginning with a look at current theory and frameworks, the book discusses the practical application of enterprise architecture and best practices. It provides a wealth of resources and references, including the SIM’s survey of IT organizations’ enterprise architecture activities—complete with important metrics for evaluating progress and success.

—Connie Siewert, Business Development Manager, IBM

“A thorough yet manageable treatise on virtually all the popular methods for improvement from the well known to the obscure and brings each one back to a common point of comparison with LEAN and Six Sigma. … Combines education on many aspects of the business improvement dilemma we all face with practical suggestions for how to use powerful techniques to address the problem.” —Tom Guthrie, Former VP of IT Operations and Current VP of Enterprise Architecture, Cox Communications

Going beyond the usual how-to guide, this book supplies proven tips and valuable case studies that illustrate how to combine Six Sigma’s rigorous quality principles with Lean methods for uncovering and eliminating waste in IT processes. Savvy IT veterans describe how to use Lean Six Sigma with IT governance frameworks such as COBIT and ITIL and warn why these frameworks should be considered starting points rather than destinations. Catalog no. K10211, 2010, 288 pp. ISBN: 978-1-4398-0379-0, $49.95 / £31.99

Catalog no. K10555, 2010, 330 pp. ISBN: 978-1-4398-1113-9, $59.95 / £38.99

For more information and complete contents, visit www.crcpress.com

7


Risk Analysis and IT Management

Data Protection Governance, Risk Management, and Compliance

Vulnerability Management

David G. Hill

Park Foreman

Mesabi Group LLC, Westwood, Massachusetts, USA

GroupM, New York, USA

In a clear explanation of how to gain a handle on the vital aspects of data protection, this book begins by building the foundation of data protection from a risk management perspective. It then introduces the two other pillars in the governance, risk management, and compliance (GRC) framework. After exploring data retention and data security in depth, the book focuses on data protection technologies primarily from a risk management viewpoint. It also discusses the special technology requirements for compliance, governance, and data security; the importance of eDiscovery for civil litigation; the impact of third-party services in conjunction with data protection; and data processing facets, such as the role of tiering and server and storage virtualization. By examining the relationships among the pieces of the data protection puzzle, this book offers a solid understanding of how data protection fits into various organizations. It allows readers to assess their overall strategy, identify security gaps, determine their unique requirements, and decide what technologies and tactics can best meet those requirements. Catalog no. K10353, 2010, 330 pp. ISBN: 978-1-4398-0692-0, $69.95 / £44.99

Vulnerability management proactively prevents the exploitation of IT security gaps and weaknesses that exist particularly within a larger organization. This book demonstrates how prevention can reduce the potential for exploitation and shows that it takes considerably less time and resources to manage potential weaknesses, than to clean up after a violation. Written by a leading expert in IT security, this volume provides guidance for creating a vulnerability management program in a large, globally distributed company. It covers areas often neglected or falsely appearing secure. The text includes checklists and details the activities that constitute successful management. Contents: Symbols and Acronyms. Mechanical Systems and Vibration. System and Vibration Modeling. Vibration Identification. Classical Vibration Control. Introduction to Optimal and Robust Control. A Mixed H2/H∞ Control. Control Design for Low-Hump Sensitivity Function with Secondary Actuators . Generalized KYP Lemma Based Loop Shaping Approach . Combined Hz and KYP Lemma Based Control. Blending Control for Multi-frequency Disturbance Rejection. Nonlinearity Compensation and Nonlinear Control. H∞ Method Based Disturbance Observer. Quantization Effect and Compensation on Vibration Rejection. Two-Dimensional H2 Control for Error Minimization. Adaptive Filtering Algorithms for Active Vibration Control. Conclusions. References. Catalog no. K10093, 2010, 347 pp. ISBN: 978-1-4398-0150-5, $79.95 / £48.99

8

SAVE 15% when you order online at www.crcpress.com


Risk Analysis and IT Management

Strategic Data Warehousing Achieving Alignment with Business Neera Bhansali

Enterprise Architecture A to Z Frameworks, Business Process Modeling, SOA, and Infrastructure Technology

iMEMS Corp.

Daniel Minoli

Organization of data warehouses are vital but often ignored aspects of growing enterprises. This work merges technological know-how with managerial practices to show the business manager and the IT professional how better alignment between data warehouse plans and business strategies can lead to a successful data warehouse adoption that will support the entire infrastructure. More complete than any other text in the field, this resource also addresses the managerial and strategic aspects of data warehouses, offering doable solutions that will allow for the strategic alignment of these warehouses while building them and ensuring that this alignment is sustained.

SES Americom, Princeton, New Jersey, USA

Contents: Introduction. What is a Data Warehouse. Difference between Data Warehouse and Traditional Operational Systems. Data Warehouse Development Process. Data Warehouse Architectures. Organization Factors that Influence Success of a Data Warehouse. User factors that Influence Success of a Data Warehouse. Technology Factors that Influence Success of a Data Warehouse. Data Factors that Influence Success of a Data Warehouse. Strategic Alignment. The Strategic Alignment Model. Enablers of Business-IT Alignment. Aligning the Data Warehouse to Business Strategy. Data Warehouse-Alignment and Business User Satisfaction. Data Warehouse-Alignment and Technical Integration. Data WarehouseAlignment and Flexibility. Conclusion. Catalog no. AU3945, 2010, 224 pp. ISBN: 978-1-4200-8394-1, $69.95 / ÂŁ44.99

Enterprise Architecture A to Z examines costsaving trends in architecture planning, administration, and management. Author Daniel Minoli has written a number of columns and books on the high-tech industry and has many years of technical hands-on and managerial experience at top financial companies and telecom/networking providers. In this book he begins by evaluating the role of Enterprise Architecture planning and Service-Oriented Architecture (SOA) modeling. He provides an extensive review of the most widelydeployed architecture framework models, including The Open Group Architecture and Zachman Architectural Frameworks, as well as formal architecture standards. The first part of the text focuses on the upper layers of the architecture framework, while the second part focuses on the technology architecture. Additional coverage discusses Ethernet, WAN, Internet communication technologies, broadband, and chargeback models. Contents: Introduction: Enterprise Architecture and Technology Trends. Enterprise Architecture Goals, Roles, and Mechanisms. The Open Group Architectural Framework. The Zachman Architectural Framework. Official Enterprise Architecture Standards. Enterprise Architecture Tools. Business Process Modeling. Architecture Fulfillment via Service-Oriented Architecture Modeling. Evolving SAN, GbE/10GbE, and Metro Ethernet Technologies. Evolving MAN/WAN Technologies. Networking in SOA Environments. Server/Storage Virtualization and Grid Computing for Commercial Enterprise Environments. Catalog no. AU8517, 2008, 504 pp. ISBN: 978-0-8493-8517-9, $79.95 / ÂŁ49.99

For more information and complete contents, visit www.crcpress.com

9


Risk Analysis and IT Management The Business Value of IT

IT Auditing and Sarbanes-Oxley Compliance

Managing Risks, Optimizing Performance and Measuring Results

Key Strategies for Business Improvement

Michael D. S. Harris, David Herron, and Stasia Iwanicki

Dimitris N. Chorafas Consultant for Major Corporations, France & Switzerland

The David Consulting Group, Paoli, Pennsylvania, USA

“An excellent reference for the CIO and for the line manager seeking to engage the business with the transparency into the investment and cost equation they demand to justify the cost of IT.” —From the foreword by, Mike Antico, CTO, Wolters Kluwer, New York, USA

This book examines how to measure IT performance, how to put a dollar value on IT, and how to justify the value of an entire IT program. It places sharp technical focus on the techniques, methods, and processes used to identify and to assess risks. Based on the authors’ extensive experience in the field, this comprehensive text discusses IT from the perspective of its contribution to business, the necessity of governance, the importance of measuring performance, and changes that must be made in order to effectively measure IT. Leading consultants Michael D. Harris, David E. Herron, and Stasia Iwanicki share their real-world experiences to explain how you can demonstrate IT’s value, and potentially find extra value you didn’t know your IT organization creates. Contents: What Does IT Contribute to the Business? Why Should We Care About IT Governance? Why Should We Measure IT Performance? How Should We Change? Index. Catalog no. AU6474, 2008, 296 pp. ISBN: 978-1-4200-6474-2, $69.95 / £44.99

Written as a contribution to the accounting and auditing professions, this book links two key strategies for business improvement: information technology auditing and Sarbanes-Oxley compliance. Both require ethical accounting practices, focused auditing activities, a functioning system of internal control, and a close watch by the board’s audit committee and CEO. All of the concepts are reviewed in detail and reinforced with case studies that demonstrate the proper steps needed for complete analysis. Those companies that make good use of the procedures in this book will avoid the lure of easy money that moved Enron and Worldcom from world class organizations to colossal disasters. Contents: Management Control. Internal Control and Information Technology. Case Studies on Internal Control’s Contribution. Auditing Functions. Internal and External Audit. The Board’s Accountability for Audit. Case Studies on Auditing a Company’s Information Technology. Auditing the Information Technology Functions. Strategic IT Auditing: A Case Study. A Constructive View – Suggestions for IT Restructuring. A Broader Perspective of IT Auditing. Technical Examples in Auditing IT Functions. Auditing IT Response Time and Reliability. Auditing the Security System. Can IT Help in Compliance? The Case of SOX. Sarbanes-Oxley Compliance and IT’s Contribution. What If: Backtesting SarbanesOxley. Index. Catalog no. AU6170, 2009, 305 pp. ISBN: 978-1-4200-8617-1, $89.95 / £57.99

10

SAVE 15% when you order online at www.crcpress.com


Risk Analysis and IT Management Cloud Computing Implementation, Management, and Security John W. Rittinghouse Hypersecurity LLC, Houston, Texas, USA

The Green and Virtual Data Center Greg Schulz

James F. Ransome

StorageIO Group, Stillwater, Minnesota, USA

Cloud Computing: Implementation, Management, and Security provides an understanding of what cloud computing really means, explores how disruptive it may become in the future, and examines its advantages and disadvantages. It gives business executives the knowledge necessary to make informed, educated decisions regarding cloud initiatives.

“… reviews the latest developments in facilities, server, storage, networking, and monitoring technologies and provides a roadmap of how each can be used to create next-generation data centers that combine efficiency with scalability … “

The authors first discuss the evolution of computing from a historical perspective, focusing primarily on advances that led to the development of cloud computing. They then survey some of the critical components that are necessary to make the cloud computing paradigm feasible. They also present various standards based on the use and implementation issues surrounding cloud computing and describe the infrastructure management that is maintained by cloud computing service providers. After addressing significant legal and philosophical issues, the book concludes with a hard look at successful cloud computing vendors. Helping to overcome the lack of understanding currently preventing even faster adoption of cloud computing, this book arms readers with guidance essential to make smart, strategic decisions on cloud initiatives. Contents: Introduction. Evolution of Cloud Computing. Components. Standards. Systems. Legal Issues. Cloud Vendors to Watch. Future Directions of Cloud Computing. Day-to-Day Management Issues Running a Cloud Environment. References. External Links.

—Kurt Marko, in Processor, Vol. 31, No. 11

“… a concise and visionary perspective on the Green issues … A great place to start your green journey and a useful handbook to have as the journey continues.” —Greg Brunton, EDS/An HP Company

“… extremely well organized and easy to follow … could easily serve as a blueprint for organizations to follow … a great addition to an IT Bookshelf.” —Dr. Steve Guendert, Global Solutions Architect, Brocade Communications

This book provides strategies and blueprints for enabling and deploying environmentally friendly next-generation data centers. It looks at design and implementation tradeoffs using various best practices and technologies to sustain application and business growth while maximizing resources, such as power, cooling, floor space, storage, server performance, and network capacity. The book shows how to make server and storage virtualization energy efficient and still be able to support a diversity of high-performance applications. Catalog no. AU6669, 2009, 400 pp. ISBN: 978-1-4200-8666-9, $79.95 / £48.99

Catalog no. K10347, 2010, 340 pp. ISBN: 978-1-4398-0680-7, $79.95 / £49.99

For more information and complete contents, visit www.crcpress.com

11


Risk Analysis and IT Management PerformanceBased Management Systems

Business Process Management Systems

Effective Implementation and Maintenance

Strategy and Implementation James F. Chang Ivy Consultants, Austin, Texas, USA

Patria de Lancer Julnes

“… covers almost every aspect of the field and provides definitions and summaries of various BPM concepts, business improvement practices, data integration technologies, application integration technologies, workflow technologies, BPMS products, and BPMS standards. … a good resource for those who are interested in BPMS and are involved with integrating data, systems, and people.”

Expectations for performance management continue to grow in the public sector, but there remains little understanding on how to effectively implement and sustain these systems. This volume explains why performance measurement is not more widely used in the public sector, and explores how implementation of performance measurement can be improved with insights gained from extant literature on public policy, organizational politics and culture, and knowledge utilization. It discusses the practical challenges involved in performance measurement efforts and provides context-sensitive guidelines to overcome these obstacles. The book presents theoretical background, empirical studies, and recommendations for theory and practice in order to support practical efforts to build successful performance management systems in public organizations. Developing a framework for analysis, the text offers new insight on the factors that affect implementation.

—Karthikeyan Umapathy, The Pennsylvania State University, Information Technology and People, Vol. 19, No. 2

With a focus on strategy and implementation, James Chang discusses business management practices and the technology that enables them. He analyzes the history of process management practices and demonstrates that BPM practices are a synthesis of radical change and continuous change practices. The book is relevant to both business and IT professionals who are presented with an integrated view on how various management practices merge into BPM. This volume describes the many technologies that converge to form a Business Process Management System (BPMS), illustrating its standards and service-oriented architecture. Contents: Theories of Process Management. Business Process Management. Overview of Business Process Management System. Data Integration Technology. Messaging-Based Integration Technology. Component-Based Integration Technology. Workflow Technology. Different Types of Business Process Management Systems. Business Process Management Systems (BPMS) Standards. Business Process Management Implementation. Catalog no. AU2310, 2006, 304 pp. ISBN: 978-0-8493-2310-2, $93.95 / £59.99

12

Contents: Making the Case for Performance Measurement and Performance-Based Management. Introduction. Using Performance Measurement Information. Building Theory in Support of Practice Through a Mixed Methods Approach. Theoretical Framework. Research Methodology. Survey Data Description and Preparation for Hypotheses Testing. Modeling Causal Linkages. Letting Practice Inform Theory. Interpreting Survey Findings. Contextualizing the Quantitative Model. Two Overarching Themes. Summing Up and Moving Forward. Summary and Final Recommendations for Theory and Practice. Appendix. References. Index. Catalog no. AU5427, 2009, 288 pp. ISBN: 978-1-4200-5427-9, $89.95 / £57.99

SAVE 15% when you order online at www.crcpress.com


Risk Analysis and IT Management Information Security Architecture An Integrated Approach to Security in the Organization, Second Edition Jan Killmeyer Tudor Engineering Management, Butler, Pennsylvania, USA

An exploration of the evolution of information security (IS), this book examines at the development of the field from infancy into a more mature, understandable, and manageable state. It simplifies security by providing clear, organized methods and by guiding you to the most effective resources available. Building on the foundation of the bestselling first edition, this volume discusses three additional components: monitoring and detection, computer incident and emergency response, and disaster recovery and business continuity planning. In addition to the components of a successful Information Security Architecture (ISA) detailed in the previous edition, this volume also discusses computer incident/emergency response. The book describes in detail every one of the eight ISA components. Each chapter provides an understanding of the component and details how it relates to the other components of the architecture. The text also outlines how to establish an effective plan to implement each piece of the ISA within your organization. Contents: Information Security Architecture. Security Organization/Infrastructure. Security Policies, Standards, and Procedures. Security Baselines and Risk Asessments. Security Awareness and Training Program. Compliance. Pitfalls to an Effective ISA Program. Computer Incident/Emergency Response. Conclusion. Catalog no. AU1549, 2006, 424 pp. ISBN: 978-0-8493-1549-7, $83.95 / ÂŁ53.99

Enterprise Systems Backup and Recovery A Corporate Insurance Policy Preston de Guise IDATA Pty Ltd., Sydney, Australia

This volume provides organizations with a comprehensive understanding of the principles and features involved in effective enterprise backups. Rather than focusing on any individual backup product, this book recommends corporate procedures and policies that need to be established for comprehensive data protection. It provides relevant information to any organization, regardless of what operating systems or applications are deployed, what backup system is in place, or what planning has been done for business continuity. It explains how backup must be included in every phase of system planning, development, operation, and maintenance. It also provides techniques for analyzing and improving current backup system performance. The book delineates the steps that must be taken to improve data security and prevent the devastating loss of data and business revenue that can occur with poorly constructed or inefficient systems. Contents: Introduction. Human and Technical Layers. Backup and Recovery Concepts. Backup. Documentation and Training. Performance Options, Analysis, and Tuning. Recovery. Protecting the Backup Environment. Problem Analysis. Backup Reporting. Choosing a Backup Product. Best Practices. Appendix A: Technical Asides. Appendix B: Sample Recovery Request Form. Appendix C: Sample Test Form. Appendix D: Glossary of Terms. Catalog no. AU6396, 2009, 308 pp., Soft Cover ISBN: 978-1-4200-7639-4, $69.95 / ÂŁ44.99

For more information and complete contents, visit www.crcpress.com

13


Risk Analysis and IT Management ServiceOriented Architecture

Service Oriented Enterprises

SOA Strategy, Methodology, and Technology James P. Lawler

Setrag Khoshafian

Pace University, New York, New York, USA

Pegasystems Inc, Cambridge, Massachusetts, USA

This comprehensive resource covers all the components, issues, standards, and technologies that create a service-oriented enterprise. Filled with realworld examples, Service Oriented Enterprises explores innovative and practical service-oriented solutions. Beginning with an overview of the emerging SOE culture, the text contrasts the new service-oriented methodologies with traditional waterfall and iterative methodologies. Emphasizing Web Service strategies for description, discovery, and deployment techniques, the author goes deeper into service-oriented concepts describing the business process management suite as the central core of the SOE, and introducing the Enterprise Service Bus as the backbone for integration. The text describe how modeling, executing, and continuously improving the business process and business policies lends to the development of a common language between business and IT. The book concludes by expanding on these concepts and delving into the societal and behavioral aspects of the Service Oriented Enterprise. Contents: Introduction. Service Oriented Methodologies. Service Definition, Discovery, and Deployment. Service Oriented Architectures. Business Process Management. Service Quality and Management. The Service Oriented Enterprise. Catalog no. AU5360, 2007, 464 pp. ISBN: 978-0-8493-5360-4, $83.95 / ÂŁ53.99

H. Howell-Barber Principal Consultant - HBink, Riverdale, New York, USA

Firms are aggressively beginning to design, develop, and implement advanced and complex Web service systems. This book guides readers through the business strategies, methodologies, and technologies used to successfully plan and deploy Web services. Interdepartmental case studies illustrate business dimensions, technological dimensions, and methodological principles as well as key critical factors for successful implementation of service-oriented projects. Based on the authors’ practical experience, the book describes best practices and provides insightful tips for using this competitive-edge technology to improve business operations. The book examines the role of both non-agile and agile project management techniques for deploying SOA. Its methodology applies frameworks of governance, communications, product realization, project management, architecture, data management, service management, human resource management, and post implementation processes. Contents: Service-Oriented Architecture(SOA) Strategy. Introduction to Strategy. ServiceOriented Architecture (SOA) Methodolgy. Introduction to Program Management Methodology. Deployment and Expansion of Web Services Based on SOA. Deployment of Services, Integration of Process and Services Architecture, and Restructuring of Organizations and Staff. Deployment and Exploitation of Services Based on SOE. Conclusion. Service-Oriented Architecture (SOA) Technology. Introduction to Service Technology. Service Technology Firms, Technologies and Tools. Conclusion. Service Terminology. Index. Catalog no. AU4500, 2008, 288 pp. ISBN: 978-1-4200-4500-0, $73.95 / £46.99

14

SAVE 15% when you order online at www.crcpress.com


Risk Analysis and IT Management

Information Security Design, Implementation, Measurement, and Compliance Timothy P. Layton Grover, Missouri, USA

“I have had the pleasure of working with Tim on several large risk assessment projects and I have tremendous respect for his knowledge and experience as an information security practitioner … I know you will benefit from Tim’s guidance on how to get the most from your risk assessment efforts. For today’s information security leaders, there is not a topic more important.” —From the Foreword by Gary Geddes, CISSP, Strategic Security Advisor, Microsoft Corporation

Presenting an in-depth perspective of the ISO/IEC 17799 Information Security Standard, this book provides a detailed analysis of how to effectively measure an information security program using this standard. It includes a qualitative-based risk assessment methodology and describes a quantitative measurement framework that organizations can adopt and implement within the risk assessment process, allowing firms to customize practices to their own needs. This text also includes a comprehensive gap analysis of the recently rescinded standard against the newly released version, making the transition to the new standard much easier for organizations and practitioners.

Features: • Contains a programmatic approach that applies to a business regardless of its size or type • Presents a process that allows firms to customize information security practices • Demonstrates how to conduct a risk assessment covering all controls and control objectives Catalog no. AU7087, 2007, 264 pp. ISBN: 978-0-8493-7087-8, $93.95 / £59.99

Information Security Management Metrics A Definitive Guide to Effective Security Monitoring and Measurement W. Krag Brotby, CISM Enterprise Security Architect, Thousand Oaks, California,

The 20/20 hindsight of audits is no longer an effective solution to security weaknesses, and the necessity for real-time strategic metrics has never been more critical. Information Security Management Metrics offers a step-by-step approach to developing and implementing relevant security metrics that are essential for effective security management. With case studies and tools for monitoring specific items, this book offers practical guidance for implementing metrics across an entire organization, thereby improving budget and resource allocation, and reducing the possibility that unanticipated events will have catastrophic impacts. The book includes metrics that complement those used by IT managers, and demonstrates how to make adjustments to metrics without interrupting business processes. With three decades of enterprise information security experience, author Krag Brotby presents a workable approach to developing and managing costeffective enterprise information security. Contents: Introduction. Security Metrics Overview. Security Metrics. Current State of Security Metrics. Metrics Developments. Relevance. The Metrics Imperative. Attributes of Good Metrics. Information Security Governance. Metrics Development – A Different Approach. Information Security Governance Metrics. Information Security Risk Management. Information Security Program. Development Metrics. Information Security Program. Management Metrics. Incident Management and Response. Conclusions. Appendices. Catalog no. AU5285, 2009, 200 pp. ISBN: 978-1-4200-5285-5, $79.95 / £48.99

For more information and complete contents, visit www.crcpress.com

15


Risk Analysis and IT Management Strategic Intelligence Business Intelligence, Competitive Intelligence, and Knowledge Management

Knowledge Retention

Jay Liebowitz

Jay Liebowitz

Strategies and Solutions

Johns Hopkins University, Rockville, Maryland, USA

Johns Hopkins University, Rockville, Maryland, USA

Strategic intelligence (SI) has mostly been used in military settings, but its worth goes well beyond that limited role. It has become invaluable for improving any organization’s strategic decisionmaking process. The author of Strategic Intelligence: Business Intelligence, Competitive Intelligence, and Knowledge Management recognizes synergies among component pieces of strategic intelligence, and demonstrates how executives can best use this internal and external information toward making better decisions.

‘‘Knowledge Retention: Strategies and Solutions will become paramount toward achieving success in an increasingly competitive environment.’’

Features: • Examines the synergy among knowledge management, business intelligence, and competitive intelligence that creates strategic intelligence • Explains what works in strategic intelligence so organizations can improve their strategic decision making • Discusses desired characteristics of strategic intelligence • Includes case studies from government, business, and industry that detail successes and failures in strategic intelligence Divided into two major parts, the book first discusses the convergence of knowledge management (KM), business intelligence (BI), and competitive intelligence (CI) into what the author defines as strategic intelligence. The second part of the volume describes case studies written by recognized experts in the fields of KM, BI, and CI. The case studies include strategic scenarios at Motorola, AARP, Northrop Grumman, and other market leaders. Catalog no. AU9868, 2006, 248 pp. ISBN: 978-0-8493-9868-1, $93.95 / £59.99

16

—Jay Liebowitz

As the baby boomer generation approaches retirement age, many organizations are facing the potential crisis of lost knowledge. Devised to help those organizations who are dependent on the accumulated knowledge of stakeholders, this book details a proactive approach to knowledge retention. Written by Jay Liebowitz, one of the most sought after knowledge management experts, this text explains how to identify at risk knowledge areas, and then demonstrates how to keep those areas from becoming knowledge vacuums. To reinforce his points, the book contains case studies from The Aerospace Corporation, Chevron, and Knowledge Harvesting Inc., who have become models for the implementation of knowledge retention strategies. Contents: Setting the Stage. Determining Critical “At Risk” Knowledge. Easy-to-Accomplish Knowledge Retention Techniques. Developing a Knowledge Retention Framework. Knowledge Retention: Learning from Others. Calculating the Loss of Knowledge. Using Organizational Network Analysis to Inform Knowledge Retention Efforts. Case Study: Knowledge Harvesting During the Big Crew Change (Chevron and Knowledge Harvesting Inc.). The Aerospace Corporate Case Study. Knowledge Retention: The Future. Catalog no. AU6465, 2009, 144 pp. ISBN: 978-1-4200-6465-0, $69.95 / £44.99

SAVE 15% when you order online at www.crcpress.com


Risk Analysis and IT Management

Best Practices in Business Technology Management Stephen J. Andriole Villanova University, Pennsylvania, USA

Written in a compelling, conversational manner, this book provides insight into the field, discussing decision-making, trends, alignment, optimization, processes, timing, and other areas. It includes practical hands-on advice that explores organization, the challenges of working with people, acquisition and measurement of technology, operational effectiveness, and strategic effectiveness. The best practices presented are not theoretical or untested. Rather, they are the result of trench warfare and real applications. The insights contained in this volume represent what successful companies have done—and continue to do— to optimize the business technology relationship. A nationally-known business technology veteran, author Stephen J. Andriole, has developed a perspective on the optimization of computing and communications technology based on years of experience from government, industry, academia, and the venture capital business. In this book, he demonstrates how those who buy and deploy technology can optimize their technology in a way that saves costs and provides maximum performance. Contents: Perspectives. Organization. People. Acquisition and Measurement. Operational Effectiveness. Strategic Effectiveness. Epilogue. Index. Catalog no. AU6333, 2009, 368 pp. ISBN: 978-1-4200-6333-2, $69.95 / £44.99

Marketing IT Products and Services Jessica Keyes New Art Technologies, Edgewater, New Jersey, USA

Characterized by lightning quick innovation, abrupt shifts in technology, and shorter lifecycles, the marketing of IT products and services presents a unique set of challenges and often requires IT managers and developers to get involved in the marketing process. This book helps you get up to speed quickly and easily on what’s needed to develop effective marketing strategies and campaigns. Focusing on the unique issues involved, this one-stop resource provides everything needed to understand the roles, responsibilities, and management techniques essential for the development of successful strategies. It covers strategic market planning, targeting markets, researching markets, understanding the competition, integrating market and sales strategies, nuances of global markets, developing marketing budgets, pricing, and implementing marketing campaigns. A plethora of appendices included on the book’s CD allows you to get up and running right away. Contents: Introduction to Strategic Marketing Management. Strategy and Implementation. Understanding the High Tech Customer. The Expanding Market. Market Research. Product Strategy. Innovation Management. IT Product Development Cycle. Pricing Products. Communications Strategies. Distribution Strategies. Marketing Implementation. Social Networking and the Sales Strategy. E-commerce as a Sales Medium. Appendices. Catalog no. K10177, January 2010, 336 pp. ISBN: 978-1-4398-0319-6, $69.95 / £44.99

For more information and complete contents, visit www.crcpress.com

17


Risk Analysis and IT Management The Effective CIO

CISO Soft Skills Securing Organizations Impaired by Employee Politics, Apathy, and Intolerant Perspectives

How to Achieve Outstanding Success through Strategic Alignment, Financial Management, and IT Governance Eric J. Brown NCI Building Systems, The Woodlands, Texas, USA

William A. Yarberry, Jr. ICCM Consulting, Houston, Texas, USA

Unlike other books, which merely discuss strategies important to the chief information officer, this volume discusses how the guidelines it recommends can actually be executed. The author provides not only a survey of existing strategies but also includes detailed problem-solving ideas, such as how to structure optimal IT and telecom contracts with suppliers, the implications of SOP98, and accounting for software costs. The book brings together two perspectives: that of a working CIO who must cope with the day-to-day pressure for results, and that of an IT auditor with a special focus on governance and internal control. Examples, charts, templates, and anecdotes supplement the material. Contents: Core Skills and Career Development. Information Technology Governance. Information Technology Finance. Project Management. Creating Good Enough Code. Enterprise Architecture. Mergers and Acquisitions. Sourcing. Business Intelligence and Analytics. Security. Training. Effective Use of Consultants. Operations. Futures. CIO Interviews. Appendices. A. Examples of Key IT General Controls. B. Examples of Key IT Application Controls. C. Project Management Artifact Examples. D. IT Risk Assessment Checklist. E. Due Diligence Checklist for Mergers and Acquisitions (Business). F. Due Diligence Checklist for Mergers and Acquisitions — IT. G. Example IT Policies and Direction for “XYZ Corp”. H. Recommended Reading.

Ron Collette and Michael Gentile CISOHandbook.com & Traxx Consulting Services, Newport Beach, California, USA

Skye Gentile Aptos, California, USA

In a clear, concise presentation, this book explores tools for identifying the intangible negative influencers of security that plague most organizations, and provides techniques to identify, minimize, and overcome these pitfalls. It explains how using the wrong criteria to measure security can result in a claim of adequate security when objective assessment demonstrates this is not the case. The authors instead recommend that organizations measure the success of their efforts using a practical approach that illustrates both the tangible and intangible requirements needed by a healthy security effort. The book also discusses the root causes that negatively influence both a CISO and an organization’s ability to truly secure itself. It explains what a CISO can do about these security constraints, providing numerous practical and actionable exercises, tools, and techniques to identify, limit, and compensate for the influence of security constraints in any type of organization. The book also includes proactive techniques that CISOs can utilize to effectively secure challenging work environments. Reflecting the experience and solutions of those that are in the trenches of modern organizations, this volume provides practical ideas that can make a difference in the daily lives of security practitioners. Catalog no. AU9102, 2009, 288 pp. ISBN: 978-1-4200-8910-3, $69.95 / £44.99

Catalog no. AU6460, 2009, 336 pp. ISBN: 978-1-4200-6460-5, $79.95 / £49.99

18

SAVE 15% when you order online at www.crcpress.com


Risk Analysis and IT Management A Tale of Two Systems Lean and Agile Software Development for Business Leaders

Enterprise-Scale Agile Software Development

Michael K. Levine

James Schiel

Wells Fargo Home Mortgage, Minneapolis, Minnesota, USA

Danube Technologies, Pennsylvania, USA

“A Tale of Two Systems takes us on an intriguing and very realistic journey through the development of two systems – one a spectacular success, and the other an equally spectacular failure. It exposes in detail why one system succeeds and the other fails. In the epilogue, Levine summarizes the lessons leaders should take away from this wonderful tale. This chapter alone is worth the price of the book; following the story brings a deep appreciation of its wisdom.”

Written for organizations attempting to convert their transitional development practices to agile, this book is organized into chapters sequenced to match the typical progression. Drawing on his experience in transitioning a 1400 person organization to agile development, the author provides the information and tools that will allow you to consider potential outcomes so that you can make the best choices for your unique situation. The content is based on the use of Scrum as an organizational framework and on XP practices used to define how software is written and tested. The book also includes information regarding quality development practices based on ISO 9001.

—Mary Poppendieck, author of Implementing Lean Software Development: From Concept to Cash

A Tale of Two Systems: Lean and Agile Software Development for Business Leaders reviews two fictional systems development projects. One project proves to be an abject and expensive failure, while the other succeeds in creating a major new revenue stream and solving important customer needs. Contrasting the methods employed in a traditional, process-centric ‘waterfall’ approach, with a lean and agile-inspired approach, this book provides business leaders with a tangible understanding of why lean thinking is so well-suited to contemporary environments requiring flexibility, speed, and the input of specialized knowledge. Catalog no. K10217, 2009, 344 pp. ISBN: 978-1-4398-0389-9, $49.95 / £31.99

Much more than a mere “body of knowledge,” this volume goes beyond standardizing agile and Scrum practices. It breaks up the process into manageable tasks, illustrating how to set the stage for the change, plan it, and then initiate it. Using the methods and information presented, any organization should be able to achieve a nearly seamless transition to agile. Contents: Introduction. Why Agile? Setting the Stage for a Transition. Planning the Transition. Starting the Transition. Creating the Agile Organization. Index. Catalog no. K10179, 2010, 382 pp. ISBN: 978-1-4398-0321-9, $89.95 / £57.99

For more information and complete contents, visit www.crcpress.com

19


Risk Analysis and IT Management CISO Leadership Essential Principles for Success

Leading IT Projects

Edited by

Todd Fitzgerald

The IT Manager’s Guide

Milwaukee, Wisconsin, USA

Micki Krause

Jessica Keyes

Pacific Life Insurance Company, Newport Beach, California, USA

New Art Technologies, Edgewater, New Jersey, USA

“… a number of experienced and highly successful information security practitioners share their collective experiences … They provide valuable advice for those aspiring to become information security leaders … The authors’ ‘war stories’ can help you avoid the bumps as you go down that road. The breadth and depth of the experience of the authors makes this a unique book that you can use to further your information security career.” —Ben Rothke, Security Management

Written by experienced computer security professionals and including interviews with successful CISOs, this book describes the management skills needed by aspiring senior security executives. It provides tools for identifying one’s strengths and weaknesses and honing one’s leadership style. It delineates what companies look for when hiring a security professional and covers practical steps for evaluating an organization’s culture in order to successfully implement a security program that will fit the culture. A unique reference for IT professionals, CISOs, CIOs, and CSOs, the book includes real-world examples of how to treat the security program as a business. Catalog no. AU7943, 2008, 312 pp. ISBN: 978-0-8493-7943-7, $73.95 / £46.99

Leading IT Projects: The IT Manager’s Guide provides a detailed roadmap for project success. The book provides information on the technical aspects of project management and also focuses on the human side of project management—leadership skills, team building, and promoting creativity. Overall, it facilitates an extensive understanding of the planning, monitoring, and control of the people, process, and events that occur as a computer system evolves from preliminary concept to operational implementation. Using readyto-use forms and templates, this valuable resource enables you to increase productivity and ensures that projects come in on time and within budget. Contents: Fundamentals of Project Management. Project Management Skill Sets. Managing the Project Team. Project Tracking and Control. Project Critical Success Factors. Project Scope Management and System Requirements. Project Scheduling. Project Estimation. Project Risk. Procurement Management. Project Termination. Reference A: Traditional IT Metrics Reference. Reference B: Value Measuring Methodology. Reference C: Establishing a Software Measurement Program. Reference D: Selected Performance Metrics. Reference E: Introduction to Software Engineering. Reference F: The Feasibility Study and Cost–Benefit Analysis. Reference G: Project Plan Outline. Reference H: Glossary Catalog no. AU7082, 2009, 336 pp. ISBN: 978-1-4200-7082-8, $79.95 / £49.99

20

SAVE 15% when you order online at www.crcpress.com


Risk Analysis and IT Management

Managing Web Projects

Mobile Enterprise Transition and Management

Edward B. Farkas

Bhuvan Unhelkar

Jackson Heights, New York, USA

Consultant, Wahroonga, Australia

A practical, step-by-step guide to managing webbased projects, this hands-on approach demystifies even the most daunting tasks. Using common sense tips and proven tools, international consultant Edward B. Farkas outlines a typical project lifecycle, including project integration, scope and scope change, and work breakdown structures. He addresses concepts such as risk, time, human resources, communications, and quality management. Dozens of templates, schedules, checklists, and flow charts, prepare you to become a project management professional, fully versed in and aligned with the nine knowledge areas and five processes codified by the internationally accepted standards of the Project Management Body of Knowledge (PMBOK®).

“… a carefully crafted approach that intertwines the wide and varying dimensions of economy, technology, process, and sociology together in a comprehensive and cohesive approach to ensure successful transitions and management of mobile business.”

Contents: Introduction. How to Use This Book. Project Integration. ISP Project Life Cycle. Project Scope Management. Scope Change Management. Work Break Down Structures. Risk Management. Project Time Management. Customer Program Offices. Human Resource Management. Communications Management. Quality Management. Project Management & Consulting Opportunities. Process Maps and Diagrams. PM End-to-End Engagement Flowchart: Map A. Pre-Sales Process End-to-End: Map B. eSD Rapid Review Sub-Process Diagram: Map C. Catalog no. K10273, January 2010, 401 pp. ISBN: 978-1-4398-0495-7, $59.95 / £38.99

— Edward Yourdon, Computer Hall of Fame Inductee

Addressing the rapid evolution of global communications, this book provides step-by-step guidance on how to configure, enact, and manage the process of integrating mobile technology within an organization. The mobile enterprise transition (MET) process presented considers input from the four significant dimensions of an organization – economic, technical, process, and social – making it a well-rounded and complete process. Based on extensive research, literature review, and practical experimentation, this comprehensive text presents emerging best practices, exhaustive case studies, and examples of successful transitions. It also provides detailed references, and a glossary of key terms and commonly used acronyms. Contents: Mobile Business Overview. Mobile Enterprise Transition Goals and Framework. Mobile Enterprise Transitions: Economic Dimension. Mobile Enterprise Transitions: Technical Dimension. Mobile Enterprise Transitions: Process Dimension. Mobile Enterprise Transitions: Social Dimension. Enacting and Managing Mobile Enterprise Transitions. Mobile Enterprises: Expansion, Growth, and Management. Mobile Enterprises: Sustainability and the Environment. Case Studies. Index. Catalog no. AU8275, 2009, 420 pp. ISBN: 978-1-4200-7827-5, $79.95 / £48.99

For more information and complete contents, visit www.crcpress.com

21


Risk Analysis and IT Management A Practical Guide to Information Systems Strategic Planning, Second Edition

Oracle Identity Management Governance, Risk, and Compliance Architecture, Third Edition Marlin B. Pohlman Oracle Corporation, Redwood Shores, California, USA

Anita Cassidy

A guide to meeting regulatory compliance pressures while embarking on the path of process and system remediation, this book examines multinational regulations and delves into the nature of governance, risk, and compliance. The text is written by Marlin Pohlman, a director with Oracle who is recognized as one of the primary educators worldwide on identity management, regulatory compliance, and corporate governance. He also cites common standards, illustrating a number of well-known compliance frameworks. He then focuses on specific software components that will enable secure business operations. To complete the picture, he discusses elements of the Oracle architecture, which permit reporting essential to the regulatory compliance process, and the vaulting solutions and data hubs, which collect, enforce, and store policy information. The book includes case studies from the five most regulated business verticals, financial services, retail, pharma-life sciences, higher education, and the US public sector. Identity management is the first line of defense in the corporate internal ecosystem. Reconciling theory and practicality, this volume makes sure that defense is workable, responsive, and effective. Catalog no. AU7247, 2008, 552 pp., Soft Cover ISBN: 978-1-4200-7247-1, $69.95 / £44.99

Strategic Computing Directions, Prior Lake, Minnesota, USA

“Everyone needs an IT strategy but nobody knows exactly what one is, let alone how to build one. Anita Cassidy has written the definitive how-to book for a traditionally fuzzy field.” —Bob Lewis, President, IT Catalysts

“A well defined IT strategy provides the cornerstone for any IS organization wishing to distinguish itself as a value added business enabler. This is a clear and practical guide for developing such a strategy. Keep it handy, you’ll be using it frequently.” —Ruth Dessel, CIO, Metropolitan Council

“I read the first edition and now luckily the second. Cassidy’s methodology has been enhanced and lifted to the next level. This edition contains new real world examples, checklists, and templates. It is a must read (and follow) for all IT managers.” —Keith Guggenberger, Senior Vice President of Operations, Starkey Laboratories

This volume outlines a systematic approach to guide you through the development of an effective IS plan that is formulated from your company’s business plan. The book outlines a quick and easy approach to completing a plan, offering concepts, techniques, and templates for analyzing, organizing, and communicating the information contained in a strategic IS plan. Catalog no. AU5073, 2006, 400 pp. ISBN: 978-0-8493-5073-3, $62.95 / £39.99

22

SAVE 15% when you order online at www.crcpress.com


Our up to date, officially sanctioned study guides and resources put you at the top of your field. The breadth and depth of experience of the authors gives insight into the key issues in certification and accreditation, including roles and responsibilities, the life cycle, and pitfalls to avoid.


SAVE 15%!

Use this Promo Code when ordering to

6000 Broken Sound Parkway, NW, Suite 300 Boca Raton, FL 33487, USA

Page 17

Page 6

For a complete list of Risk Analysis and IT Management titles, please visit www.crcpress.com

Page 21

Presorted Standard US Postage PAID Permit 382 South Holland IL


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.