Security Planning : An Applied Approach / by Susan Lincke.

Preface -- Security Awareness -- Combatting Fraud -- Complying with Security Regulation and Standards -- Managing Risk -- Addressing Business Impact Analysis and Business Continuity -- Governing -- Important Tactical Concepts -- Planning for Network Security -- Designing Physical Security -- Organizing Personal Security -- Planning for Incident Response -- Defining Security Metrics -- Performing an Audit or Security Test -- Complying with HIPAA and HITECH -- Developing Secure Software.

This book guides readers through building an IT security plan. Offering a template, it helps readers to prioritize risks, conform to regulation, plan their defense and secure proprietary/confidential information. The process is documented in the supplemental online security workbook. Security Planning is designed for the busy IT practitioner, who does not have time to become a security expert, but needs a security plan now. It also serves to educate the reader of a broader set of concepts related to the security environment through the Introductory Concepts and Advanced sections. The book serves entry level cyber-security courses through those in advanced security planning. Exercises range from easier questions to the challenging case study. This is the first text with an optional semester-long case study: Students plan security for a doctor’s office, which must adhere to HIPAA regulation. For software engineering-oriented students, a chapter on secure software development introduces security extensions to UML and use cases (with case study). The text also adopts the NSA’s Center of Academic Excellence (CAE) revamped 2014 plan, addressing five mandatory and 15 Optional Knowledge Units, as well as many ACM Information Assurance and Security core and elective requirements for Computer Science.