Skip to Main Content
Learn for less: Save 10% on high-quality foundation and auditor training. Find out more
Information Security A Practical Guide: Bridging the gap between IT and management

Information Security A Practical Guide - Bridging the gap between IT and management

SKU: 4575
Authors: Tom Mooney
Publishers: ITGP
Format: PDF
ISBN13: 9781849287418
Pages: 116
Published: 30 Jun 2015
Availability: Always Available
Format: ePub
ISBN13: 9781849287425
Pages: 116
Published: 30 Jun 2015
Availability: Always Available

Information security a practical guide provides an overview of basic information security practices that will enable
your security team to better engage with their peers to address the threats facing the organisation as a whole.

If you’re starting a new job as an information security professional, Information Security: A Practical Guide
contains all you need to know. 

Price: £29.95

How do you engage with your peers when they think you’re there to stop them working?

Corporate information security is often hindered by a lack of adequate communication between the security team and the rest of the organisation. Information security affects the whole company and is a responsibility shared by all staff, so failing to obtain wider acceptance can endanger the security of the entire organisation. Many consider information security a block, not a benefit, however, and view security professionals with suspicion if not outright hostility. As a security professional, how can you get broader buy-in from your colleagues?

Information Security: A Practical Guide addresses that issue by providing an overview of basic information security practices that will enable your security team to better engage with their peers to address the threats facing the organisation as a whole.


Covering everything from your first day at work as an information security professional to developing and implementing enterprise-wide information security processes, Information Security: A Practical Guide explains the basics of information security, and how to explain them to management and others so that security risks can be appropriately addressed.

Topics covered include:

  • How to understand the security culture of the organisation
  • Getting to know the organisation and building relationships with key personnel
  • How to identify gaps in the organisation’s security set-up
  • The impact of compromise on the organisation
  • Identifying, categorising and prioritising risks
  • The five levels of risk appetite and how to apply risk treatments via security controls
  • Understanding the threats facing your organisation and how to communicate them
  • How to raise security awareness and engage with specific peer groups
  • System mapping and documentation (including control boundaries and where risks exist)
  • The importance of conducting regular penetration testing and what to do with the results
  • Information security policies and processes
  • A standards-based approach to information security 

Click here to view a sample of the book

About the author

Tom Mooney

Tom Mooney has over ten years’ IT experience working with sensitive information. His current role is as a security risk advisor for the UK Government, where he works with project teams and the wider organisation to deliver key business systems securely. His key responsibility is to act as an intermediary between management and IT teams to ensure appropriate security controls are put in place. His extensive experience has led him to develop many skills and techniques to converse with people who are not technical or information security experts. Many of these skills and techniques are found in this book.

He has a BSc (Hons) in information and computer security, and is also a CESG certified professional.

Customer Reviews

(5.00)stars out of 5
Number of reviews: 2
1. on 01/12/2015, said:
5 stars out of 5
This book is an excellent read for those security professionals that are both new and old within the Information Security sector. Mooney takes the reader through the initial steps of becoming a security professional, right through to conducting risk assessments and even penetration testing. Each area of interest has been explained in detail, with ""real world"" example scenarios given when necessary. Mooney clearly shows his experience as a security professional within this book, and aims to eradicate the common mistakes faced when working within the industry. I would not only recommend this book to security professionals, but to those who want to gain a greater understanding of the security world.
2. on 20/07/2015, said:
5 stars out of 5
We’ve reviewed several books on information and IT security published by IT Governance. The latest is one of the most impressive….[The author] introduce[s] you to the necessary basics, such as the Senior Information Risk Owner (SIRO), a role often found in UK Government. Instead, Mooney points you in the right direction on such topics as penetration testing (again, with a physical and IT component) and information security policy; first knowing what the ‘risk appetite’ of your business is. While Mooney is writing for the information security professional, such is the spread of IT in the office and organisation, this book can apply to anyone in security management. This book is well worth an hour of your time, whether as a refresher, or if you are finding yourself facing more work on the info-security side. Recommended.
Showing comments 1-2 of 2
This website uses cookies. View our cookie policy
SAVE 10%