Table of Contents -- Acknowledgments -- Copyright Notice -- Figures and Illustrations -- Preface -- Overview -- Research -- Terminology -- Introduction -- Brief History of the Internet -- Size and Growth of the Internet -- Implications for Security -- Business Uses of the Internet -- Common Uses -- Examples of Business Applications and Benefits -- Government Uses -- Categories of e-Commerce -- Security in the Internet and e-Commerce Age -- A Formula for Quantifying Risk -- Security Challenges -- Information Value -- A Rising Threat

The Danger from Technological ChangeGrowing Consequences of Security Breaches -- Conclusion -- Chapter 1: The Information Security Program -- The Present Information Systems Environment -- A Risk Construct -- Information Risk Management -- Enterprise-Wide Information Security Program Model: Functional Overview -- Assess, Design, Implement, Manage -- The Enterprise-Wide Information Security Program Elements: Framework, Organization, Technology, and Process -- Information Security Policy Framework -- Organization, Technology, and Processes

Creating a Successful Security ProgramKey Tenets of a Best Practices Security Program -- Security Program Project Design Considerations -- Building the Security Program -- Phase 1: Gaining Support -- Phase 2: Pre-Assessment Project Planning -- Phase 3: Assessment -- Phase 4: Quick Hit Projects -- Phases 5 and 6: Implementation and Design -- Conclusion -- Chapter 2: Developing an Information Security Policy -- The Impact of the Internet -- Characteristics of Good Information Security Policy -- METASeS Information Security Policy Framework

Information Security Policy Framework GoalsHow We Arrived at Our Framework -- Policy Framework Concepts -- METASeS Information Security Policy Framework Best Practices -- Information Security Charter -- Asset Identification and Classification -- Asset Protection -- Asset Management -- Acceptable Use -- Vulnerability Assessment and Management -- Threat Assessment and Management -- Standards and Procedures -- Policy Interpretation -- Information Security Policy Life Cycle -- Assessing Policy Needs -- Reviewing Existing Policy -- Overseas Considerations

Developing Information Security PolicyAddressing Responsibility and Accountability -- Who Should Formulate the Policy? -- Accounting for Corporate Culture -- Managing Expectations -- Exception Handling -- Implementing and Deploying Policy -- Awareness and Education -- Compliance and Enforcement -- Maintaining Information Security Policy -- Chapter 3: Web and e-Commerce Security -- Chapter Components -- Information Security Goals -- Confidentiality and Possession -- Integrity and Authenticity -- Availability and Utility -- Auditibility -- Non-Repudiation