Building a Practical Information Security Program

Jason Andress, Mark Leary

  • 出版商: Syngress Media
  • 出版日期: 2016-10-14
  • 售價: $2,670
  • 貴賓價: 9.5$2,537
  • 語言: 英文
  • 頁數: 202
  • 裝訂: Paperback
  • ISBN: 0128020423
  • ISBN-13: 9780128020425
  • 相關分類: 資訊安全
  • 海外代購書籍(需單獨結帳)

相關主題

商品描述

Building a Practical Information Security Program provides users with a strategic view on how to build an information security program that aligns with business objectives. The information provided enables both executive management and IT managers not only to validate existing security programs, but also to build new business-driven security programs. In addition, the subject matter supports aspiring security engineers to forge a career path to successfully manage a security program, thereby adding value and reducing risk to the business. Readers learn how to translate technical challenges into business requirements, understand when to "go big or go home," explore in-depth defense strategies, and review tactics on when to absorb risks. This book explains how to properly plan and implement an infosec program based on business strategy and results.

  • Provides a roadmap on how to build a security program that will protect companies from intrusion
  • Shows how to focus the security program on its essential mission and move past FUD (fear, uncertainty, and doubt) to provide business value
  • Teaches how to build consensus with an effective business-focused program

商品描述(中文翻譯)

《建立實用的資訊安全計畫》為使用者提供了一個戰略視角,說明如何建立與商業目標相符的資訊安全計畫。所提供的資訊使得高層管理人員和IT經理不僅能夠驗證現有的安全計畫,還能建立新的以業務為驅動的安全計畫。此外,該主題也支持有志於成為安全工程師的人士,幫助他們開創成功管理安全計畫的職業道路,從而為企業增值並降低風險。讀者將學習如何將技術挑戰轉化為業務需求,了解何時應該「全力以赴或是放棄」,深入探討防禦策略,並檢視何時應該承擔風險的戰術。本書解釋了如何根據商業策略和結果來妥善規劃和實施資訊安全計畫。

- 提供了一個如何建立安全計畫的路線圖,以保護公司免受入侵
- 展示了如何將安全計畫聚焦於其核心使命,並超越FUD(恐懼、不確定性和懷疑),以提供商業價值
- 教授如何與有效的以業務為中心的計畫建立共識