Cyber Strategy: Risk-Driven Security and Resiliency
暫譯: 網路策略：風險驅動的安全性與韌性

Name: Cyber Strategy: Risk-Driven Security and Resiliency
Price: 1919 TWD
Availability: OnlineOnly
Author: Siegel, Carol A., Sweeney, Mark
ISBN: 0367339455

Siegel, Carol A., Sweeney, Mark

出版商: Auerbach Publication
出版日期: 2020-04-07
售價: $2,020
貴賓價: 9.5 折 $1,919
語言: 英文
頁數: 200
裝訂: Quality Paper - also called trade paper
ISBN: 0367339455
ISBN-13: 9780367339456
相關分類: 資訊安全

海外代購書籍(需單獨結帳)

商品描述

Cyber Strategy: Risk-Driven Security and Resiliency provides a process and roadmap for any company to develop its unified Cybersecurity and Cyber Resiliency strategies. It demonstrates a methodology for companies to combine their disassociated efforts into one corporate plan with buy-in from senior management that will efficiently utilize resources, target high risk threats, and evaluate risk assessment methodologies and the efficacy of resultant risk mitigations. The book discusses all the steps required from conception of the plan from preplanning (mission/vision, principles, strategic objectives, new initiatives derivation), project management directives, cyber threat and vulnerability analysis, cyber risk and controls assessment to reporting and measurement techniques for plan success and overall strategic plan performance. In addition, a methodology is presented to aid in new initiative selection for the following year by identifying all relevant inputs.

Tools utilized include:

Key Risk Indicators (KRI) and Key Performance Indicators (KPI)

National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) Target State Maturity interval mapping per initiative

Comparisons of current and target state business goals and critical success factors

A quantitative NIST-based risk assessment of initiative technology components

Responsible, Accountable, Consulted, Informed (RACI) diagrams for Cyber Steering Committee tasks and Governance Boards' approval processes

Swimlanes, timelines, data flow diagrams (inputs, resources, outputs), progress report templates, and Gantt charts for project management

The last chapter provides downloadable checklists, tables, data flow diagrams, figures, and assessment tools to help develop your company's cybersecurity and cyber resiliency strategic plan.

商品描述(中文翻譯)

《網路策略：以風險為驅動的安全性與韌性》提供了一個流程和路線圖，幫助任何公司發展其統一的網路安全和網路韌性策略。它展示了一種方法論，讓公司能夠將其分散的努力整合成一個企業計畫，並獲得高層管理的支持，從而有效利用資源，針對高風險威脅，並評估風險評估方法及其風險緩解措施的有效性。本書討論了從計畫構思到預先規劃（使命/願景、原則、戰略目標、新倡議衍生）、專案管理指導、網路威脅與脆弱性分析、網路風險與控制評估，再到計畫成功的報告與衡量技術所需的所有步驟。此外，還提出了一種方法論，以通過識別所有相關輸入來幫助選擇下一年的新倡議。

使用的工具包括：
- 主要風險指標（KRI）和關鍵績效指標（KPI）
- 國家標準與技術研究所（NIST）網路安全框架（CSF）針對每個倡議的目標狀態成熟度區間映射
- 當前與目標狀態的商業目標和關鍵成功因素的比較
- 基於NIST的倡議技術組件的定量風險評估
- 負責、可問責、諮詢、知情（RACI）圖表，用於網路指導委員會任務和治理委員會的批准流程
- 游泳道圖、時間線、數據流圖（輸入、資源、輸出）、進度報告模板和甘特圖，用於專案管理

最後一章提供可下載的檢查清單、表格、數據流圖、圖形和評估工具，以幫助發展貴公司的網路安全和網路韌性戰略計畫。

作者簡介

Carol A. Siegel is a Cybersecurity strategy and IT Risk Management professional with over 30+ years' experience. Carol earned her BS in Systems Analysis Engineering from Boston University in 1971, and her MBA in Computer Applications from New York University in 1984. She has CISSP, CISA and CISM certifications from ISC2 and ISACA respectively. Carol has co-authored one of the first books on Internet security, a book for Microsoft on Windows NT Security as well as numerous articles for Auerbach Publications on information security and risk management. Carol has worked for many Fortune 50 financial services companies in the Banking, Insurance, Big Four, and Pharma sectors and has held several Chief Information Security Officer (CISO) positions. Most recently, Carol worked for the Federal Reserve Bank of New York.

Mark Sweeney is a Cybersecurity and Cyber Resiliency professional with over 5 years of experience in strategizing and implementing risk-based cybersecurity and cyber resiliency programs. Mark earned his BS in Security & Risk Analysis - Information & Cyber Security from Penn State University in 2014. Mark has worked in Big Four consulting companies and the Financial Services Industry as a Cybersecurity and Cyber Resiliency expert and is currently a cyber underwriter.

作者簡介(中文翻譯)

Carol A. Siegel 是一位擁有超過 30 年經驗的網路安全策略及 IT 風險管理專業人士。Carol 於 1971 年在波士頓大學獲得系統分析工程學士學位，並於 1984 年在紐約大學獲得電腦應用碩士學位。她擁有 ISC2 的 CISSP 和 ISACA 的 CISA 及 CISM 認證。Carol 共同撰寫了第一本有關網路安全的書籍，為微軟撰寫了有關 Windows NT 安全性的書籍，並為 Auerbach Publications 撰寫了多篇有關資訊安全和風險管理的文章。Carol 曾在多家《財富》50 強的金融服務公司工作，涵蓋銀行、保險、四大會計師事務所及製藥行業，並擔任過多個首席資訊安全官 (CISO) 職位。最近，Carol 在紐約聯邦儲備銀行工作。

Mark Sweeney 是一位擁有超過 5 年經驗的網路安全及網路韌性專業人士，專注於策略規劃和實施基於風險的網路安全及網路韌性計畫。Mark 於 2014 年在賓州州立大學獲得安全與風險分析 - 資訊與網路安全學士學位。Mark 曾在四大會計師事務所及金融服務行業擔任網路安全及網路韌性專家，目前是一名網路承保人。