Creating an Information Security Program from Scratch
暫譯: 從零開始建立資訊安全計畫

Williams, Walter

Creating an Information Security Program from Scratch
  • 出版商: CRC
  • 出版日期: 2021-09-15
  • 售價: $5,810
  • 貴賓價: 9.5$5,520
  • 語言: 英文
  • 頁數: 212
  • 裝訂: Hardcover - also called cloth, retail trade, or trade
  • ISBN: 036755464X
  • ISBN-13: 9780367554644
  • 相關分類: Scratch資訊安全

    • 海外代購書籍(需單獨結帳)

相關主題

商品描述

This book is written for the first security hire in an organization, either an individual moving into this role from within the organization or hired into the role. More and more, organizations are realizing that information security requires a dedicated team with leadership distinct from information technology, and often the people who are placed into those positions have no idea where to start or how to prioritize.

There are many issues competing for their attention, standards that say do this or do that, laws, regulations, customer demands, and no guidance on what is actually effective. This book offers guidance on approaches that work for how you prioritize and build a comprehensive information security program that protects your organization.

While most books targeted at information security professionals explore specific subjects with deep expertise, this book explores the depth and breadth of the field. Instead of exploring a technology such as cloud security or a technique such as risk analysis, this book places those into the larger context of how to meet an organization's needs, how to prioritize, and what success looks like. Guides to the maturation of practice are offered, along with pointers for each topic on where to go for an in-depth exploration of each topic.

Unlike more typical books on information security that advocate a single perspective, this book explores competing perspectives with an eye to providing the pros and cons of the different approaches and the implications of choices on implementation and on maturity, as often a choice on an approach needs to change as an organization grows and matures.

商品描述(中文翻譯)

這本書是為組織中的第一位安全人員撰寫的,無論是從組織內部轉任此角色的個人,還是新聘的安全人員。越來越多的組織意識到,資訊安全需要一個專門的團隊,其領導層與資訊科技部門有所區別,而通常被安排到這些職位的人對於如何開始或如何優先處理問題毫無頭緒。

有許多問題在爭奪他們的注意力,標準要求這樣做或那樣做,法律、法規、客戶需求,卻沒有關於什麼實際有效的指導。本書提供了關於如何優先處理和建立一個全面的資訊安全計劃的有效方法,該計劃能夠保護您的組織。

雖然大多數針對資訊安全專業人士的書籍探討特定主題並深入專業知識,但本書則探討了該領域的深度和廣度。本書並不專注於雲安全等技術或風險分析等技術,而是將這些放在滿足組織需求的更大背景中,探討如何優先處理以及成功的樣貌。書中提供了實踐成熟度的指導,並針對每個主題提供深入探索的指引。

與更典型的資訊安全書籍倡導單一觀點不同,本書探討了競爭的觀點,旨在提供不同方法的優缺點,以及選擇對實施和成熟度的影響,因為隨著組織的成長和成熟,對方法的選擇往往需要改變。

作者簡介

Walter Williams has served as an infrastructure and security architect at firms as diverse as GTE Internetworking, State Street Corp, Teradyne, The Commerce Group and EMC. He has since moved to security leadership, where he'd served as at IdentityTruth, Passkey, Lattice Engines, and Monotype. He is an outspoken proponent of design before build, an advocate of frameworks and standards, and has spoken at Security B-Sides, Source Boston, Boston Application Security Conference, Rochester Security Summit, Wall of Sheep Village within DefCon, RiskSec Toronto and other venues . His articles on Security and Service Oriented Architecture have appeared in the Information Security Management Handbook, and he has a book with CRC press on the same topic. He sat on the board of directors for the New England ISSA chapter and was a member of the program committee for Metricons 8 and 10. He has a masters degree in Anthropology from Hunter College.

作者簡介(中文翻譯)

沃爾特·威廉斯(Walter Williams)曾在多家不同的公司擔任基礎設施和安全架構師,包括 GTE Internetworking、State Street Corp、Teradyne、The Commerce Group 和 EMC。此後,他轉向安全領導職位,曾在 IdentityTruth、Passkey、Lattice Engines 和 Monotype 擔任相關職務。他是設計優於建造的堅定支持者,倡導框架和標準,並在 Security B-Sides、Source Boston、Boston Application Security Conference、Rochester Security Summit、DefCon 內的 Wall of Sheep Village、RiskSec Toronto 等多個場合發表演講。他在《資訊安全管理手冊》(Information Security Management Handbook)上發表過有關安全和服務導向架構的文章,並與 CRC Press 合著了一本相關主題的書籍。他曾擔任新英格蘭 ISSA 分會的董事會成員,並是 Metricons 8 和 10 的程序委員會成員。他擁有亨特學院的人類學碩士學位。

類似商品