Auditing Information and Cyber Security Governance: A Controls-Based Approach
暫譯: 資訊與網路安全治理審計:基於控制的方式

Davis, Robert E.

Auditing Information and Cyber Security Governance: A Controls-Based Approach
  • 出版商: CRC
  • 出版日期: 2021-09-23
  • 售價: $2,980
  • 貴賓價: 9.5$2,831
  • 語言: 英文
  • 頁數: 284
  • 裝訂: Hardcover - also called cloth, retail trade, or trade
  • ISBN: 0367568500
  • ISBN-13: 9780367568504
  • 相關分類: 資訊安全

    • 立即出貨 (庫存 < 3)

買這商品的人也買了...

相關主題

商品描述

A much-needed service for society today. I hope this book reaches information managers in the organization now vulnerable to hacks that are stealing corporate information and even holding it hostage for ransom.

- Ronald W. Hull, author, poet, and former professor and university administrator

A comprehensive entity security program deploys information asset protection through stratified technological and non-technological controls. Controls are necessary for counteracting threats, opportunities, and vulnerabilities risks in a manner that reduces potential adverse effects to defined, acceptable levels. This book presents a methodological approach in the context of normative decision theory constructs and concepts with appropriate reference to standards and the respective guidelines. Normative decision theory attempts to establish a rational framework for choosing between alternative courses of action when the outcomes resulting from the selection are uncertain. Through the methodological application, decision theory techniques can provide objectives determination, interaction assessments, performance estimates, and organizational analysis. A normative model prescribes what should exist according to an assumption or rule.

商品描述(中文翻譯)

一項當今社會急需的服務。我希望這本書能夠觸及那些在組織中面臨駭客攻擊、竊取企業資訊甚至勒索的資訊管理者。

- Ronald W. Hull,作者、詩人、前教授及大學行政人員

一個全面的實體安全計畫透過分層的技術和非技術控制來部署資訊資產保護。控制措施對於抵抗威脅、機會和脆弱性風險是必要的,這樣可以將潛在的不利影響降低到定義的可接受水平。本書在規範決策理論的構建和概念的背景下,提出了一種方法論的方式,並適當參考標準及相關指導方針。規範決策理論試圖建立一個理性的框架,以便在選擇的結果不確定時,選擇不同的行動方案。透過方法論的應用,決策理論技術可以提供目標確定、互動評估、績效估算和組織分析。規範模型規定了根據假設或規則應該存在的內容。

作者簡介

Dr. Robert E. Davis, CISA, CICA unique qualifications encompass over 30 years of internal control practice and scholarship experience. He has provided data security consulting and information systems auditing services to highly regarded government agencies and corporations of various employee sizes. His past teaching experience includes positions with Temple University, Bryant & Stratton College and Cheyney University, as well as presenting various other training sessions and courses.
Dr. Davis has authored articles addressing IT issues for ITAudit Magazine, ISACA Journal, TechTarget, and IT Governance, LTD, as well as a chapter discussing continuous auditing for Bloomsbury Information. Dr. Davis has written workbooks and other instructional material for Boson Software and Pleier Corporation.

作者簡介(中文翻譯)

羅伯特·E·戴維斯博士(Dr. Robert E. Davis),CISA、CICA,擁有超過30年的內部控制實務和學術經驗。他為多家知名政府機構和各種規模的企業提供數據安全諮詢和資訊系統審計服務。他的教學經驗包括在天普大學(Temple University)、布萊恩特與斯特拉頓學院(Bryant & Stratton College)和切尼大學(Cheyney University)任教,以及主持各種其他培訓課程和講座。

戴維斯博士曾為《ITAudit Magazine》、《ISACA Journal》、《TechTarget》和IT Governance, LTD撰寫有關IT議題的文章,並為Bloomsbury Information撰寫了一章有關持續審計的內容。戴維斯博士還為Boson Software和Pleier Corporation撰寫了工作手冊和其他教學材料。

類似商品