Auditing Information and Cyber Security Governance: A Controls-Based Approach

Davis, Robert E.

  • 出版商: CRC
  • 出版日期: 2021-09-23
  • 售價: $2,980
  • 貴賓價: 9.5$2,831
  • 語言: 英文
  • 頁數: 284
  • 裝訂: Hardcover - also called cloth, retail trade, or trade
  • ISBN: 0367568500
  • ISBN-13: 9780367568504
  • 相關分類: 資訊安全
  • 立即出貨 (庫存 < 3)

買這商品的人也買了...

相關主題

商品描述

A much-needed service for society today. I hope this book reaches information managers in the organization now vulnerable to hacks that are stealing corporate information and even holding it hostage for ransom.

- Ronald W. Hull, author, poet, and former professor and university administrator

A comprehensive entity security program deploys information asset protection through stratified technological and non-technological controls. Controls are necessary for counteracting threats, opportunities, and vulnerabilities risks in a manner that reduces potential adverse effects to defined, acceptable levels. This book presents a methodological approach in the context of normative decision theory constructs and concepts with appropriate reference to standards and the respective guidelines. Normative decision theory attempts to establish a rational framework for choosing between alternative courses of action when the outcomes resulting from the selection are uncertain. Through the methodological application, decision theory techniques can provide objectives determination, interaction assessments, performance estimates, and organizational analysis. A normative model prescribes what should exist according to an assumption or rule.

商品描述(中文翻譯)

這是一本當今社會急需的服務。我希望這本書能夠傳達給那些現在容易受到駭客攻擊、竊取企業資訊甚至以贖金形式勒索的組織中的資訊管理者。

- 羅納德·W·赫爾(Ronald W. Hull),作家、詩人、前教授和大學行政人員

一個全面的實體安全計劃通過分層的技術和非技術控制來保護信息資產。這些控制是為了對抗威脅、機會和風險中的漏洞,以降低潛在的不良影響到可接受的水平。本書在規範性決策理論構建和概念的背景下,提出了一種方法論的方法,並適當地參考了標準和相應的指南。規範性決策理論試圖建立一個理性的框架,用於在選擇的結果不確定時,在不同行動方案之間進行選擇。通過方法論的應用,決策理論技術可以提供目標確定、互動評估、性能估計和組織分析。規範模型根據一個假設或規則規定了應該存在的內容。

作者簡介

Dr. Robert E. Davis, CISA, CICA unique qualifications encompass over 30 years of internal control practice and scholarship experience. He has provided data security consulting and information systems auditing services to highly regarded government agencies and corporations of various employee sizes. His past teaching experience includes positions with Temple University, Bryant & Stratton College and Cheyney University, as well as presenting various other training sessions and courses.
Dr. Davis has authored articles addressing IT issues for ITAudit Magazine, ISACA Journal, TechTarget, and IT Governance, LTD, as well as a chapter discussing continuous auditing for Bloomsbury Information. Dr. Davis has written workbooks and other instructional material for Boson Software and Pleier Corporation.

作者簡介(中文翻譯)

Dr. Robert E. Davis, CISA, CICA具有超過30年的內部控制實踐和學術經驗,他的獨特資格包括提供數據安全咨詢和信息系統審計服務給受人尊敬的政府機構和各種規模的企業。他過去的教學經驗包括在Temple University、Bryant & Stratton College和Cheyney University擔任職位,並且還參與了其他各種培訓課程和講座。

Dr. Davis曾為ITAudit Magazine、ISACA Journal、TechTarget和IT Governance, LTD撰寫有關IT問題的文章,並為Bloomsbury Information撰寫了一章關於持續審計的內容。Dr. Davis還為Boson Software和Pleier Corporation撰寫了工作手冊和其他教學材料。