Securing an It Organization Through Governance, Risk Management, and Audit
暫譯: 透過治理、風險管理與審計保障IT組織安全

Name: Securing an It Organization Through Governance, Risk Management, and Audit
Price: 2233 TWD
Availability: OnlineOnly
Author: Sigler, Ken E., Rainey, III
ISBN: 0367658658

Sigler, Ken E., Rainey, III

出版商: Auerbach Publication
出版日期: 2020-09-30
售價: $2,350
貴賓價: 9.5 折 $2,233
語言: 英文
頁數: 368
裝訂: Quality Paper - also called trade paper
ISBN: 0367658658
ISBN-13: 9780367658656
相關分類: GAN 生成對抗網絡

海外代購書籍(需單獨結帳)

商品描述

Past events have shed light on the vulnerability of mission-critical computer systems at highly sensitive levels. It has been demonstrated that common hackers can use tools and techniques downloaded from the Internet to attack government and commercial information systems. Although threats may come from mischief makers and pranksters, they are more likely to result from hackers working in concert for profit, hackers working under the protection of nation states, or malicious insiders.

Securing an IT Organization through Governance, Risk Management, and Audit introduces two internationally recognized bodies of knowledge: Control Objectives for Information and Related Technology (COBIT 5) from a cybersecurity perspective and the NIST Framework for Improving Critical Infrastructure Cybersecurity (CSF). Emphasizing the processes directly related to governance, risk management, and audit, the book provides details of a cybersecurity framework (CSF), mapping each of the CSF steps and activities to the methods defined in COBIT 5. This method leverages operational risk understanding in a business context, allowing the information and communications technology (ICT) organization to convert high-level enterprise goals into manageable, specific goals rather than unintegrated checklist models.

The real value of this methodology is to reduce the knowledge fog that frequently engulfs senior business management, and results in the false conclusion that overseeing security controls for information systems is not a leadership role or responsibility but a technical management task. By carefully reading, implementing, and practicing the techniques and methodologies outlined in this book, you can successfully implement a plan that increases security and lowers risk for you and your organization.

商品描述(中文翻譯)

過去的事件揭示了在高度敏感層級上，任務關鍵的電腦系統的脆弱性。已經證明，普通駭客可以使用從互聯網下載的工具和技術來攻擊政府和商業資訊系統。雖然威脅可能來自惡作劇者和玩笑者，但更有可能是來自為了獲利而協同工作的駭客、在國家保護下工作的駭客，或是惡意的內部人員。

《透過治理、風險管理和審計來保護IT組織》介紹了兩個國際公認的知識體系：從網路安全的角度看，資訊及相關技術控制目標（COBIT 5）和改善關鍵基礎設施網路安全的NIST框架（CSF）。本書強調與治理、風險管理和審計直接相關的過程，提供了一個網路安全框架（CSF）的詳細資訊，將每個CSF步驟和活動映射到COBIT 5中定義的方法。這種方法利用了在商業背景下對操作風險的理解，使資訊和通信技術（ICT）組織能夠將高層企業目標轉化為可管理的具體目標，而不是不整合的檢查清單模型。

這種方法論的真正價值在於減少經常籠罩在高層商業管理中的知識迷霧，並導致錯誤的結論，即監督資訊系統的安全控制不是領導角色或責任，而是一項技術管理任務。通過仔細閱讀、實施和練習本書中概述的技術和方法論，您可以成功實施一個計劃，為您和您的組織提高安全性並降低風險。

作者簡介

Ken Sigler is a faculty member of the Computer Information Systems (CIS) program at the Auburn Hills Michigan campus of Oakland Community College and the chair of the Campus Senate. His primary research is in the area of software management, software assurance, and cybersecurity. He has authored several books on the topic of cybersecurity ICT management and developed the college's CIS program option Information Technologies for Homeland Security, which has a recognized relationship with the Committee on National Security Systems. Sigler serves as the liaison for the college as one of three founding members of the International Cybersecurity Education Coalition (ICSEC), which is now the Midwest chapter for CISSE.

James L. Rainey, III, DMIT, is an IT specialist with the U.S. government where he works on technical project documentation within the SDLC. Dr. Rainey holds an MS degree in computer and information systems and did a tour with the Department of Defense where he earned a citation for his work. Dr. Rainey has also worked as a UNIX system administrator, SAP basis administrator, and enterprise and infrastructure architect. Additionally, he worked at Comerica Bank's Data Center in Auburn Hills, Michigan, as a developer and taught at the University of Detroit Mercy's Computer and Information Systems Department for 10 years as an adjunct.

作者簡介(中文翻譯)

肯·西格勒是奧克蘭社區學院（Oakland Community College）位於密西根州奧本山校區的計算機資訊系統（CIS）計畫的教職員，並擔任校園參議會主席。他的主要研究領域包括軟體管理、軟體保證和網路安全。他著有幾本關於網路安全資訊與通訊技術（ICT）管理的書籍，並開發了學院的CIS計畫選項「國土安全資訊技術」，該選項與國家安全系統委員會（Committee on National Security Systems）有著公認的關係。西格勒作為國際網路安全教育聯盟（International Cybersecurity Education Coalition, ICSEC）的三位創始成員之一，擔任學院的聯絡人，該聯盟現在是CISSE的中西部分會。

詹姆斯·L·雷尼三世（James L. Rainey, III, DMIT）是美國政府的IT專家，負責在軟體開發生命週期（SDLC）內進行技術專案文件的工作。雷尼博士擁有計算機與資訊系統的碩士學位，曾在國防部工作，並因其工作獲得表彰。雷尼博士還曾擔任UNIX系統管理員、SAP基礎管理員以及企業和基礎設施架構師。此外，他曾在密西根州奧本山的Comerica銀行數據中心擔任開發人員，並在底特律慈悲大學（University of Detroit Mercy）的計算機與資訊系統系擔任兼任講師達10年。