相關主題
商品描述
Security practitioners must be able to build cost-effective security programs while also complying with government regulations. Information Security Governance Simplified: From the Boardroom to the Keyboard lays out these regulations in simple terms and explains how to use control frameworks to build an air-tight information security (IS) program and governance structure.
Defining the leadership skills required by IS officers, the book examines the pros and cons of different reporting structures and highlights the various control frameworks available. It details the functions of the security department and considers the control areas, including physical, network, application, business continuity/disaster recover, and identity management.
Todd Fitzgerald explains how to establish a solid foundation for building your security program and shares time-tested insights about what works and what doesn't when building an IS program. Highlighting security considerations for managerial, technical, and operational controls, it provides helpful tips for selling your program to management. It also includes tools to help you create a workable IS charter and your own IS policies. Based on proven experience rather than theory, the book gives you the tools and real-world insight needed to secure your information while ensuring compliance with government regulations.
商品描述(中文翻譯)
安全從業人員必須能夠建立具成本效益的安全計劃,同時遵守政府法規。《資訊安全治理簡化:從董事會到鍵盤》以簡單的術語闡述這些法規,並解釋如何使用控制框架來建立一個無懈可擊的資訊安全(IS)計劃和治理結構。
本書定義了資訊安全官所需的領導技能,探討了不同報告結構的優缺點,並突顯了各種可用的控制框架。它詳細說明了安全部門的功能,並考慮了控制領域,包括物理安全、網路安全、應用程式安全、業務持續性/災難恢復以及身份管理。
Todd Fitzgerald 解釋了如何為建立您的安全計劃奠定堅實的基礎,並分享了經過時間考驗的見解,告訴您在建立 IS 計劃時什麼有效、什麼無效。強調管理、技術和操作控制的安全考量,提供了向管理層推銷您的計劃的有用提示。它還包括幫助您創建可行的 IS 章程和您自己的 IS 政策的工具。這本書基於經驗而非理論,為您提供了保護資訊所需的工具和現實世界的見解,同時確保遵守政府法規。
作者簡介
Todd Fitzgerald, CISSP, CISA, CISM, CIPM, CIPP/US, CIPP/E, CIPP/C, CGEIT, CRISC, PMP, ISO27000, and ITILv3 certified, is Managing Director and CISO of CISO Spotlight, LLC.
Todd has built and led multiple Fortune 500/large company information security programs for 20 years across multiple industries, named 2016-17 Chicago CISO of the Year by AITP, ISSA, ISACA, Infragard and SIM, ranked Top 50 Information Security Executive, and Information Security Executive (ISE) Award Finalist, and named Ponemon Institute Fellow. Fitzgerald coauthored with Micki Krause the first professional organization Chief Information Security Officer book, CISO Leadership: Essential Principles for Success (Auerbach, 2008). Todd also authored Information Security Governance Simplified: From the Boardroom to the Keyboard (Auerbach, 2012), and co-authored Certified Chief Information Security Officer Body of Knowledge (E-C Council, 2014), and has contributed to over a dozen others. Fitzgerald has participated in the development of materials for the Official (ISC)2 Guide to the CISSP CBK, Information Security Handbook Series, ISACA COBIT 5 for Information Security, and ISACA CSX Cybersecurity Fundamentals.
Fitzgerald is a top-rated RSA Conference speaker and is frequently called upon to present at international, national and local conferences for Information Systems Audit and Control Association (ISACA), Information Systems security Association (ISSA), Management Information Systems Training Institute (MISTI), COSAC, Centers for Medicare and Medicaid Services, T.E.N., and others. Fitzgerald serves on the HIPAA Collaborative of Wisconsin Board of Directors (2002-present), Milwaukee Area Technical College Security Advisory Board, and University of Wisconsin-La Crosse College of Business Administration Board of Advisors.
Prior senior leadership includes SVP, CAO Information Security Northern Trust, Global CISO Grant Thornton International, Ltd, Global CISO ManpowerGroup, Medicare Security Officer/External Audit Oversight WellPoint (now Anthem) Blue Cross Blue Shield-National Government Services, CISO North & Latin America Zeneca/Syngenta and senior Information Technology leadership positions with IMS Health, and American Airlines. Todd earned a B.S. in Business Administration from the University of Wisconsin-La Crosse and Master Business Administration with highest honors from Oklahoma State University.
作者簡介(中文翻譯)
托德·菲茨傑拉德(Todd Fitzgerald),擁有CISSP、CISA、CISM、CIPM、CIPP/US、CIPP/E、CIPP/C、CGEIT、CRISC、PMP、ISO27000和ITILv3等多項認證,現任CISO Spotlight, LLC的董事總經理及首席資訊安全官。
托德在多個行業中建立並領導了多個《財富》500強/大型公司的資訊安全計畫,擁有20年的經驗,曾被AITP、ISSA、ISACA、Infragard和SIM評選為2016-17年芝加哥年度CISO,並被評為前50名資訊安全高管,獲得資訊安全高管(ISE)獎項決賽入圍者,並被任命為Ponemon Institute Fellow。菲茨傑拉德與米基·克勞斯(Micki Krause)共同撰寫了第一本專業組織首席資訊安全官的書籍《CISO Leadership: Essential Principles for Success》(Auerbach, 2008)。托德還撰寫了《Information Security Governance Simplified: From the Boardroom to the Keyboard》(Auerbach, 2012),並共同撰寫了《Certified Chief Information Security Officer Body of Knowledge》(E-C Council, 2014),並為十多本其他書籍做出了貢獻。菲茨傑拉德參與了《Official (ISC)2 Guide to the CISSP CBK》、《Information Security Handbook Series》、《ISACA COBIT 5 for Information Security》和《ISACA CSX Cybersecurity Fundamentals》的材料開發。
菲茨傑拉德是RSA Conference的高評價演講者,經常受邀在國際、國家和地方的會議上發表演講,包括資訊系統審計與控制協會(ISACA)、資訊系統安全協會(ISSA)、管理資訊系統培訓學院(MISTI)、COSAC、醫療保險和醫療補助服務中心、T.E.N.等。菲茨傑拉德擔任威斯康辛州HIPAA合作組織董事會成員(2002年至今)、密爾瓦基地區技術學院安全諮詢委員會成員,以及威斯康辛大學拉克羅斯商學院顧問委員會成員。
他之前的高層領導職位包括北信託(Northern Trust)資訊安全的高級副總裁(SVP)、首席行政官(CAO)、格蘭特·索恩頓國際有限公司(Grant Thornton International, Ltd)的全球CISO、萬寶華集團(ManpowerGroup)的全球CISO、WellPoint(現為安森保險)藍十字藍盾的醫療保險安全官/外部審計監督、Zeneca/Syngenta的北美及拉丁美洲CISO,以及IMS Health和美國航空的高級資訊科技領導職位。托德在威斯康辛大學拉克羅斯獲得商業管理學士學位,並在俄克拉荷馬州立大學獲得最高榮譽的工商管理碩士學位。
