The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Second Edition
暫譯: 安全風險評估手冊:執行安全風險評估的完整指南(第二版)
Landoll, Douglas
相關主題
商品描述
Conducted properly, information security risk assessments provide managers with the feedback needed to understand threats to corporate assets, determine vulnerabilities of current controls, and select appropriate safeguards. Performed incorrectly, they can provide the false sense of security that allows potential threats to develop into disastrous losses of proprietary information, capital, and corporate value.
Picking up where its bestselling predecessor left off, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Second Edition gives you detailed instruction on how to conduct a risk assessment effectively and efficiently. Supplying wide-ranging coverage that includes security risk analysis, mitigation, and risk assessment reporting, this updated edition provides the tools needed to solicit and review the scope and rigor of risk assessment proposals with competence and confidence.
Trusted to assess security for leading organizations and government agencies, including the CIA, NSA, and NATO, Douglas Landoll unveils the little-known tips, tricks, and techniques used by savvy security professionals in the field. He details time-tested methods to help you:
- Better negotiate the scope and rigor of security assessments
- Effectively interface with security assessment teams
- Gain an improved understanding of final report recommendations
- Deliver insightful comments on draft reports
The book includes charts, checklists, and sample reports to help you speed up the data gathering, analysis, and document development process. Walking you through the process of conducting an effective security assessment, it provides the tools and up-to-date understanding you need to select the security measures best suited to your organization.
商品描述(中文翻譯)
適當進行的資訊安全風險評估能夠為管理者提供所需的反饋,以了解對企業資產的威脅、確定當前控制措施的脆弱性,並選擇適當的保護措施。如果執行不當,則可能會產生虛假的安全感,使潛在威脅發展成為災難性的專有資訊、資本和企業價值的損失。
在其暢銷前作的基礎上,《安全風險評估手冊:執行安全風險評估的完整指南,第二版》為您提供了如何有效且高效地進行風險評估的詳細指導。這本更新版涵蓋了安全風險分析、緩解和風險評估報告等廣泛內容,提供了所需的工具,以便能夠有能力和信心地徵求和審查風險評估提案的範圍和嚴謹性。
道格拉斯·蘭多爾(Douglas Landoll)受信於評估包括CIA、NSA和NATO在內的領先組織和政府機構的安全,揭示了資深安全專業人士在現場使用的鮮為人知的技巧和技術。他詳細說明了經過時間考驗的方法,幫助您:
- 更好地協商安全評估的範圍和嚴謹性
- 有效地與安全評估團隊進行互動
- 更深入地理解最終報告的建議
- 對草稿報告提供有見地的評論
本書包括圖表、檢查清單和範本報告,以幫助您加快數據收集、分析和文檔開發的過程。它引導您完成有效安全評估的過程,提供您選擇最適合您組織的安全措施所需的工具和最新理解。
作者簡介
Douglas Landoll has nearly two decades of information security experience. He has led security risk assessments and established security programs for top corporations and government agencies. He is an expert in security risk assessment, security risk management, security criteria, and building corporate security programs. His background includes evaluating security at the National Security Agency (NSA), North Atlantic Treaty Organization (NATO), Central Intelligence Agency (CIA), and other government agencies; co-founding the Arca Common Criteria Testing Laboratory, co-authoring the systems security engineering capability maturity model (SSE-CMM); teaching at NSA's National Cryptologic School; and running the southwest security services division for Exodus Communications.
Mr. Landoll is currently the president of Veridyn, a provider of network security solutions. He is a certified information systems security professional (CISSP) and certified information systems auditor (CISA). He holds a BS degree from James Madison University and an MBA from the University of Texas at Austin. He has published numerous information security articles, speaks regularly at conferences, and serves as an advisor for several high-tech companies.
作者簡介(中文翻譯)
道格拉斯·蘭多爾擁有近二十年的資訊安全經驗。他曾為頂尖企業和政府機構主導安全風險評估並建立安全計畫。他是安全風險評估、安全風險管理、安全標準以及建立企業安全計畫的專家。他的背景包括在國家安全局(NSA)、北大西洋公約組織(NATO)、中央情報局(CIA)及其他政府機構評估安全;共同創立阿卡共同標準測試實驗室(Arca Common Criteria Testing Laboratory);共同撰寫系統安全工程能力成熟度模型(SSE-CMM);在NSA的國家密碼學學校授課;以及負責Exodus Communications的西南安全服務部門。
蘭多爾先生目前是Veridyn的總裁,該公司提供網路安全解決方案。他是認證資訊系統安全專業人員(CISSP)和認證資訊系統審計師(CISA)。他擁有詹姆斯·麥迪遜大學的學士學位及德克薩斯大學奧斯汀分校的MBA學位。他發表了多篇資訊安全文章,定期在會議上演講,並擔任多家高科技公司的顧問。
