Risk Management for Computer Security: Protecting Your Network & Information Assets (電腦安全風險管理:保護您的網路與資訊資產)

Andy Jones, Debi Ashenden

  • 出版商: Butterworth-Heineman
  • 出版日期: 2005-03-01
  • 售價: $2,210
  • 貴賓價: 9.5$2,100
  • 語言: 英文
  • 頁數: 296
  • 裝訂: Paperback
  • ISBN: 0750677953
  • ISBN-13: 9780750677950
  • 相關分類: 資訊安全
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

相關主題

商品描述

Description:

The information systems security (InfoSec) profession remains one of the fastest growing professions in the world today. With the advent of the Internet and its use as a method of conducting business, even more emphasis is being placed on InfoSec. However, there is an expanded field of threats that must be addressed by today's InfoSec and information assurance (IA) professionals.
Operating within a global business environment with elements of a virtual workforce can create problems not experienced in the past. How do you assess the risk to the organization when information can be accessed, remotely, by employees in the field or while they are traveling internationally? How do you assess the risk to employees who are not working on company premises and are often thousands of miles from the office? How do you assess the risk to your organization and its assets when you have offices or facilities in a nation whose government may be supporting the theft of the corporate "crown jewels" in order to assist their own nationally owned or supported corporations? If your risk assessment and management program is to be effective, then these issues must be assessed.
Personnel involved in the risk assessment and management process face a much more complex environment today than they have ever encountered before.
This book covers more than just the fundamental elements that make up a good risk program. It provides an integrated "how to" approach to implementing a corporate program, complete with tested methods and processes; flowcharts; and checklists that can be used by the reader and immediately implemented into a computer and overall corporate security program. The challenges are many and this book will help professionals in meeting their challenges as we progress through the 21st Century.

 

Table of Contents:

Section I: An Introduction to Risk Management: Introduction to the Theories of Risk Management; The Changing Environment; The Art of Managing Risks; Section II: The Threat Assessment Process: Threat Assessment and its Input to Risk Assessment; Threat Assessment Method; Example Threat Assessment; Section III: Vulnerability Issues: Operating System Vulnerabilities; Application Vulnerabilities; Public Domain or COTS?; Connectivity and Dependence; Section IV: The Risk Process: What is Risk Assessment?; Risk Analysis; Who is Responsible?; Section V:/Tools and Types of Risk Assessment: Qualitative versus Quantitative; The Policies, Procedures, Plans and Processes of Risk Management; Tools and Techniques; Integrated Risk Management; The Future of the Risk Management

商品描述(中文翻譯)

描述:
資訊系統安全(InfoSec)專業仍然是當今世界上增長最快的職業之一。隨著網際網路的興起及其作為商業運作方式的使用,對於InfoSec的重視程度更是與日俱增。然而,當今的InfoSec和資訊保障(IA)專業人員必須面對一個擴大的威脅領域。 在全球商業環境中運作,並擁有虛擬工作團隊的元素,可能會產生過去未曾遇到的問題。當資訊可以被在外地工作的員工或國際旅行的員工遠端訪問時,您如何評估對組織的風險?當員工不在公司場所工作,且常常距離辦公室數千英里時,您如何評估對員工的風險?當您的組織及其資產在一個可能支持竊取企業「皇冠珠寶」的國家擁有辦公室或設施,以協助其國有或受支持的企業時,您如何評估風險?如果您的風險評估和管理計劃要有效,那麼這些問題必須被評估。參與風險評估和管理過程的工作人員今天面臨的環境比以往任何時候都要複雜。這本書不僅涵蓋了構成良好風險計劃的基本要素,還提供了一個綜合的「如何做」的方法來實施企業計劃,並附有經過測試的方法和流程;流程圖;以及可供讀者使用並立即實施到計算機和整體企業安全計劃中的檢查清單。挑戰重重,這本書將幫助專業人士在進入21世紀的過程中應對這些挑戰。

目錄:
第一部分:風險管理簡介:風險管理理論介紹;變化的環境;風險管理的藝術;第二部分:威脅評估過程:威脅評估及其對風險評估的輸入;威脅評估方法;範例威脅評估;第三部分:脆弱性問題:作業系統脆弱性;應用程式脆弱性;公共領域或商用現成產品(COTS)?;連接性和依賴性;第四部分:風險過程:什麼是風險評估?;風險分析;誰負責?;第五部分:風險評估的工具和類型:定性與定量;風險管理的政策、程序、計劃和流程;工具和技術;綜合風險管理;風險管理的未來。