相關主題
商品描述
This book explores the strategic decisions made by organizations when implementing cybersecurity controls and leveraging economic models and theories from the economics of information security and risk-management frameworks.
Based on unique and distinct research completed within the field of risk-management and information security, this book provides insight into organizational risk-management processes utilized in determining cybersecurity investments. It describes how theoretical models and frameworks rely on either specific scenarios or controlled conditions and how decisions on cybersecurity spending within organizations--specifically, the funding available in comparison to the recommended security measures necessary for compliance--vary depending on stakeholders. As the trade-off between the costs of implementing a security measure and the benefit derived from the implementation of security controls is not easily measured, a business leader's decision to fund security measures may be biased. The author presents an innovative approach to assess cybersecurity initiatives with a risk-management perspective and leverages a data-centric focus on the evolution of cyber-attacks.
This book is ideal for business school students and technology professionals with an interest in risk management.
商品描述(中文翻譯)
本書探討組織在實施網路安全控制時所做的戰略決策,以及如何利用資訊安全經濟學和風險管理框架中的經濟模型和理論。
基於在風險管理和資訊安全領域完成的獨特且明確的研究,本書提供了有關組織風險管理流程的見解,這些流程用於決定網路安全投資。它描述了理論模型和框架如何依賴於特定情境或受控條件,以及組織內部對網路安全支出的決策——特別是可用資金與為遵循合規所需的安全措施之間的比較——如何因利益相關者而異。由於實施安全措施的成本與從安全控制中獲得的效益之間的權衡不易衡量,商業領導者對資助安全措施的決策可能會存在偏見。作者提出了一種創新的方法,從風險管理的角度評估網路安全倡議,並利用以數據為中心的焦點來分析網路攻擊的演變。
本書非常適合對風險管理感興趣的商學院學生和科技專業人士。
作者簡介
Tara Kissoon is a multi-certified IT Risk & Security Leader with more than 20 years of experience in technology and 13 years of experience in the financial services industry. She brings continued success to technology, IT risk and information security programmes and projects within large organizations. She is acknowledged as a leader, security architect and trusted advisor with a talent for working with cross-functional teams to achieve short- and long-term business objectives.
作者簡介(中文翻譯)
Tara Kissoon 是一位多重認證的 IT 風險與安全領導者,擁有超過 20 年的技術經驗及 13 年的金融服務業經驗。她在大型組織中為技術、IT 風險和資訊安全計劃及專案帶來持續的成功。她被認可為領導者、安全架構師和受信賴的顧問,擅長與跨功能團隊合作,以實現短期和長期的商業目標。
