相關主題
商品描述
IT and cybersecurity teams have had a long-standing battle between functionality and security. But why? To understand where the problem lies, this book will explore the different job functions, goals, relationships, and other factors that may impact how IT and cybersecurity teams interact. With different levels of budget, competing goals, and a history of lack of communication, there is a lot of work to do to bring these teams together. Empathy and emotional intelligence are common phenomena discussed in leadership books, so why not at the practitioner level? Technical teams are constantly juggling projects, engineering tasks, risk management activities, security configurations, remediating audit findings, and the list goes on. Understanding how psychology and human factors engineering practices can improve both IT and cybersecurity teams can positively impact those relationships, as well as strengthen both functionality and security. There is no reason to have these teams at odds or competing for their own team's mission; align the missions, and align the teams. The goal is to identify the problems in your own team or organization and apply the principles within to improve how teams communicate, collaborate, and compromise. Each organization will have its own unique challenges but following the question guide will help to identify other technical gaps horizontally or vertically.
商品描述(中文翻譯)
IT和資訊安全團隊一直以來都在功能性和安全性之間進行著長期的鬥爭。但為什麼會這樣呢?為了了解問題所在,本書將探討不同的工作職能、目標、關係和其他可能影響IT和資訊安全團隊互動的因素。由於預算不同、目標相互競爭以及缺乏溝通的歷史,需要做很多工作來使這些團隊走到一起。同理心和情商是領導力書籍中常討論的現象,那為什麼在從業者層面上不討論呢?技術團隊不斷地在專案、工程任務、風險管理活動、安全配置、整改審計發現等方面進行平衡。了解心理學和人因工程實踐如何改善IT和資訊安全團隊,可以積極影響這些關係,同時加強功能性和安全性。沒有理由讓這些團隊對立或為自己團隊的使命而競爭;對齊使命,對齊團隊。目標是識別自己團隊或組織中的問題,並應用其中的原則來改善團隊之間的溝通、合作和妥協。每個組織都會面臨自己獨特的挑戰,但遵循問題指南將有助於識別其他水平或垂直上的技術差距。
作者簡介
作者簡介(中文翻譯)
Nikki Robinson在白天是一位安全架構師,晚上則是一位兼職教授,她擁有一個Cybersecurity的DSc學位,以及包括CISSP在內的多個行業認證。在約3年前轉入安全領域之前,她在IT運營方面擁有超過10年的經驗。她一直在研究漏洞鏈接的概念,並正在攻讀一個結合心理和技術方面以改善安全計劃的人因學博士學位。預計第二個博士學位將於2021年12月完成。她熱衷於教授和指導他人有關風險管理、網絡防禦策略和DFIR的知識。她目前是IBM的安全架構師,並在持續監控、風險管理、數字取證和事件應對方面具有技術經驗。她曾在多個會議上就各種主題發表演講,包括人因安全工程、惡意網站圖形化和DevSecOps。