相關主題
商品描述
Information Risk and Security explains the complex and diverse sources of risk for any organization and provides clear guidance and strategies to address these threats before they happen, and to investigate them, if and when they do. Edward Wilding focuses particularly on internal IT risk, workplace crime, and the preservation of evidence, because it is these areas that are generally so mismanaged. There is advice on: preventing computer fraud, IP theft and systems sabotage adopting control and security measures that do not hinder business operations but which effectively block criminal access and misuse securing information - in both electronic and hard copy form understanding and countering the techniques by which employees are subverted or entrapped into giving access to systems and processes dealing with catastrophic risk best-practice for monitoring and securing office and wireless networks responding to attempted extortion and malicious information leaks conducting covert operations and forensic investigations securing evidence where computer misuse occurs and presenting this evidence in court and much more. The author's clear and informative style mixes numerous case studies with practical, down-to-earth and easily implemented advice to help everyone with responsibility for this threat to manage it effectively. This is an essential guide for risk and security managers, computer auditors, investigators, IT managers, line managers and non-technical experts; all those who need to understand the threat to workplace computers and information systems.
商品描述(中文翻譯)
《資訊風險與安全》解釋了任何組織面臨的複雜且多樣的風險來源,並提供清晰的指導和策略,以在威脅發生之前解決這些問題,並在威脅發生時進行調查。Edward Wilding 特別關注內部 IT 風險、工作場所犯罪和證據保存,因為這些領域通常管理不善。書中提供的建議包括:
- 預防電腦詐騙、智慧財產權盜竊和系統破壞
- 採取不妨礙業務運作的控制和安全措施,但能有效阻止犯罪訪問和濫用
- 確保資訊安全 - 包括電子和紙本形式
- 理解並對抗員工被引誘或陷入提供系統和流程訪問的技術
- 處理災難性風險
- 監控和保護辦公室及無線網路的最佳實踐
- 回應企圖勒索和惡意資訊洩漏
- 進行秘密行動和法醫調查
- 在電腦濫用發生時保護證據,並在法庭上呈現這些證據,以及更多內容。
作者清晰且具資訊性的風格結合了眾多案例研究與實用、切合實際且易於實施的建議,幫助所有對此威脅負有責任的人有效管理風險。這是風險和安全管理者、電腦審計師、調查員、IT 管理者、直屬經理和非技術專家的必備指南;所有需要了解工作場所電腦和資訊系統威脅的人士。