商品描述
Authoritative resource delivering the professional practice of cybersecurity from the perspective of enterprise governance and risk management.
Stepping Through Cybersecurity Risk Management covers the professional practice of cybersecurity from the perspective of enterprise governance and risk management. Itdescribes the state of the art in cybersecurity risk identification, classification, measurement, remediation, monitoring and reporting. It includes industry standard techniques for examining cybersecurity threat actors, cybersecurity attacks in the context of cybersecurity-related events, technology controls, cybersecurity measures and metrics, cybersecurity issue tracking and analysis, and risk and control assessments.
The text provides precise definitions for information relevant to cybersecurity management decisions and recommendations for collecting and consolidating that information in the service of enterprise risk management. The objective is to enable the reader to recognize, understand, and apply risk-relevant information to the analysis, evaluation, and mitigation of cybersecurity risk. A well-rounded resource, the text describes both reports and studies that improve cybersecurity decision support.
Composed of 10 chapters, the author provides learning objectives, exercises and quiz questions per chapter in an appendix, with quiz answers and exercise grading criteria available to professors.
Written by a highly qualified professional with significant experience in the field, Stepping Through Cybersecurity Risk Management includes information on:
- Threat actors and networks, attack vectors, event sources, security operations, and CISO risk evaluation criteria with respect to this activity
- Control process, policy, standard, procedures, automation, and guidelines, along with risk and control self assessment and compliance with regulatory standards
- Cybersecurity measures and metrics, and corresponding key risk indicators
- The role of humans in security, including the "three lines of defense" approach, auditing, and overall human risk management
- Risk appetite, tolerance, and categories, and analysis of alternative security approaches via reports and studies
Providing comprehensive coverage on the topic of cybersecurity through the unique lens of perspective of enterprise governance and risk management, Stepping Through Cybersecurity Risk Management is an essential resource for professionals engaged in compliance with diverse business risk appetites, as well as regulatory requirements such as FFIEC, HIIPAA, and GDPR, as well as a comprehensive primer for those new to the field.
A complimentary forward by Professor Gene Spafford explains why "This book will be helpful to the newcomer as well as to the hierophants in the C-suite. The newcomer can read this to understand general principles and terms. The C-suite occupants can use the material as a guide to check that their understanding encompasses all it should."
商品描述(中文翻譯)
權威資源,從企業治理和風險管理的角度提供網路安全的專業實踐。
網路安全風險管理入門 從企業治理和風險管理的角度涵蓋了網路安全的專業實踐。它描述了網路安全風險識別、分類、測量、修復、監控和報告的最新技術。內容包括檢查網路安全威脅行為者、網路安全攻擊在網路安全相關事件中的背景、技術控制、網路安全措施和指標、網路安全問題追蹤和分析,以及風險和控制評估的行業標準技術。
本書提供了與網路安全管理決策相關的信息的精確定義,並對收集和整合這些信息以服務於企業風險管理提出建議。其目標是使讀者能夠識別、理解並應用與風險相關的信息,以分析、評估和減輕網路安全風險。這是一個全面的資源,描述了改善網路安全決策支持的報告和研究。
本書由10章組成,作者在附錄中為每章提供學習目標、練習和測驗問題,並向教授提供測驗答案和練習評分標準。
由一位在該領域具有豐富經驗的高素質專業人士撰寫,網路安全風險管理入門 包含以下信息:
- 威脅行為者和網絡、攻擊向量、事件來源、安全操作,以及與此活動相關的CISO風險評估標準
- 控制流程、政策、標準、程序、自動化和指導方針,以及風險和控制自我評估和遵循監管標準
- 網路安全措施和指標,以及相應的關鍵風險指標
- 人類在安全中的角色,包括“三道防線”方法、審計和整體人類風險管理
- 風險偏好、容忍度和類別,以及通過報告和研究分析替代安全方法
網路安全風險管理入門 通過企業治理和風險管理的獨特視角,提供了網路安全主題的全面覆蓋,是從事遵循多樣商業風險偏好以及監管要求(如FFIEC、HIPAA和GDPR)的專業人士的重要資源,同時也是對於新手的全面入門指南。
教授Gene Spafford的免費前言解釋了為什麼「這本書對新手和C-suite的專家都會有幫助。新手可以閱讀這本書以了解一般原則和術語。C-suite的成員可以利用這些材料作為檢查他們理解是否全面的指南。」
作者簡介
Jennifer L. Bayuk is a cybersecurity due diligence expert with a MS in Computer Science and a PhD in Systems Engineering. She has been a Global Financial Services Technology Risk Management Officer, a Wall Street Chief Information Security Officer, a Big 4 Information Risk Management Consultant, a Manager of Information Technology Internal Audit, a Security Architect, a Bell Labs Security Software Engineer, a Professor of Systems Security Engineering, and a Private Cybersecurity Investigator and Expert Witness
作者簡介(中文翻譯)
Jennifer L. Bayuk 是一位網路安全盡職調查專家,擁有計算機科學碩士學位和系統工程博士學位。她曾擔任全球金融服務技術風險管理官、華爾街首席資訊安全官、大四會計師事務所的資訊風險管理顧問、資訊科技內部審計經理、安全架構師、貝爾實驗室安全軟體工程師、系統安全工程教授,以及私人網路安全調查員和專家證人。
