相關主題
商品描述
This updated version describes, at a high level, the evolving enterprise security landscape and provides guidance for a management-level audience about how to manage and survive risk. While based primarily on the author’s experience and insights at major companies where he has served as CISO and CSPO, the book also includes many examples from other well-known companies.
Managing Risk and Information Security provides thought leadership in the increasingly important area of enterprise information risk and security. It describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology not only for internal operations but increasing as a part of product or service creation, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk.
This edition discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities and offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies―such as social media and the huge proliferation of Internet-enabled devices―while minimizing risk.
What You'll Learn
- Learn how enterprise risk and security requirements are changing, and why a new approach to risk and security management is needed
- Learn how people perceive risk and the effects it has on information security
- Learn why different perceptions of risk within an organization matters, and why it is necessary to understand and reconcile these views
- Learn the principles of enterprise information security governance and decision-making, and the other groups they need to need to work with
- Learn the impact of new technologies on information security, and gain insights into how to safely enable the use of new technologies
The primary audience is CIOs and other IT leaders, CISOs and other information security leaders, IT auditors, and other leaders of corporate governance and risk functions. The secondary audience is CEOs, board members, privacy professionals, and less senior-level information security and risk professionals.
"Harkins’ logical, methodical approach as a CISO to solving the most complex cybersecurity problems is reflected in the lucid style of this book. His enlightened approach to intelligence-based security infrastructure and risk mitigation is our best path forward if we are ever to realize the vast potential of the innovative digital world we are creating while reducing the threats to manageable levels. The author shines a light on that path in a comprehensive yet very readable way." ―Art Coviello, Former CEO and Executive Chairman, RSA
商品描述(中文翻譯)
這個更新版本從高層次描述了不斷演變的企業安全環境,並為管理層提供了有關如何管理和應對風險的指導。雖然主要基於作者在擔任主要公司的首席資訊安全官(CISO)和首席安全隱私官(CSPO)時的經驗和見解,但本書也包含了許多來自其他知名公司的例子。
《管理風險與資訊安全》在企業資訊風險和安全這一日益重要的領域提供了思想領導。它描述了不斷變化的風險環境以及為什麼需要對資訊安全採取新的方法。由於幾乎每個企業的各個方面現在都依賴於技術,不僅用於內部運營,還越來越多地成為產品或服務創造的一部分,因此IT安全的重點必須從鎖定資產轉向在管理和應對風險的同時促進業務。
本版從更廣泛的角度討論商業風險,包括隱私和法規考量。它描述了不斷增加的威脅和漏洞,並提供了開發解決方案的策略。這些策略包括討論企業如何利用新興技術——例如社交媒體和大量的互聯網設備——同時最小化風險。
您將學到的內容:
- 了解企業風險和安全需求如何變化,以及為什麼需要新的風險和安全管理方法
- 了解人們如何感知風險及其對資訊安全的影響
- 了解組織內不同的風險感知為什麼重要,以及為什麼有必要理解和調和這些觀點
- 了解企業資訊安全治理和決策的原則,以及他們需要合作的其他團體
- 了解新技術對資訊安全的影響,並獲得如何安全啟用新技術的見解
本書的讀者對象:
主要讀者是首席資訊官(CIO)及其他IT領導者、首席資訊安全官(CISO)及其他資訊安全領導者、IT審計員以及其他企業治理和風險職能的領導者。次要讀者是首席執行官(CEO)、董事會成員、隱私專業人士以及較低級別的資訊安全和風險專業人士。
「哈金斯作為CISO以邏輯和有條理的方法解決最複雜的網絡安全問題,體現在本書清晰的風格中。他對基於情報的安全基礎設施和風險緩解的開明方法,是我們在創造的創新數位世界中實現巨大潛力的最佳途徑,同時將威脅降低到可管理的水平。作者以全面而易讀的方式照亮了這條道路。」——阿特·科維耶洛,前RSA首席執行官及執行主席
