Enterprise Cybersecurity Study Guide: How to Build a Successful Cyberdefense Program Against Advanced Threats
暫譯: 企業網路安全學習指南:如何建立成功的網路防禦計畫以對抗進階威脅
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam
相關主題
商品描述
Use the methodology in this study guide to design, manage, and operate a balanced enterprise cybersecurity program that is pragmatic and realistic in the face of resource constraints and other real-world limitations. This guide is an instructional companion to the book Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats. The study guide will help you understand the book’s ideas and put them to work. The guide can be used for self-study or in the classroom.
Enterprise cybersecurity is about implementing a cyberdefense program that will succeed in defending against real-world attacks. While we often know what should be done, the resources to do it often are not sufficient. The reality is that the Cybersecurity Conundrum―what the defenders request, what the frameworks specify, and what the budget allows versus what the attackers exploit―gets in the way of what needs to be done. Cyberattacks in the headlines affecting millions of people show that this conundrum fails more often than we would prefer.
Cybersecurity professionals want to implement more than what control frameworks specify, and more than what the budget allows. Ironically, another challenge is that even when defenders get everything that they want, clever attackers are extremely effective at finding and exploiting the gaps in those defenses, regardless of their comprehensiveness. Therefore, the cybersecurity challenge is to spend the available budget on the right protections, so that real-world attacks can be thwarted without breaking the bank.
People involved in or interested in successful enterprise cybersecurity can use this study guide to gain insight into a comprehensive framework for coordinating an entire enterprise cyberdefense program.
- Know the methodology of targeted attacks and why they succeed
- Master the cybersecurity risk management process
- Understand why cybersecurity capabilities are the foundation of effective cyberdefenses
- Organize a cybersecurity program's policy, people, budget, technology, and assessment
- Assess and score a cybersecurity program
- Report cybersecurity program status against compliance and regulatory frameworks
- Use the operational processes and supporting information systems of a successful cybersecurity program
- Create a data-driven and objectively managed cybersecurity program
- Discover how cybersecurity is evolving and will continue to evolve over the next decade
Who This Book Is For
Those involved in or interested in successful enterprise cybersecurity (e.g., business professionals, IT professionals, cybersecurity professionals, and students). This guide can be used in a self-study mode. The book can be used by students to facilitate note-taking in the classroom and by Instructors to develop classroom presentations based on the contents of the original book, Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats.
商品描述(中文翻譯)
使用本學習指南中的方法論來設計、管理和運營一個平衡的企業網絡安全計劃,該計劃在資源限制和其他現實世界的限制下是務實且現實的。本指南是書籍《企業網絡安全:如何建立成功的網絡防禦計劃以對抗先進威脅》的教學伴侶。學習指南將幫助您理解書中的理念並付諸實踐。該指南可用於自學或在課堂上使用。
企業網絡安全是關於實施一個能夠成功防禦現實世界攻擊的網絡防禦計劃。雖然我們通常知道應該做什麼,但實施這些措施所需的資源往往不足。現實情況是,網絡安全難題——防禦者的要求、框架的規定以及預算的限制與攻擊者所利用的漏洞之間的矛盾——妨礙了必要工作的進行。影響數百萬人的網絡攻擊新聞顯示,這一難題的失敗頻率超出了我們的預期。
網絡安全專業人士希望實施的措施超出控制框架的規定,並超出預算的限制。諷刺的是,另一個挑戰是,即使防禦者獲得了他們想要的一切,聰明的攻擊者仍然能夠非常有效地找到並利用這些防禦中的漏洞,無論其防禦措施多麼全面。因此,網絡安全的挑戰在於將可用的預算花在正確的保護措施上,以便在不破產的情況下挫敗現實世界的攻擊。
參與或對成功的企業網絡安全感興趣的人士可以使用本學習指南來深入了解協調整個企業網絡防禦計劃的綜合框架。
您將學到的內容:
- 知道針對性攻擊的方法論及其成功的原因
- 精通網絡安全風險管理過程
- 理解為何網絡安全能力是有效網絡防禦的基礎
- 組織網絡安全計劃的政策、團隊、預算、技術和評估
- 評估和打分網絡安全計劃
- 報告網絡安全計劃的狀態以符合合規和監管框架
- 使用成功網絡安全計劃的運營流程和支持信息系統
- 創建一個數據驅動和客觀管理的網絡安全計劃
- 發現網絡安全如何演變以及在未來十年將如何繼續演變
本書適合對象:
那些參與或對成功的企業網絡安全感興趣的人(例如,商業專業人士、IT專業人士、網絡安全專業人士和學生)。本指南可用於自學模式。學生可以使用本書來促進課堂筆記,而講師則可以根據原書《企業網絡安全:如何建立成功的網絡防禦計劃以對抗先進威脅》的內容開發課堂演示。
