商品描述
Use this reference for IT security practitioners to get an overview of the major standards and frameworks, and a proposed architecture to meet them. The book identifies and describes the necessary controls and processes that must be implemented in order to secure your organization's infrastructure.
The book proposes a comprehensive approach to the implementation of IT security controls with an easily understandable graphic implementation proposal to comply with the most relevant market standards (ISO 27001, NIST, PCI-DSS, and COBIT) and a significant number of regulatory frameworks from central banks across the World (European Union, Switzerland, UK, Singapore, Hong Kong, India, Qatar, Kuwait, Saudi Arabia, Oman, etc.).
To connect the book with the real world, a number of well-known case studies are featured to explain what went wrong with the biggest hacks of the decade, and which controls should have been in place to prevent them. The book also describes a set of well-known security tools available to support you.
What You Will Learn
- Understand corporate IT security controls, including governance, policies, procedures, and security awareness
- Know cybersecurity and risk assessment techniques such as penetration testing, red teaming, compliance scans, firewall assurance, and vulnerability scans
- Understand technical IT security controls for unmanaged and managed devices, and perimeter controls
- Implement security testing tools such as steganography, vulnerability scanners, session hijacking, intrusion detection, and more
Who This Book Is For
IT security managers, chief information security officers, information security practitioners, and IT auditors will use the book as a reference and support guide to conduct gap analyses and audits of their organizations’ IT security controls implementations.
商品描述(中文翻譯)
使用此參考資料,IT安全從業人員可以獲得主要標準和框架的概述,以及滿足這些標準的建議架構。本書識別並描述了為了保護組織基礎設施而必須實施的必要控制措施和流程。
本書提出了一種全面的方法來實施IT安全控制,並提供了一個易於理解的圖形實施建議,以符合最相關的市場標準(ISO 27001、NIST、PCI-DSS和COBIT)以及來自全球各地中央銀行的大量監管框架(歐盟、瑞士、英國、新加坡、香港、印度、卡塔爾、科威特、沙烏地阿拉伯、阿曼等)。
為了將本書與現實世界聯繫起來,書中介紹了多個知名案例研究,解釋了本十年中最大的駭客事件中發生了什麼錯誤,以及應該實施哪些控制措施來防止這些事件的發生。本書還描述了一組知名的安全工具,以支持讀者。
您將學到的內容
- 了解企業IT安全控制,包括治理、政策、程序和安全意識
- 知曉網絡安全和風險評估技術,如滲透測試、紅隊演練、合規掃描、防火牆保證和漏洞掃描
- 了解針對未管理和已管理設備的技術IT安全控制,以及邊界控制
- 實施安全測試工具,如隱寫術、漏洞掃描器、會話劫持、入侵檢測等
本書適合誰閱讀
IT安全經理、首席信息安全官、信息安全從業人員和IT審計師將使用本書作為參考和支持指南,以進行其組織IT安全控制實施的差距分析和審計。
作者簡介
Virgilio Viegas, CISSP, CCSP, CISM, CISA, CRISC, CEH, has more than 25 years of experience in the banking sector, having worked in Europe, Asia and the Middle East. Currently he is the Group Head of International IT Security in one of the largest financial institutions in the Middle East and Africa with a strong presence across Europe, Africa and Asia.
Virgilio previously worked for more than 20 years for a major Portuguese financial institution, where he participated in the design and implementation of a Internet services reference platform and later developed an information security reference architecture.
While working in Asia, Virgilio developed projects related to information security, compliance, and retail such as Internet banking, ATM and POS network implementation, issuing and acquiring international card schemes, anti-money laundering, customer fingerprint authentication, amongst others. He also supported projects with significant impact in the Timor-Leste financial sector such as the definition of the country International Bank Account Number (IBAN) standard, the implementation of the Real Time Gross Settlement System (RTGS), and the national ATM and POS switch.
Oben Kuyucu, CISSP, CISA, has 15 years of experience in IT security, cybersecurity, governance, risk, compliance, and PCI DSS, as well as other international standards and regulations. Currently, he is an IT Security Governance and Oversight Senior Analyst at one of the largest financial institutions in the Middle East and Africa.
Oben previously worked as Senior Information Security Expert and PCI Qualified Security Assessor (QSA) at a leading information security company in Turkey. He was the first PCI 3DSecure Assessor and one of the first PCI QSAs in Turkey, and he carried out more than 150 IT security-related engagements, mainly related to PCI DSS and ISO 27001 internal audits.
Throughout his career Oben has performed PCI DSS auditing, system administration, design, penetration testing, security analysis, consulting, pre-sales activities and post-sales support for companies in Europe, Asia, and the Middle East. He also has made a significant contribution to many information security projects, including providing support to a PCI SSC Approved Scanning Vendor portal and transforming it into a governance, risk, and compliance vulnerability management tool.
作者簡介(中文翻譯)
Virgilio Viegas,CISSP、CCSP、CISM、CISA、CRISC、CEH,擁有超過25年的銀行業經驗,曾在歐洲、亞洲和中東工作。目前,他是中東和非洲最大金融機構之一的國際IT安全部門負責人,該機構在歐洲、非洲和亞洲擁有強大的業務存在。
Virgilio之前在一家主要的葡萄牙金融機構工作了超過20年,參與設計和實施一個互聯網服務參考平台,並隨後開發了一個信息安全參考架構。
在亞洲工作期間,Virgilio開發了與信息安全、合規性和零售相關的項目,例如網上銀行、ATM和POS網絡實施、發行和收單國際卡計劃、反洗錢、客戶指紋身份驗證等。他還支持了對東帝汶金融部門有重大影響的項目,例如定義該國的國際銀行賬戶號碼(IBAN)標準、實施實時全額結算系統(RTGS)以及國家ATM和POS交換系統。
Oben Kuyucu,CISSP、CISA,擁有15年的IT安全、網絡安全、治理、風險、合規性和PCI DSS等國際標準和法規的經驗。目前,他是中東和非洲最大金融機構之一的IT安全治理和監督高級分析師。
Oben之前在土耳其一家領先的信息安全公司擔任高級信息安全專家和PCI合格安全評估師(QSA)。他是土耳其第一位PCI 3DSecure評估師,也是第一批PCI QSA之一,執行了超過150個與IT安全相關的項目,主要涉及PCI DSS和ISO 27001內部審計。
在他的職業生涯中,Oben執行了PCI DSS審計、系統管理、設計、滲透測試、安全分析、諮詢、售前活動和售後支持,服務於歐洲、亞洲和中東的公司。他還對許多信息安全項目做出了重要貢獻,包括為PCI SSC批准的掃描供應商門戶提供支持,並將其轉變為治理、風險和合規性漏洞管理工具。
