Understand, Manage, and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program 2/e
暫譯: 理解、管理與衡量網路風險:建立可持續網路計畫的實用解決方案(第二版)
Leirvik, Ryan
- 出版商: Apress
- 出版日期: 2023-06-14
- 售價: $2,230
- 貴賓價: 9.5 折 $2,119
- 語言: 英文
- 頁數: 220
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1484293185
- ISBN-13: 9781484293188
-
相關分類:
企業資源規劃 Erp、管理與領導 Management-leadership、資訊安全
海外代購書籍(需單獨結帳)
相關主題
商品描述
When it comes to managing cybersecurity in an organization, most organizations tussle with basic foundational components. This practitioner's guide lays down those foundational components, with real client examples and pitfalls to avoid.
A plethora of cybersecurity management resources are available--many with sound advice, management approaches, and technical solutions--but few with one common theme that pulls together management and technology, with a focus on executive oversight. Author Ryan Leirvik helps solve these common problems by providing a clear, easy-to-understand, and easy-to-deploy "playbook" for a cyber risk management approach applicable to your entire organization.
This second edition provides tools and methods in a straight-forward, practical manner to guide the management of a cybersecurity program. Expanded sections include the critical integration of cyber risk management into enterprise risk management, the important connection between a Software Bill of Materials and Third-party Risk Programs, and additional "how to" tools and material for mapping frameworks to controls.
Praise for Understand, Manage, and Measure Cyber Risk
What lies ahead of you in the pages of this book? Clean practicality, not something that just looks good on paper--brittle and impractical when exposed to the real world. I prize flexibility and simplicity instead of attempting to have answers for everything and the rigidity that results. This simplicity is what I find valuable within Ryan's book. Tim Collyer, Motorola Solutions
It seems that I have found a kindred spirit--a builder who has worked with a wide variety of client CISOs on their programs, gaining a deep understanding of how a successful and sustainable program should be constructed. Ryan's cyber work in the US Department of Defense, his McKinsey & Company consulting, and his advisory and survey work with IANS give him a unique global view of our shared passion. Nicholas J. Mankovich, PhD, MS, CISPP
Who This Book Is For
CISOs, CROs, CIOs, directors of risk management, and anyone struggling to pull together frameworks or basic metrics to quantify uncertainty and address risk
商品描述(中文翻譯)
當談到組織中的網絡安全管理時,大多數組織都在基本的基礎組件上掙扎。本實務指南闡述了這些基礎組件,並提供了真實客戶的範例和應避免的陷阱。
有大量的網絡安全管理資源可供使用——許多提供了合理的建議、管理方法和技術解決方案——但很少有一個共同主題將管理和技術結合在一起,並專注於高層監督。作者 Ryan Leirvik 通過提供一個清晰、易於理解且易於部署的「行動手冊」,幫助解決這些常見問題,該手冊適用於整個組織的網絡風險管理方法。
本書的第二版以直接、實用的方式提供工具和方法,以指導網絡安全計劃的管理。擴展的部分包括將網絡風險管理與企業風險管理的關鍵整合、軟體材料清單(Software Bill of Materials)與第三方風險計劃之間的重要聯繫,以及額外的「如何做」工具和材料,用於將框架映射到控制措施。
對《理解、管理和衡量網絡風險》的讚譽
「這本書的頁面中等待著你的是什麼?乾淨的實用性,而不是僅僅在紙上看起來不錯的東西——在現實世界中脆弱且不切實際。我重視靈活性和簡單性,而不是試圖對所有事情都有答案所帶來的僵化。這種簡單性是我在 Ryan 的書中所發現的價值所在。」——Tim Collyer,摩托羅拉解決方案
「看來我找到了志同道合的靈魂——一位與各種客戶的首席資訊安全官(CISO)合作的建設者,深入了解成功且可持續的計劃應如何構建。Ryan 在美國國防部的網絡工作、他在麥肯錫公司的諮詢經驗,以及他與 IANS 的顧問和調查工作,讓他對我們共同的熱情有著獨特的全球視野。」——Nicholas J. Mankovich,博士,碩士,CISPP
本書適合誰
首席資訊安全官(CISO)、首席風險官(CRO)、首席資訊官(CIO)、風險管理主管,以及任何在整合框架或基本指標以量化不確定性和應對風險方面掙扎的人。
作者簡介
Ryan Leirvik is a cybersecurity professional who has spent the better part of two decades enhancing information security programs at the world's largest institutions. With considerable US government and commercial sector experience, Ryan has employed his professional passion for cybersecurity at almost every level within an organization.
A frequent speaker on the topic of information security, Ryan fields several questions on "How do I make sure I have a sustainable cyber program?" This book was written to help answer that question.
Ryan has been the CEO of a cybersecurity research and development company, Chief of Staff and Associate Director of Cyber for the US Department of Defense, and a cybersecurity strategy consultant with McKinsey & Company. Ryan's technology career started at IBM, and he has a master of IT degree from Virginia Tech, an MBA from Case Western Reserve University, as well as a bachelor of science from Purdue University. Ryan is also on the faculty at IANS.
作者簡介(中文翻譯)
Ryan Leirvik 是一位網路安全專業人士,擁有近二十年的經驗,致力於提升全球最大機構的信息安全計劃。Ryan 在美國政府和商業部門擁有豐富的經驗,他在組織內幾乎每個層級都發揮了對網路安全的專業熱情。
Ryan 經常在信息安全主題上發表演講,並經常被問到「我該如何確保擁有一個可持續的網路計劃?」這本書就是為了幫助回答這個問題而寫的。
Ryan 曾擔任網路安全研究與開發公司的首席執行官、美國國防部的幕僚長及網路副主任,以及麥肯錫公司的網路安全策略顧問。Ryan 的科技職業生涯始於 IBM,他擁有維吉尼亞理工大學的資訊科技碩士學位、凱斯西儲大學的工商管理碩士學位,以及普渡大學的理學學士學位。Ryan 目前也是 IANS 的教職員。
