相關主題
商品描述
This book tackles the problem of complexity within IT environments, i.e., Cybercomplexity, which is generally recognized as a principal source of cybersecurity risk. The book first defines complexity and simplifies its analysis by assuming a probabilistic approach to security risk management. It then proposes a simple model of cybercomplexity that is based on Shannon entropy, a basic concept in information theory. The key drivers of cybercomplexity emerge from this model, where these drivers reveal the scale-dependence of cybersecurity risk and explain why macroscopic security controls are required to address cybersecurity risk on an enterprise scale. The significant operational implications of cybercomplexity are also discussed, thereby providing both a theoretical framework and a practical guide to addressing this longstanding problem in cybersecurity risk management.
商品描述(中文翻譯)
本書探討了IT環境中的複雜性問題,即網絡複雜性,這被普遍認為是網絡安全風險的主要來源。本書首先對複雜性進行了定義,並通過假設一種概率方法來簡化其分析,提出了一個基於Shannon熵的簡單的網絡複雜性模型,Shannon熵是信息理論中的一個基本概念。網絡複雜性的關鍵驅動因素從這個模型中浮現出來,這些驅動因素揭示了網絡安全風險的尺度依賴性,並解釋了為什麼需要宏觀安全控制來應對企業尺度的網絡安全風險。本書還討論了網絡複雜性的重要操作影響,從而提供了一個理論框架和實踐指南,以應對網絡安全風險管理中的這個長期存在的問題。
作者簡介
Carl S. Young has held senior security-related positions in the US government, the financial sector, consulting, and academia. He is the author of four previous reference books on science applied to security risk management as well as numerous technical papers. He has been an adjunct professor at the John Jay College of Criminal Justice and is the co-founder of Consilience 360, a security risk consulting firm located in New York City. Mr. Young earned undergraduate and graduate degrees in mathematics and physics from the Massachusetts Institute of Technology (MIT).
作者簡介(中文翻譯)
Carl S. Young在美國政府、金融業、諮詢和學術界擔任過高級安全相關職位。他是四本以科學應用於安全風險管理為主題的參考書籍的作者,並發表過許多技術論文。他曾任教於約翰傑伊刑事司法學院,並是位於紐約市的安全風險諮詢公司Consilience 360的共同創辦人。Young先生在麻省理工學院(MIT)獲得了數學和物理學的學士和碩士學位。
