Information Security Planning: A Practical Approach

Lincke, Susan

  • 出版商: Springer
  • 出版日期: 2024-01-17
  • 售價: $2,380
  • 貴賓價: 9.5$2,261
  • 語言: 英文
  • 頁數: 445
  • 裝訂: Hardcover - also called cloth, retail trade, or trade
  • ISBN: 3031431170
  • ISBN-13: 9783031431173
  • 相關分類: 資訊安全
  • 海外代購書籍(需單獨結帳)

相關主題

商品描述

This book demonstrates how information security requires a deep understanding of an organization's assets, threats and processes, combined with the technology that can best protect organizational security. It provides step-by-step guidance on how to analyze business processes from a security perspective, while also introducing security concepts and techniques to develop the requirements and design for security technologies. This interdisciplinary book is intended for business and technology audiences, at student or experienced levels.

Organizations must first understand the particular threats that an organization may be prone to, including different types of security attacks, social engineering, and fraud incidents, as well as addressing applicable regulation and security standards. This international edition covers Payment Card Industry Data Security Standard (PCI DSS), American security regulation, and European GDPR. Developing a risk profile helps to estimate the potential costs that an organization may be prone to, including how much should be spent on security controls.

Security planning then includes designing information security, as well as network and physical security, incident response and metrics. Business continuity considers how a business may respond to the loss of IT service. Optional areas that may be applicable include data privacy, cloud security, zero trust, secure software requirements and lifecycle, governance, introductory forensics, and ethics.

This book targets professionals in business, IT, security, software development or risk. This text enables computer science, information technology, or business students to implement a case study for an industry of their choosing.

.

商品描述(中文翻譯)

本書展示了資訊安全需要對組織的資產、威脅和流程有深入的了解,並結合最佳的技術來保護組織的安全。它提供了逐步指導,教導如何從安全角度分析業務流程,同時介紹安全概念和技術,以制定安全技術的需求和設計。這本跨學科的書籍適用於學生和有經驗的商業和技術讀者。

組織首先必須了解可能面臨的特定威脅,包括不同類型的安全攻擊、社交工程和欺詐事件,並解決適用的法規和安全標準。本國際版涵蓋了支付卡行業數據安全標準(PCI DSS)、美國安全法規和歐洲GDPR。制定風險概況有助於估計組織可能面臨的潛在成本,包括應該在安全控制上花費多少。

安全規劃包括設計資訊安全、網絡和物理安全、事件應對和指標。業務連續性考慮了企業如何應對IT服務的損失。可能適用的選擇性領域包括數據隱私、雲安全、零信任、安全軟件需求和生命周期、治理、入門取證和倫理。

本書針對商業、IT、安全、軟件開發或風險領域的專業人士。這本教材使計算機科學、信息技術或商業學生能夠為自己選擇的行業實施案例研究。

作者簡介

Susan Lincke PhD is a Certified Information Systems Auditor with both industry and academic experience, able to know what is important in industry and how to teach it. Materials were funded by a National Science Foundation grant, where students planned security for real community partners.

作者簡介(中文翻譯)

Susan Lincke博士是一位具有行業和學術經驗的認證資訊系統審計師,能夠了解行業中的重要事項以及如何教授相關知識。這些教材是由國家科學基金會的資助所提供,學生們在該計劃中為真實社區合作夥伴規劃了安全措施。