Boardroom Cybersecurity: A Director's Guide to Mastering Cybersecurity Fundamentals
暫譯: 董事會網路安全:主管掌握網路安全基礎的指南
Weis, Dan
相關主題
商品描述
This book delves into the critical realm of cyber security, specifically focusing on the ever-present threats that can cripple your organization. We will dissect real-world attacks methods and mitigation strategies, analyze industry and regulatory requirements as they impact your boardroom decisions, and expose the vulnerabilities that leave organizations susceptible to data breaches.
But why should cyber security be a top priority for CEOs, directors, and board members? A successful cyber-attack can be catastrophic. Beyond financial losses, data breaches can erode customer trust, damage brand reputation, disrupt critical operations, and even lead to legal ramifications for the board and for directors, such as regulatory fines and lawsuits.
This book empowers you to make informed decisions for your organization regarding cyber risk. We will equip you to not only understand the evolving threat landscape and the potential impact of an attack, but also to proactively reduce and mitigate those risks. This knowledge will ensure you fulfill your reporting obligations and demonstrate strong corporate governance in the face of ever-present cyber threats.
The digital age presents immense opportunities, but it also demands a heightened awareness of cyber security risks. This book is your roadmap to navigating this complex landscape, understanding your obligations as a director or board member, and ensuring your organization remains secure and thrives in this increasingly digital world.
What You Will Learn:
- Typical methods employed by cybercriminal gangs.
- Board and management responsibilities and obligations.
- Common governance principles and standards.
- What are the cybersecurity frameworks and how do they work together?
- Best practices for developing a cybersecurity strategy.
- Understanding penetration testing reports and compliance audits.
- Tips for reading and understanding the audit report.
Who This Book is for:
Boards, directors, and management who have a responsibility over cyber security and ensuring cyber resilience for their organization.
商品描述(中文翻譯)
這本書深入探討了網路安全的關鍵領域,特別專注於可能使您的組織陷入困境的持續威脅。我們將剖析現實世界中的攻擊方法和緩解策略,分析行業和法規要求如何影響您的董事會決策,並揭示使組織易受數據洩露影響的脆弱性。
那麼,為什麼網路安全應該成為執行長、董事和董事會成員的首要任務呢?一次成功的網路攻擊可能是災難性的。除了財務損失外,數據洩露還可能侵蝕客戶信任、損害品牌聲譽、干擾關鍵業務運作,甚至導致董事會和董事面臨法律後果,例如監管罰款和訴訟。
這本書使您能夠就網路風險為您的組織做出明智的決策。我們將幫助您不僅理解不斷演變的威脅環境及攻擊的潛在影響,還能主動減少和緩解這些風險。這些知識將確保您履行報告義務,並在面對持續存在的網路威脅時展現強有力的公司治理。
數位時代帶來了巨大的機遇,但也要求對網路安全風險有更高的警覺性。這本書是您在這個複雜環境中導航的路線圖,幫助您理解作為董事或董事會成員的義務,並確保您的組織在這個日益數位化的世界中保持安全並蓬勃發展。
您將學到的內容:
- 網路犯罪團夥所採用的典型方法。
- 董事會和管理層的責任與義務。
- 常見的治理原則和標準。
- 網路安全框架是什麼,它們如何協同運作?
- 制定網路安全策略的最佳實踐。
- 理解滲透測試報告和合規審核。
- 閱讀和理解審核報告的技巧。
本書適合對網路安全負有責任並確保其組織網路韌性的董事會、董事和管理層。
作者簡介
Dan Weis is the Penetration Testing Practice Lead at Nexon Asia Pacific. Dan has over 30 years' experience in I.T, in a range of different industries, and was one of the first 10 people in the world to become a Certified Ethical Hacker.
Dan also has over 18.5+ years of Penetration Testing and Red Team experience with attributed 0day vulnerabilities in SCADA/Control Systems software. Dan heads up Nexon's team of Cyber Security Experts, leading Red and Blue Teams on Offensive and Defensive Cyber Operations to proactively assess company and government networks to increase their security posture and not become the next "headline".
Earning the nickname "The General" as a result of his multitude of industry qualifications, Daniel also holds an additional 22 industry certifications. In his spare time Daniel undertakes research on the cybercrime underground, facilitates training sessions for budding ethical hackers, is a regular on the speaker circuit presenting on all things Infosec & Dark web, and has presented at over 80 conferences and events over the last 5 years.
Dan also has appearances on Television and Radio and has a number of published resources including books, magazine articles, newspaper appearances, online posts and YouTube videos, and is an active participant in a variety of renowned security and industry programs. Dan has authored the book "Hack Proof Yourself! The essential guide to securing your digital world," and co-authored the book Learn Social Engineering that has received BookAuthority's best books of all time award.
作者簡介(中文翻譯)
丹·韋斯(Dan Weis)是Nexon亞太區的滲透測試實踐負責人。丹在資訊科技領域擁有超過30年的經驗,涵蓋多個不同的行業,並且是全球首批10位獲得認證的道德駭客(Certified Ethical Hacker)之一。
丹在滲透測試和紅隊(Red Team)方面擁有超過18.5年的經驗,並在SCADA/控制系統軟體中發現了多個0day漏洞。丹負責領導Nexon的網路安全專家團隊,帶領紅隊和藍隊進行攻擊性和防禦性網路作戰,主動評估公司和政府的網路安全狀況,以提高其安全性,避免成為下一個「頭條新聞」。
由於擁有眾多行業資格,丹獲得了「將軍」(The General)的綽號,並持有額外的22項行業認證。在空閒時間,丹進行有關網路犯罪地下市場的研究,為有志成為道德駭客的人舉辦培訓課程,並經常在資訊安全和暗網相關的演講活動中發表演講,過去五年來參加了超過80場會議和活動。
丹也曾在電視和廣播中露面,並擁有多部出版資源,包括書籍、雜誌文章、報紙專欄、網上文章和YouTube視頻,並積極參與各種知名的安全和行業計劃。丹著有《保護自己!保護數位世界的必備指南》(Hack Proof Yourself! The essential guide to securing your digital world),並共同撰寫了《學習社會工程學》(Learn Social Engineering),該書獲得了BookAuthority的最佳書籍獎。
