The New School of Information Security (Paperback)

Adam Shostack, Andrew Stewart

  • 出版商: Addison Wesley
  • 出版日期: 2008-04-05
  • 定價: $1,225
  • 售價: 2.4$299
  • 語言: 英文
  • 頁數: 288
  • 裝訂: Paperback
  • ISBN: 0321814908
  • ISBN-13: 9780321814906
  • 相關分類: 資訊安全
  • 立即出貨

商品描述

It is about time that a book like The New School came along. The age of security as pure technology is long past, and modern practitioners need to understand the social and cognitive aspects of security if they are to be successful. Shostack and Stewart teach readers exactly what they need to know--I just wish I could have had it when I first started out.”

--David Mortman, CSO-in-Residence Echelon One, former CSO Siebel Systems

 

Why is information security so dysfunctional? Are you wasting the money you spend on security? This book shows how to spend it more effectively. How can you make more effective security decisions? This book explains why professionals have taken to studying economics, not cryptography--and why you should, too. And why security breach notices are the best thing to ever happen to information security. It’s about time someone asked the biggest, toughest questions about information security. Security experts Adam Shostack and Andrew Stewart don’t just answer those questions--they offer honest, deeply troubling answers. They explain why these critical problems exist and how to solve them. Drawing on powerful lessons from economics and other disciplines, Shostack and Stewart offer a new way forward. In clear and engaging prose, they shed new light on the critical challenges that are faced by the security field. Whether you’re a CIO, IT manager, or security specialist, this book will open your eyes to new ways of thinking about--and overcoming--your most pressing security challenges. The New School enables you to take control, while others struggle with non-stop crises.

  • Better evidence for better decision-making
    Why the security data you have doesn’t support effective decision-making--and what to do about it
  • Beyond security “silos”: getting the job done together
    Why it’s so hard to improve security in isolation--and how the entire industry can make it happen and evolve
  • Amateurs study cryptography; professionals study economics
    What IT security leaders can and must learn from other scientific fields
  • A bigger bang for every buck
    How to re-allocate your scarce resources where they’ll do the most good

商品描述(中文翻譯)

《新學校》的問世真是時候到了。純粹以技術為基礎的安全時代已經過去,現代的從業人員需要了解安全的社會和認知層面,才能取得成功。Shostack和Stewart教讀者們所需的知識,我只希望我在剛開始時就能擁有這本書。

--David Mortman, Echelon One的CSO-in-Residence,前Siebel Systems的CSO

為什麼資訊安全如此失效?你花在安全上的錢是不是浪費了?這本書展示了如何更有效地使用這些資金。你如何做出更有效的安全決策?這本書解釋了為什麼專業人士開始學習經濟學而不是密碼學,以及為什麼你也應該這麼做。還有為什麼安全違規通知是資訊安全領域最好的事情。終於有人提出了關於資訊安全的最大、最棘手的問題。安全專家Adam Shostack和Andrew Stewart不僅回答了這些問題,還提供了誠實而深刻令人不安的答案。他們解釋了為什麼存在這些關鍵問題以及如何解決它們。Shostack和Stewart借鑒了經濟學和其他學科的重要教訓,提供了一種新的前進方式。他們以清晰而引人入勝的文字,為安全領域面臨的重大挑戰帶來了新的光明。無論您是CIO、IT經理還是安全專家,這本書都將讓您對思考和克服最迫切的安全挑戰有新的見解。《新學校》讓您掌握主動權,而其他人則在不斷的危機中掙扎。

- 更好的證據支持更好的決策
為什麼您擁有的安全數據不支持有效的決策,以及如何解決這個問題

- 超越安全的“孤立島”:共同完成工作
為什麼在孤立環境中改善安全如此困難,以及整個行業如何實現這一目標並發展

- 業餘者學習密碼學,專業人士學習經濟學
IT安全領導者可以並且必須從其他科學領域學習的內容

- 每一筆資金都能產生更大的效益
如何重新分配有限的資源,使其發揮最大的作用