商品描述
This book examines the cybersecurity phenomenon, looking at the folklore, the hype, and the behaviour of its practitioners. A central theme is that the management of cybersecurity needs to be owned by the people running the organisation, rather than by the cybersecurity team, who frequently don't have management as a core skill. In order to effect that change, managers need to have the background and detail to challenge what they are being told, enabling them to engage in a way that will result in more appropriate outcomes for the business. This book provides that background and detail. It debunks a number of cyber-myths, and calls out basic errors in the accepted thinking on cyber. The content is strongly rooted in available research and presented in an accessible manner, with a number of business-related case studies. Each chapter in the book takes a theme such as end-user behaviours and compares the available evidence with what the industry would like to have its customers believe. The conclusion is that there is definitely a problem, and we certainly need cyber defences. Just not the ones the industry is currently selling.
商品描述(中文翻譯)
本書探討了網絡安全現象,關注其民間傳說、炒作和從業人員的行為。其中一個核心主題是,網絡安全的管理應由組織的管理層擁有,而不是由網絡安全團隊擁有,後者通常並不具備管理技能。為了實現這種變革,管理者需要具備背景知識和細節,以挑戰他們所聽到的信息,使他們能夠以更適合企業的方式參與其中。本書提供了這種背景知識和細節。它揭穿了一些網絡安全的神話,指出了在網絡安全領域中被廣泛接受的思維中的基本錯誤。內容基於現有的研究,以易於理解的方式呈現,並包含了一些與業務相關的案例研究。本書的每一章節都以一個主題,如終端用戶行為,將可用的證據與業界希望客戶相信的內容進行比較。結論是,網絡安全確實存在問題,我們當然需要網絡防禦。只是目前業界所推銷的防禦方式並不是最適合的。
作者簡介
Peter Fagan has been working in the information security industry for well over twenty years, in a variety of roles and environments. About eight years ago, he asked himself the question "why isn't this working?". After all, if we're selling security, surely after a while there ought to be less of a need for it? Asking that question kicked off a journey of personal research, academic research, and the hands-on practical implementation of contemporary approaches, based on the way people actually behave rather than the way security teams would like them to behave. That journey ultimately led to this book, which presents the argument that an industry focused on profit is more concerned with selling compliance than it is with selling protection. Along the way, the author draws upon formal business knowledge gained through an MBA and an MSc in organisational psychology.
作者簡介(中文翻譯)
Peter Fagan在資訊安全行業工作超過二十年,擔任過多種角色並在不同環境中工作。大約八年前,他問自己一個問題:「為什麼這不起作用?」畢竟,如果我們在賣安全性,那麼過了一段時間後應該不再需要這麼多安全性了吧?提出這個問題開啟了他的個人研究之旅,包括學術研究和實際操作當代方法,這些方法基於人們實際行為而非安全團隊希望他們表現的方式。這個旅程最終導致了這本書的誕生,書中提出了一個觀點,即以利潤為重心的行業更關注的是出售合規性而非保護性。在這個過程中,作者借鑒了他通過MBA和組織心理學碩士學位所獲得的正式商業知識。
