Information Security Governance Simplified: From the Boardroom to the Keyboard (Hardcover)
暫譯: 資訊安全治理簡化:從董事會到鍵盤

Todd Fitzgerald

  • 出版商: CRC
  • 出版日期: 2011-12-20
  • 售價: $7,000
  • 貴賓價: 9.5$6,650
  • 語言: 英文
  • 頁數: 431
  • 裝訂: Hardcover
  • ISBN: 1439811636
  • ISBN-13: 9781439811634
  • 相關分類: 資訊安全
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

相關主題

商品描述

Security practitioners must be able to build cost-effective security programs while also complying with government regulations. Information Security Governance Simplified: From the Boardroom to the Keyboard lays out these regulations in simple terms and explains how to use control frameworks to build an air-tight information security (IS) program and governance structure.

Defining the leadership skills required by IS officers, the book examines the pros and cons of different reporting structures and highlights the various control frameworks available. It details the functions of the security department and considers the control areas, including physical, network, application, business continuity/disaster recover, and identity management.

Todd Fitzgerald explains how to establish a solid foundation for building your security program and shares time-tested insights about what works and what doesn’t when building an IS program. Highlighting security considerations for managerial, technical, and operational controls, it provides helpful tips for selling your program to management. It also includes tools to help you create a workable IS charter and your own IS policies. Based on proven experience rather than theory, the book gives you the tools and real-world insight needed to secure your information while ensuring compliance with government regulations.

商品描述(中文翻譯)

安全從業人員必須能夠建立具成本效益的安全計劃,同時遵守政府法規。《資訊安全治理簡化:從董事會到鍵盤》以簡單的術語闡述這些法規,並解釋如何使用控制框架來建立一個無懈可擊的資訊安全(IS)計劃和治理結構。

本書定義了資訊安全官所需的領導技能,探討了不同報告結構的優缺點,並突顯了各種可用的控制框架。它詳細說明了安全部門的功能,並考慮了控制領域,包括物理安全、網路安全、應用程式安全、業務持續性/災難恢復以及身份管理。

Todd Fitzgerald 解釋了如何為建立您的安全計劃奠定堅實的基礎,並分享了經過時間考驗的見解,告訴您在建立資訊安全計劃時什麼有效、什麼無效。強調管理、技術和操作控制的安全考量,提供了向管理層推銷您的計劃的有用建議。它還包括幫助您創建可行的資訊安全章程和您自己的資訊安全政策的工具。這本書基於經驗而非理論,為您提供了保護資訊所需的工具和現實世界的見解,同時確保遵守政府法規。