Information Security Evaluation: A Holistic Approach from a Business Perspective (Hardcover)

Igli Tashi, Solange Ghernaouti-Helie

  • 出版商: EFPL Press
  • 出版日期: 2021-04-15
  • 售價: $3,150
  • 貴賓價: 9.5$2,993
  • 語言: 英文
  • 頁數: 300
  • 裝訂: Hardcover
  • ISBN: 143987915X
  • ISBN-13: 9781439879153
  • 相關分類: 資訊安全
  • 立即出貨 (庫存=1)

商品描述

Information systems have become a critical element of every organization’s structure. A malfunction of the information and communication technology (ICT) infrastructure can paralyze the whole organization and have disastrous consequences at many levels. On the other hand, modern businesses and organizations collaborate increasingly with companies, customers, and other stakeholders by technological means. This emphasizes the need for a reliable and secure ICT infrastructure for companies whose principal asset and added value is information.

Information Security Evaluation: A Holistic Approach from a Business Perspective proposes a global and systemic multidimensional integrated approach to the holistic evaluation of the information security posture of an organization. The Information Security Assurance Assessment Model (ISAAM) presented in this book is based on, and integrates, a number of information security best practices, standards, methodologies and sources of research expertise, in order to provide a generic model that can be implemented in organizations of all kinds as part of their efforts towards better governing their information security.

This approach will contribute to improving the identification of security requirements, measures and controls. At the same time, it provides a means of enhancing the recognition of evidence related to the assurance, quality and maturity levels of the organization’s security posture, thus driving improved security effectiveness and efficiency. The value added by this evaluation model is that it is easy to implement and operate and that through a coherent system of evaluation it addresses concrete needs in terms of reliance on an efficient and dynamic evaluation tool.

商品描述(中文翻譯)

資訊系統已成為每個組織結構中至關重要的元素。資訊和通訊技術(ICT)基礎設施的故障可能會使整個組織癱瘓,並在多個層面上產生災難性後果。另一方面,現代企業和組織越來越多地通過技術手段與公司、客戶和其他利益相關者合作。這強調了對可靠和安全的ICT基礎設施的需求,對於其主要資產和附加價值是資訊的公司來說尤其如此。

《資訊安全評估:從商業角度的整體方法》提出了一種全球和系統性的多維度綜合方法,用於評估組織的資訊安全狀態。本書中提出的資訊安全保證評估模型(ISAAM)基於並整合了一些資訊安全最佳實踐、標準、方法論和研究專業知識來源,以提供一個通用模型,可在各種組織中實施,作為改善其資訊安全管理努力的一部分。

這種方法將有助於改善對安全需求、措施和控制的識別。同時,它提供了一種增強對組織安全狀態的保證、質量和成熟度水平相關證據的認識的手段,從而推動了安全效能和效率的提升。評估模型的附加價值在於它易於實施和操作,並且通過一個連貫的評估系統,解決了在依賴高效且動態的評估工具方面的具體需求。