Information Security Policies, Procedures, and Standards: A Practitioner's Reference
            
暫譯: 資訊安全政策、程序與標準:實務參考手冊
        
        Douglas J. Landoll
- 出版商: Auerbach Publication
- 出版日期: 2016-05-05
- 售價: $6,980
- 貴賓價: 9.5 折 $6,631
- 語言: 英文
- 頁數: 254
- 裝訂: Hardcover
- ISBN: 1482245892
- ISBN-13: 9781482245899
- 
    相關分類:
    
      Penetration-test
 
海外代購書籍(需單獨結帳)
商品描述
Information Security Policies, Procedures, and Standards: A Practitioner's Reference gives you a blueprint on how to develop effective information security policies and procedures. It uses standards such as NIST 800-53, ISO 27001, and COBIT, and regulations such as HIPAA and PCI DSS as the foundation for the content. Highlighting key terminology, policy development concepts and methods, and suggested document structures, it includes examples, checklists, sample policies and procedures, guidelines, and a synopsis of the applicable standards.
The author explains how and why procedures are developed and implemented rather than simply provide information and examples. This is an important distinction because no two organizations are exactly alike; therefore, no two sets of policies and procedures are going to be exactly alike. This approach provides the foundation and understanding you need to write effective policies, procedures, and standards clearly and concisely.
Developing policies and procedures may seem to be an overwhelming task. However, by relying on the material presented in this book, adopting the policy development techniques, and examining the examples, the task will not seem so daunting. You can use the discussion material to help sell the concepts, which may be the most difficult aspect of the process. Once you have completed a policy or two, you will have the courage to take on even more tasks. Additionally, the skills you acquire will assist you in other areas of your professional and private life, such as expressing an idea clearly and concisely or creating a project plan.
商品描述(中文翻譯)
《資訊安全政策、程序與標準:實務參考手冊》提供了一個如何制定有效資訊安全政策和程序的藍圖。它以 NIST 800-53、ISO 27001 和 COBIT 等標準,以及 HIPAA 和 PCI DSS 等法規作為內容的基礎。書中強調了關鍵術語、政策發展概念和方法,以及建議的文件結構,並包含範例、檢查清單、範本政策和程序、指導方針,以及適用標準的概要。
作者解釋了程序是如何以及為什麼被開發和實施,而不僅僅是提供資訊和範例。這是一個重要的區別,因為沒有兩個組織是完全相同的;因此,沒有兩套政策和程序會完全相同。這種方法提供了撰寫有效政策、程序和標準所需的基礎和理解,使其清晰且簡潔。
制定政策和程序可能看起來是一項艱鉅的任務。然而,通過依賴本書中提供的材料、採用政策發展技術以及檢視範例,這項任務將不會顯得那麼令人生畏。您可以利用討論材料來幫助推銷這些概念,這可能是過程中最具挑戰性的方面。一旦您完成了一兩個政策,您將有勇氣承擔更多的任務。此外,您所獲得的技能將幫助您在專業和私人生活的其他領域,例如清晰且簡潔地表達想法或創建項目計劃。

 
     
     
    
 
     
     
     
     
     
     
     
     
     
     
     
     
     
     
    