Managing Risk and Information Security: Protect to Enable

Malcolm W. Harkins

  • 出版商: Apress
  • 出版日期: 2016-08-11
  • 售價: $1,780
  • 貴賓價: 9.5$1,691
  • 語言: 英文
  • 頁數: 187
  • 裝訂: Paperback
  • ISBN: 1484214560
  • ISBN-13: 9781484214565
  • 相關分類: 資訊安全
  • 海外代購書籍(需單獨結帳)

商品描述

This updated version describes, at a high level, the evolving enterprise security landscape and provides guidance for a management-level audience about how to manage and survive risk. While based primarily on the author’s experience and insights at major companies where he has served as CISO and CSPO, the book also includes many examples from other well-known companies.

Managing Risk and Information Security provides thought leadership in the increasingly important area of enterprise information risk and security. It describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology not only for internal operations but increasing as a part of product or service creation, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk.

This edition discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities and offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies―such as social media and the huge proliferation of Internet-enabled devices―while minimizing risk.

What You'll Learn

  • Learn how enterprise risk and security requirements are changing, and why a new approach to risk and security management is needed
  • Learn how people perceive risk and the effects it has on information security
  • Learn why different perceptions of risk within an organization matters, and why it is necessary to understand and reconcile these views
  • Learn the principles of enterprise information security governance and decision-making, and the other groups they need to need to work with
  • Learn the impact of new technologies on information security, and gain insights into how to safely enable the use of new technologies
Who This Book Is For

The primary audience is CIOs and other IT leaders, CISOs and other information security leaders, IT auditors, and other leaders of corporate governance and risk functions. The secondary audience is CEOs, board members, privacy professionals, and less senior-level information security and risk professionals.

"Harkins’ logical, methodical approach as a CISO to solving the most complex cybersecurity problems is reflected in the lucid style of this book. His enlightened approach to intelligence-based security infrastructure and risk mitigation is our best path forward if we are ever to realize the vast potential of the innovative digital world we are creating while reducing the threats to manageable levels. The author shines a light on that path in a comprehensive yet very readable way." ―Art Coviello, Former CEO and Executive Chairman, RSA


商品描述(中文翻譯)

這本更新版的書籍以高層次的描述,介紹了不斷演變的企業安全風景,並為管理層提供了如何管理和應對風險的指導。雖然主要基於作者在擔任CISO和CSPO的大型公司的經驗和見解,但該書還包含了許多其他知名公司的例子。

《Managing Risk and Information Security》在企業信息風險和安全領域提供了思想領導力。它描述了風險環境的變化以及為何需要一種新的信息安全方法。由於企業的幾乎每個方面現在都依賴於技術,不僅用於內部運營,而且作為產品或服務創建的一部分,IT安全的重點必須從鎖定資產轉向在管理和應對風險的同時促進業務。

這本書討論了更廣泛的商業風險,包括隱私和監管考慮因素。它描述了威脅和漏洞的增加,並提供了開發解決方案的策略。其中包括討論企業如何利用新興技術(如社交媒體和大量的互聯網設備)的同時最大限度地減少風險。

你將學到什麼:
- 了解企業風險和安全需求的變化,以及為何需要一種新的風險和安全管理方法
- 了解人們對風險的感知以及其對信息安全的影響
- 了解組織內不同對風險的感知為何重要,以及為何需要理解和調和這些觀點
- 了解企業信息安全治理和決策的原則,以及他們需要與其他團體合作
- 了解新技術對信息安全的影響,並獲得如何安全地使用新技術的見解

這本書的主要讀者是CIO和其他IT領導者、CISO和其他信息安全領導者、IT審計師以及企業治理和風險職能的其他領導者。次要讀者包括CEO、董事會成員、隱私專業人員以及較低級別的信息安全和風險專業人員。

"哈金斯作為CISO在解決最複雜的網絡安全問題上的邏輯、有條理的方法反映在這本書的清晰風格中。他對基於情報的安全基礎設施和風險緩解的開明方法是我們實現創新數字世界的最佳途徑,同時減少可管理的威脅。作者以全面而易讀的方式為我們指引了這條道路。" - Art Coviello,前RSA首席執行官和執行主席