Rational Cybersecurity for Business: The Security Leaders' Guide to Business Alignment

Blum, Dan

  • 出版商: Apress
  • 出版日期: 2020-08-13
  • 售價: $1,550
  • 貴賓價: 9.5$1,473
  • 語言: 英文
  • 頁數: 330
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1484259513
  • ISBN-13: 9781484259511
  • 相關分類: 資訊安全
  • 立即出貨 (庫存=1)

買這商品的人也買了...

商品描述

Use the guidance in this comprehensive field guide to gain the support of your top executives for aligning a rational cybersecurity plan with your business. You will learn how to improve working relationships with stakeholders in complex digital businesses, IT, and development environments. You will know how to prioritize your security program, and motivate and retain your team.

Misalignment between security and your business can start at the top at the C-suite or happen at the line of business, IT, development, or user level. It has a corrosive effect on any security project it touches. But it does not have to be like this.

Author Dan Blum presents valuable lessons learned from interviews with over 70 security and business leaders. You will discover how to successfully solve issues related to: risk management, operational security, privacy protection, hybrid cloud management, security culture and user awareness, and communication challenges.

This book presents six priority areas to focus on to maximize the effectiveness of your cybersecurity program: risk management, control baseline, security culture, IT rationalization, access control, and cyber-resilience. Common challenges and good practices are provided for businesses of different types and sizes. And more than 50 specific keys to alignment are included.

 

What You Will Learn

 

  • Improve your security culture: clarify security-related roles, communicate effectively to businesspeople, and hire, motivate, or retain outstanding security staff by creating a sense of efficacy
  • Develop a consistent accountability model, information risk taxonomy, and risk management framework
  • Adopt a security and risk governance model consistent with your business structure or culture, manage policy, and optimize security budgeting within the larger business unit and CIO organization IT spend
  • Tailor a control baseline to your organization's maturity level, regulatory requirements, scale, circumstances, and critical assets
  • Help CIOs, Chief Digital Officers, and other executives to develop an IT strategy for curating cloud solutions and reducing shadow IT, building up DevSecOps and Disciplined Agile, and more
  • Balance access control and accountability approaches, leverage modern digital identity standards to improve digital relationships, and provide data governance and privacy-enhancing capabilities
  • Plan for cyber-resilience: work with the SOC, IT, business groups, and external sources to coordinate incident response and to recover from outages and come back stronger
  • Integrate your learnings from this book into a quick-hitting rational cybersecurity success plan

 

Who This Book Is For

 

Chief Information Security Officers (CISOs) and other heads of security, security directors and managers, security architects and project leads, and other team members providing security leadership to your business

商品描述(中文翻譯)

使用這本全面的現場指南,以獲得高層主管對於將合理的網絡安全計劃與您的業務相一致的支持。您將學習如何改善與複雜的數字業務、IT和開發環境中的利益相關者的工作關係。您將了解如何優先考慮您的安全計劃,並激勵和留住您的團隊。

安全與業務之間的不協調可能始於高層管理層,也可能發生在業務線、IT、開發或用戶層面。這對任何安全項目都有腐蝕性的影響。但事情不必如此。

作者丹·布魯姆(Dan Blum)通過與70多位安全和業務領導者的訪談,提供了寶貴的經驗教訓。您將發現如何成功解決與風險管理、運營安全、隱私保護、混合雲管理、安全文化和用戶意識以及溝通挑戰相關的問題。

本書提出了六個優先領域,以最大程度地提高您的網絡安全計劃的效力:風險管理、控制基準、安全文化、IT合理化、訪問控制和網絡恢復能力。針對不同類型和規模的企業提供了常見挑戰和良好實踐。並包含了50多個具體的協調關鍵。

您將學到什麼:

- 改善您的安全文化:明確安全相關角色,有效地與業務人員溝通,通過創造效能感來招聘、激勵或留住優秀的安全人員
- 制定一個一致的責任模型、信息風險分類法和風險管理框架
- 採用與您的業務結構或文化一致的安全和風險治理模型,管理政策,在更大的業務單位和CIO組織IT支出中優化安全預算
- 根據組織的成熟度水平、監管要求、規模、情況和關鍵資產,量身定制一個控制基準
- 幫助CIO、首席數字官和其他高管制定IT戰略,以管理雲解決方案和減少陰影IT,建立DevSecOps和紀律敏捷等
- 平衡訪問控制和責任方法,利用現代數字身份標準改善數字關係,提供數據治理和增強隱私能力
- 規劃網絡恢復能力:與SOC、IT、業務群體和外部來源合作,協調事件應對並從故障中恢復並更強大
- 將本書的學習內容整合到快速有效的合理網絡安全成功計劃中

本書適合對業務提供安全領導的首席信息安全官(CISO)和其他安全負責人、安全總監和經理、安全架構師和項目負責人,以及其他團隊成員。

作者簡介

 

 

Dan Blum is an internationally recognized cybersecurity and risk management strategist. He is a former Golden Quill Award-winning VP, Distinguished Analyst at Gartner, Inc., and has served as the de facto head of security for startups and consulting companies. He's advised hundreds of corporations, universities, and government organizations, and currently partners with top media, analyst firms, and clients to produce cybersecurity thought leadership research and to deliver cybersecurity workshops and coaching for security leaders.

 

作者簡介(中文翻譯)

Dan Blum是一位國際知名的資訊安全和風險管理策略師。他曾是Gartner公司的傑出分析師,並榮獲Golden Quill獎,也曾擔任初創公司和諮詢公司的事實上的安全主管。他曾為數百家企業、大學和政府機構提供諮詢服務,目前與頂尖媒體、分析公司和客戶合作,進行資訊安全思想領導力研究,並為安全領導者提供資訊安全工作坊和指導。