商品描述
Use this reference for IT security practitioners to get an overview of the major standards and frameworks, and a proposed architecture to meet them. The book identifies and describes the necessary controls and processes that must be implemented in order to secure your organization's infrastructure.
The book proposes a comprehensive approach to the implementation of IT security controls with an easily understandable graphic implementation proposal to comply with the most relevant market standards (ISO 27001, NIST, PCI-DSS, and COBIT) and a significant number of regulatory frameworks from central banks across the World (European Union, Switzerland, UK, Singapore, Hong Kong, India, Qatar, Kuwait, Saudi Arabia, Oman, etc.).
To connect the book with the real world, a number of well-known case studies are featured to explain what went wrong with the biggest hacks of the decade, and which controls should have been in place to prevent them. The book also describes a set of well-known security tools available to support you.
What You Will Learn
- Understand corporate IT security controls, including governance, policies, procedures, and security awareness
- Know cybersecurity and risk assessment techniques such as penetration testing, red teaming, compliance scans, firewall assurance, and vulnerability scans
- Understand technical IT security controls for unmanaged and managed devices, and perimeter controls
- Implement security testing tools such as steganography, vulnerability scanners, session hijacking, intrusion detection, and more
Who This Book Is For
IT security managers, chief information security officers, information security practitioners, and IT auditors will use the book as a reference and support guide to conduct gap analyses and audits of their organizations’ IT security controls implementations.
商品描述(中文翻譯)
使用這本書作為IT安全從業人員的參考,可以獲得主要標準和框架的概述,以及滿足這些標準的建議架構。該書確定並描述了必須實施的必要控制和流程,以保護組織的基礎設施安全。
該書提出了一種全面的方法來實施IT安全控制,並提供了易於理解的圖形實施建議,以符合最重要的市場標準(ISO 27001、NIST、PCI-DSS和COBIT),以及來自世界各地中央銀行的大量監管框架(歐盟、瑞士、英國、新加坡、香港、印度、卡塔爾、科威特、沙特阿拉伯、阿曼等)。
為了將書與現實世界聯繫起來,書中還介紹了一些著名的案例研究,以解釋本十年最大的黑客攻擊出了什麼問題,以及應該建立哪些控制措施來防止它們。該書還描述了一套著名的安全工具,可供您使用。
你將學到什麼:
- 了解企業IT安全控制,包括治理、政策、程序和安全意識
- 了解測試風險和風險評估技術,如滲透測試、紅隊測試、合規性掃描、防火牆保證和漏洞掃描
- 了解未管理和受管理設備的技術IT安全控制,以及邊界控制
- 實施安全測試工具,如隱寫術、漏洞掃描器、會話劫持、入侵檢測等
適合閱讀對象:
IT安全經理、首席信息安全官、信息安全從業人員和IT審計師將使用本書作為參考和支持指南,進行組織IT安全控制實施的差距分析和審計。
作者簡介
Virgilio Viegas, CISSP, CCSP, CISM, CISA, CRISC, CEH, has more than 25 years of experience in the banking sector, having worked in Europe, Asia and the Middle East. Currently he is the Group Head of International IT Security in one of the largest financial institutions in the Middle East and Africa with a strong presence across Europe, Africa and Asia.
Virgilio previously worked for more than 20 years for a major Portuguese financial institution, where he participated in the design and implementation of a Internet services reference platform and later developed an information security reference architecture.
While working in Asia, Virgilio developed projects related to information security, compliance, and retail such as Internet banking, ATM and POS network implementation, issuing and acquiring international card schemes, anti-money laundering, customer fingerprint authentication, amongst others. He also supported projects with significant impact in the Timor-Leste financial sector such as the definition of the country International Bank Account Number (IBAN) standard, the implementation of the Real Time Gross Settlement System (RTGS), and the national ATM and POS switch.
Oben Kuyucu, CISSP, CISA, has 15 years of experience in IT security, cybersecurity, governance, risk, compliance, and PCI DSS, as well as other international standards and regulations. Currently, he is an IT Security Governance and Oversight Senior Analyst at one of the largest financial institutions in the Middle East and Africa.
Oben previously worked as Senior Information Security Expert and PCI Qualified Security Assessor (QSA) at a leading information security company in Turkey. He was the first PCI 3DSecure Assessor and one of the first PCI QSAs in Turkey, and he carried out more than 150 IT security-related engagements, mainly related to PCI DSS and ISO 27001 internal audits.
Throughout his career Oben has performed PCI DSS auditing, system administration, design, penetration testing, security analysis, consulting, pre-sales activities and post-sales support for companies in Europe, Asia, and the Middle East. He also has made a significant contribution to many information security projects, including providing support to a PCI SSC Approved Scanning Vendor portal and transforming it into a governance, risk, and compliance vulnerability management tool.
作者簡介(中文翻譯)
Virgilio Viegas, CISSP, CCSP, CISM, CISA, CRISC, CEH,擁有超過25年的銀行業經驗,曾在歐洲、亞洲和中東工作。目前他是中東和非洲最大金融機構之一的國際資訊安全集團負責人,該機構在歐洲、非洲和亞洲地區具有強大的影響力。
Virgilio曾在一家著名葡萄牙金融機構工作超過20年,參與設計和實施互聯網服務參考平台,並後來開發了一個信息安全參考架構。
在亞洲工作期間,Virgilio參與了與信息安全、合規性和零售相關的項目,例如互聯網銀行、ATM和POS網絡實施、國際卡組織的發行和收單、反洗錢、客戶指紋驗證等。他還支持了對東帝汶金融行業具有重大影響的項目,例如制定國際銀行賬戶號碼(IBAN)標準、實施即時總體結算系統(RTGS)以及國家ATM和POS交換系統。
Oben Kuyucu, CISSP, CISA,擁有15年的資訊安全、網絡安全、治理、風險、合規性和PCI DSS等國際標準和法規方面的經驗。目前,他是中東和非洲最大金融機構的資訊安全治理和監督高級分析師。
Oben曾在土耳其一家領先的信息安全公司擔任高級信息安全專家和PCI合格安全評估師(QSA)。他是土耳其第一位PCI 3DSecure評估師和其中一位最早的PCI QSA,並執行了超過150個與IT安全相關的項目,主要涉及PCI DSS和ISO 27001內部審計。
在他的職業生涯中,Oben為歐洲、亞洲和中東的公司執行了PCI DSS審計、系統管理、設計、滲透測試、安全分析、咨詢、售前活動和售後支持。他還對許多信息安全項目做出了重大貢獻,包括支持一個PCI SSC批准的掃描供應商門戶,將其轉變為治理、風險和合規性漏洞管理工具。
