Network Security Evaluation Using the NSA IEM

Description:

Are you an information security professional looking for a way to conduct network evaluations in a comprehensive and customized manner? Did you know that the National Security Agency has a methodology that they use and recommend? Security Evaluation was written by professionals who not only use this methodology themselves, but who helped develop and teach the course for the NSA.

Security Evaluation guides the experienced INFOSEC professional through a step-by-step process to ensure their customers receive the most accurate and comprehensive evaluation of their network security posture as possible. Security Evaluation is unique as it starts with the customer’s information, not the technical tools to be used. In this way, the INFOSEC professional is able to ensure the results are relevant to the customer as opposed to delivering a standardized report, which may or may not directly affect or improve security posture. In addition, this framework will not only give the customer a sense of where they are, but also a way for both the service provider and customer to monitor and track progress over time using this repeatable methodology.

Don’t be misled by other books that focus only on technical tools. As an INFOSEC professional, you owe it to yourself and your customers to also have an understanding of how legislation, industry regulation, and legal issues affect you both. Security Evaluation helps you put this all together and deliver a final product that the customer will actually understand and use.

描述：
您是一位資訊安全專業人士嗎？您正在尋找一種全面且可定制的方式來進行網絡評估嗎？您知道國家安全局有一種他們使用並推薦的方法嗎？《安全評估》是由專業人士撰寫的，他們不僅自己使用這種方法，還幫助開發並教授了國家安全局的課程。

《安全評估》指導經驗豐富的資訊安全專業人士通過逐步的過程，確保他們的客戶能夠獲得最準確和全面的網絡安全評估。《安全評估》的獨特之處在於它從客戶的信息開始，而不是從要使用的技術工具開始。通過這種方式，資訊安全專業人士能夠確保結果與客戶相關，而不是提供一份可能與安全狀態直接或間接影響或改善的標準化報告。此外，這個框架不僅能讓客戶了解他們的位置，還能讓服務提供商和客戶使用這種可重複的方法來監控和追踪進展。

不要被其他只關注技術工具的書籍所誤導。作為一位資訊安全專業人士，您應該了解立法、行業規定和法律問題如何影響您和您的客戶。《安全評估》幫助您將這一切整合在一起，並提供一個客戶實際理解和使用的最終產品。