Security Program and Policies: Principles and Practices, 2/e (Paperback)

Sari Greene

買這商品的人也買了...

商品描述

Everything you need to know about information security programs and policies, in one book

  • Clearly explains all facets of InfoSec program and policy planning, development, deployment, and management
  • Thoroughly updated for today’s challenges, laws, regulations, and best practices
  • The perfect resource for anyone pursuing an information security management career

 

In today’s dangerous world, failures in information security can be catastrophic. Organizations must protect themselves. Protection begins with comprehensive, realistic policies. This up-to-date guide will help you create, deploy, and manage them.

Complete and easy to understand, it explains key concepts and techniques through real-life examples. You’ll master modern information security regulations and frameworks, and learn specific best-practice policies for key industry sectors, including finance, healthcare, online commerce, and small business.

 

If you understand basic information security, you’re ready to succeed with this book. You’ll find projects, questions, exercises, examples, links to valuable easy-to-adapt information security policies...everything you need to implement a successful information security program.

 

Sari Stern Greene, CISSP, CRISC, CISM, NSA/IAM, is an information security practitioner, author, and entrepreneur. She is passionate about the importance of protecting information and critical infrastructure. Sari founded Sage Data Security in 2002 and has amassed thousands of hours in the field working with a spectrum of technical, operational, and management personnel, as  well as boards of directors, regulators, and service providers. Her first text was Tools and Techniques for Securing Microsoft Networks, commissioned by Microsoft to train its partner channel, which was soon followed by the first edition of Security Policies and Procedures: Principles and Practices. She is actively involved in the security community, and speaks regularly at security conferences and workshops. She has been quoted in The New York Times, Wall Street Journal, and on CNN, and CNBC. Since 2010, Sari has served as the chair of the annual Cybercrime Symposium.

 

Learn how to

·         Establish program objectives, elements, domains, and governance

·         Understand policies, standards, procedures, guidelines, and plans—and the differences among them

·         Write policies in “plain language,” with the right level of detail

·         Apply the Confidentiality, Integrity & Availability (CIA) security model

·         Use NIST resources and ISO/IEC 27000-series standards

·         Align security with business strategy

·         Define, inventory, and classify your information and systems

·         Systematically identify, prioritize, and manage InfoSec risks

·         Reduce “people-related” risks with role-based Security Education, Awareness, and Training (SETA)

·         Implement effective physical, environmental, communications, and operational security

·         Effectively manage access control

·         Secure the entire system development lifecycle

·         Respond to incidents and ensure continuity of operations

·         Comply with laws and regulations, including GLBA, HIPAA/HITECH, FISMA, state data security and notification rules, and PCI DSS

 

商品描述(中文翻譯)

這本書將提供您關於資訊安全計畫和政策的一切所需知識。


  • 清楚解釋了資訊安全計畫和政策規劃、開發、部署和管理的各個方面

  • 根據當今的挑戰、法律、法規和最佳實踐進行全面更新

  • 對於追求資訊安全管理職業的任何人來說,這是一個完美的資源

在今天危險的世界中,資訊安全的失敗可能是災難性的。組織必須保護自己。保護始於全面、現實的政策。這本最新的指南將幫助您創建、部署和管理這些政策。

這本書完整且易於理解,通過實際案例解釋了關鍵概念和技術。您將掌握現代資訊安全法規和框架,並學習特定行業部門(包括金融、醫療保健、線上商務和小企業)的最佳實踐政策。

如果您了解基本的資訊安全知識,您就準備好通過這本書取得成功了。您將找到項目、問題、練習、示例以及有價值且易於適應的資訊安全政策連結...這些都是您實施成功的資訊安全計畫所需的一切。

Sari Stern Greene,CISSP、CRISC、CISM、NSA/IAM,是一位資訊安全從業者、作家和企業家。她對保護資訊和關鍵基礎設施的重要性充滿熱情。Sari於2002年創立了Sage Data Security,並在該領域與技術、運營和管理人員以及董事會、監管機構和服務提供商合作中累積了數千小時的經驗。她的第一本著作是由微軟委託培訓其合作夥伴渠道的《Tools and Techniques for Securing Microsoft Networks》,隨後出版了第一版的《Security Policies and Procedures: Principles and Practices》。她積極參與安全社群,並經常在安全會議和研討會上發表演講。她曾被引用於《紐約時報》、《華爾街日報》以及CNN和CNBC。自2010年以來,Sari擔任年度網絡犯罪研討會的主席。

學習如何:

- 建立計畫目標、要素、領域和治理
- 理解政策、標準、程序、指南和計畫之間的差異
- 以「平易近人的語言」撰寫政策,適當的細節層次
- 應用機密性、完整性和可用性(CIA)安全模型
- 使用NIST資源和ISO/IEC 27000系列標準
- 將安全與業務策略對齊
- 定義、清點和分類您的資訊和系統
- 系統性地識別、優先處理和管理資訊安全風險
- 降低與角色有關的風險