Developing Cybersecurity Programs and Policies 3rd (發展網路安全計畫與政策 第三版)

Omar Santos

相關主題

商品描述

All the Knowledge You Need to Build Cybersecurity Programs and Policies That Work

 

Clearly presents best practices, governance frameworks, and key standards

Includes focused coverage of healthcare, finance, and PCI DSS compliance

An essential and invaluable guide for leaders, managers, and technical professionals

 

Today, cyberattacks can place entire organizations at risk. Cybersecurity can no longer be delegated to specialists: success requires everyone to work together, from leaders on down. Developing Cybersecurity Programs and Policies offers start-to-finish guidance for establishing effective cybersecurity in any organization. Drawing on more than 20 years of real-world experience, Omar Santos presents realistic best practices for defining policy and governance, ensuring compliance, and collaborating to harden the entire organization.

 

First, Santos shows how to develop workable cybersecurity policies and an effective framework for governing them. Next, he addresses risk management, asset management, and data loss prevention, showing how to align functions from HR to physical security. You’ll discover best practices for securing communications, operations, and access; acquiring, developing, and maintaining technology; and responding to incidents.

 

Santos concludes with detailed coverage of compliance in finance and healthcare, the crucial Payment Card Industry Data Security Standard (PCI DSS) standard, and the NIST Cybersecurity Framework.

 

Whatever your current responsibilities, this guide will help you plan, manage, and lead cybersecurity–and safeguard all the assets that matter.

 

Learn How To

·         Establish cybersecurity policies and governance that serve your organization’s needs

·         Integrate cybersecurity program components into a coherent framework for action

·         Assess, prioritize, and manage security risk throughout the organization

·         Manage assets and prevent data loss

·         Work with HR to address human factors in cybersecurity

·         Harden your facilities and physical environment

·         Design effective policies for securing communications, operations, and access

·         Strengthen security throughout the information systems lifecycle

·         Plan for quick, effective incident response and ensure business continuity

·         Comply with rigorous regulations in finance and healthcare

·         Plan for PCI compliance to safely process payments

·         Explore and apply the guidance provided by the NIST Cybersecurity Framework

 

商品描述(中文翻譯)

擁有建立有效的網絡安全計劃和政策所需的全部知識

清晰地介紹最佳實踐、治理框架和關鍵標準

專注於醫療保健、金融和PCI DSS合規性的涵蓋範圍

對領導者、管理者和技術專業人員來說是一本必不可少且無價的指南

現今,網絡攻擊可能對整個組織造成風險。網絡安全不再能夠委派給專家:成功需要每個人共同努力,從領導者到基層員工。《發展網絡安全計劃和政策》提供了在任何組織中建立有效網絡安全的全面指導。作者Omar Santos根據超過20年的實踐經驗,提出了定義政策和治理、確保合規性以及協作加強整個組織安全的現實最佳實踐。

首先,Santos展示了如何制定可行的網絡安全政策和有效的治理框架。接下來,他討論了風險管理、資產管理和數據損失防範,展示了如何將從人力資源到實體安全的各個功能對齊。您將了解到保護通信、運營和訪問的最佳實踐;獲取、開發和維護技術;以及應對事件的方法。

Santos最後詳細介紹了金融和醫療保健領域的合規性,關鍵的支付卡行業數據安全標準(PCI DSS)以及NIST網絡安全框架。

無論您目前的職責是什麼,本指南都將幫助您計劃、管理和領導網絡安全,並保護所有重要資產。

學習如何:

- 建立符合組織需求的網絡安全政策和治理
- 將網絡安全計劃組件整合為一個統一的行動框架
- 在整個組織中評估、優先處理和管理安全風險
- 管理資產並防止數據損失
- 與人力資源合作解決網絡安全中的人為因素
- 加強設施和物理環境的安全性
- 設計保護通信、運營和訪問的有效政策
- 在信息系統生命周期中加強安全性
- 計劃快速、有效的事件應對並確保業務連續性
- 遵守金融和醫療保健領域的嚴格法規
- 計劃符合PCI合規性以安全處理支付
- 探索並應用NIST網絡安全框架提供的指導