Developing Cybersecurity Programs and Policies in an Ai-Driven World
Santos, Omar
- 出版商: Pearson IT Certifica
- 出版日期: 2024-06-15
- 售價: $3,310
- 貴賓價: 9.5 折 $3,145
- 語言: 英文
- 裝訂: Quality Paper - also called trade paper
- ISBN: 0138074100
- ISBN-13: 9780138074104
-
相關分類:
資訊安全
海外代購書籍(需單獨結帳)
相關主題
商品描述
Developing Cybersecurity Programs and Policies is a complete guide to establishing a cyber security program and governance in your organization. In this book, you will learn how to create cyber security policies, standards, procedures, guidelines, and plans-and the differences among them. You will also learn how threat actors are launching attacks against their victims-compromising confidentiality, integrity, and availability of systems and networks.
Santos starts by providing an overview of cybersecurity policy and governance, and how to create cybersecurity policies and develop a cybersecurity framework. He then provides details about governance, risk management, asset management, and data loss prevention.
Learn how to:
- Respond to incidents and ensure continuity of operations
- Comply with laws and regulations, including GLBA, HIPAA/HITECH, FISMA, state data security and notification rules, and PCI DSS
- Systematically identify, prioritize, and manage cyber security risks and reduce social engineering (human) risks with role-based Security Education, Awareness, and Training (SETA)
- Incorporate human resources, physical, and environmental security as important elements of your cybersecurity program.
- Implement appropriate security controls in the cloud, often using automation
- Understand Identity and Access Management (IAM)
This book includes:
- Practical, hands-on exercises related to several key topics to defend various cloud workloads operating in the different CSP models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Functions as a Service (FaaS)
- Covers NIST Cyber Security Framework and ISO/IEC 27000-series standards
商品描述(中文翻譯)
《發展資訊安全計畫與政策》是一本完整指南,教你如何在組織中建立資訊安全計畫和治理。在這本書中,你將學習如何建立資訊安全政策、標準、程序、指南和計畫,以及它們之間的差異。你還將了解威脅行為者如何對受害者發動攻擊,危及系統和網絡的機密性、完整性和可用性。
Santos首先提供了資訊安全政策和治理的概述,以及如何建立資訊安全政策和發展資訊安全框架。然後,他詳細介紹了治理、風險管理、資產管理和資料損失防範。
學習如何:
- 回應事件並確保業務連續運作
- 遵守法律法規,包括GLBA、HIPAA/HITECH、FISMA、州數據安全和通知規則以及PCI DSS
- 系統性地識別、優先處理和管理資訊安全風險,並減少社交工程(人為)風險,透過基於角色的安全教育、意識和培訓(SETA)
- 將人力資源、物理和環境安全納入資訊安全計畫的重要元素
- 在雲端中實施適當的安全控制,通常使用自動化
- 瞭解身份和存取管理(IAM)
本書包含:
- 與幾個關鍵主題相關的實際操作練習,以保護不同雲端工作負載在不同CSP模型中的運作:基礎架構即服務(IaaS)、平台即服務(PaaS)、軟體即服務(SaaS)和功能即服務(FaaS)
- 涵蓋NIST資訊安全框架和ISO/IEC 27000系列標準