相關主題
商品描述
In today's digital landscape, safeguarding sensitive information is paramount. This book offers a comprehensive roadmap for managing and mitigating the impact of security incidents and data breaches. This essential guide goes beyond the basics, providing expert insights and strategies to help organizations of all sizes navigate the complexities of cybersecurity.
With seven in-depth chapters and 10 appendices, this book covers everything from defining information security incidents and data breaches to understanding key privacy regulations such as GDPR and LGPD. You'll learn a practical, step-by-step approach to incident response, including how to assess and improve your organization's security posture.
The book contains a well-tested and practical information security incident and breach management approach to manage information security incidents and data privacy breaches in four phases: Security and Breach Obligations and Requirements Comprehension; Security and Privacy Framework Assurance; Security Incident and Data Breach Response Management; and Security and Breach Response Process Evaluation. Knowing how to handle such security and breach issues will avoid compliance and sanctions to organizations of all types and protect the company's reputation and brand name.
What You Will Learn
- Identify and manage information security incidents and data breaches more effectively
- Understand the importance of incident response in avoiding compliance issues, sanctions, and reputational damage
- Review case studies and examples that illustrate best practices and common pitfalls in incident response and data breach management
- Benefit from a well-tested approach that goes beyond the NIST 800-61 standard, aligning with the international information security standard ISO 27001:2022
Who This Book Is For
Cybersecurity leaders, executives, consultants, and entry-level professionals responsible for executing the incident response plan when something goes wrong, including: ISO 27001 implementation and transition project managers; ISO 27001 auditors and inspectors; auditors (IT, internal, external, etc.); IT managers and development staff; senior executives, CISOs and corporate security managers; administration, HR managers and staff; compliance and data protection officers; cybersecurity professionals; IT development, auditing, and security university students; and anyone else interested in information security issues
商品描述(中文翻譯)
在當今的數位環境中,保護敏感資訊至關重要。本書提供了一個全面的路線圖,以管理和減輕安全事件和數據洩露的影響。這本必備指南超越了基本知識,提供專家的見解和策略,幫助各種規模的組織應對網絡安全的複雜性。
本書包含七個深入的章節和十個附錄,涵蓋了從定義資訊安全事件和數據洩露到理解關鍵隱私法規(如GDPR和LGPD)的所有內容。您將學習到一個實用的逐步方法來應對事件,包括如何評估和改善您組織的安全狀態。
本書包含一個經過充分測試且實用的資訊安全事件和洩露管理方法,分為四個階段來管理資訊安全事件和數據隱私洩露:安全和洩露義務及要求理解;安全和隱私框架保證;安全事件和數據洩露應對管理;以及安全和洩露應對過程評估。了解如何處理這些安全和洩露問題將避免各類組織的合規性和制裁,並保護公司的聲譽和品牌名稱。
您將學到的內容:
- 更有效地識別和管理資訊安全事件和數據洩露
- 理解事件應對在避免合規問題、制裁和聲譽損害中的重要性
- 審查案例研究和示例,說明事件應對和數據洩露管理中的最佳實踐和常見陷阱
- 受益於一個經過充分測試的方法,超越NIST 800-61標準,與國際資訊安全標準ISO 27001:2022對齊
本書適合對象:
網絡安全領導者、高層主管、顧問和負責執行事件應對計劃的入門級專業人員,包括:ISO 27001實施和過渡項目經理;ISO 27001審核員和檢查員;審核員(IT、內部、外部等);IT經理和開發人員;高級主管、CISO和企業安全經理;行政、人力資源經理及員工;合規和數據保護官;網絡安全專業人員;IT開發、審核和安全相關的大學學生;以及任何對資訊安全問題感興趣的人士。
作者簡介
John Kyriazoglou is currently Editor-in-Chief of "The IIC Internal Controls e-Magazine" and represents Western Europe on the Advisory Board of the Institute for Internal Controls. He is also consulting on data privacy and IT security Issues (GDPR, e-Privacy, etc.) to a large number of private and public clients and has published several books on these issues.
John is a business thinker, consultant, and an author. He is a graduate of the University of Toronto, a Certified Internal Controls Auditor (CICA), and a management consultant with more than 40 years of global experience on data management, IT auditing, IT security, IT project management, and data privacy issues. He has written many books (more than 60) on data privacy protection, business management controls, IT, corporate wellness, duty of care, etc.
John has worked in Canada, England, Switzerland, Luxembourg, Greece, Saudi Arabia, and other countries for over 40 years, as a senior IT manager, managing director, IT auditor, and consultant or a variety of clients and projects, in both the private and the public sectors.
作者簡介(中文翻譯)
約翰·基里亞佐格魯(John Kyriazoglou)目前是《IIC內部控制電子雜誌》的主編,並在內部控制研究所的諮詢委員會中代表西歐。他還為許多私營和公共客戶提供有關數據隱私和IT安全問題(如GDPR、電子隱私等)的諮詢,並在這些問題上出版了幾本書籍。
約翰是一位商業思想家、顧問和作家。他畢業於多倫多大學,是一名認證內部控制審計師(CICA),並且是一位擁有超過40年全球經驗的管理顧問,專注於數據管理、IT審計、IT安全、IT項目管理和數據隱私問題。他撰寫了許多書籍(超過60本),涵蓋數據隱私保護、商業管理控制、IT、企業健康、照顧責任等主題。
約翰在加拿大、英國、瑞士、盧森堡、希臘、沙烏地阿拉伯及其他國家工作了超過40年,擔任高級IT經理、常務董事、IT審計師以及各種客戶和項目的顧問,涵蓋私營和公共部門。
