وبلاگ بلیان

مدیریت ریسک و امنیت اطلاعات: محافظت برای توانمندسازی

Managing Risk and Information Security : Protect to Enable

معرفی کتاب «مدیریت ریسک و امنیت اطلاعات: محافظت برای توانمندسازی» (با عنوان لاتین Managing Risk and Information Security : Protect to Enable) نوشتهٔ W., Malcolm Harkins، منتشرشده توسط نشر Apress : Imprint : Apress در سال 2016. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

This updated version describes, at a high level, the evolving enterprise security landscape and provides guidance for a management-level audience about how to manage and survive risk. While based primarily on the author’s experience and insights at major companies where he has served as CISO and CSPO, the book also includes many examples from other well-known companies. __Managing Risk and Information Security__ provides thought leadership in the increasingly important area of enterprise information risk and security. It describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology not only for internal operations but increasing as a part of product or service creation, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This edition discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities and offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies—such as social media and the huge proliferation of Internet-enabled devices—while minimizing risk. What You'll Learn * Learn how enterprise risk and security requirements are changing, and why a new approach to risk and security management is needed * Learn how people perceive risk and the effects it has on information security * Learn why different perceptions of risk within an organization matters, and why it is necessary to understand and reconcile these views * Learn the principles of enterprise information security governance and decision-making, and the other groups they need to need to work with * Learn the impact of new technologies on information security, and gain insights into how to safely enable the use of new technologies Who This Book Is ForThe primary audience is CIOs and other IT leaders, CISOs and other information security leaders, IT auditors, and other leaders of corporate governance and risk functions. The secondary audience is CEOs, board members, privacy professionals, and less senior-level information security and risk professionals. __"Harkins’ logical, methodical approach as a CISO to solving the most complex cybersecurity problems is reflected in the lucid style of this book. His enlightened approach to intelligence-based security infrastructure and risk mitigation is our best path forward if we are ever to realize the vast potential of the innovative digital world we are creating while reducing the threats to manageable levels. The author shines a light on that path in a comprehensive yet very readable way."__ —Art Coviello, Former CEO and Executive Chairman, RSA Examine the evolving enterprise security landscape and discover how to manage and survive risk. While based primarily on the author's experience and insights at major companies where he has served as CISO and CSPO, the book also includes many examples from other well-known companies and provides guidance for a management-level audience. Managing Risk and Information Security provides thought leadership in the increasingly important area of enterprise information risk and security. It describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology not only for internal operations but increasing as a part of product or service creation, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This edition discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities and offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies—such as social media and the huge proliferation of Internet-enabled devices—while minimizing risk. What You'll Learn Review how people perceive risk and the effects it has on information security See why different perceptions of risk within an organization matters Understand and reconcile these differing risk views Gain insights into how to safely enable the use of new technologies Who This Book Is For The primary audience is CIOs and other IT leaders, CISOs and other information security leaders, IT auditors, and other leaders of corporate governance and risk functions. The secondary audience is CEOs, board members, privacy professionals, and less senior-level information security and risk professionals. "Harkins' logical, methodical approach as a CISO to solving the most complex cybersecurity problems is reflected in the lucid style of this book. His enlightened approach to intelligence-based security infrastructure and risk mitigation is our best path forward if we are ever to realize the vast potential of the innovative digital world we are creating while reducing the threats to manageable levels. The author shines a light on that path in a comprehensive yet very readable way." —Art Coviello, Former CEO and Executive Chairman, RSA This book provides thought leadership in the increasingly important area of enterprise information risk and security. It describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. The book discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies-such as social media and the huge proliferation of Internet-enabled devices--while minimizing risk. Malcolm Harkins is vice president and Chief Security and Privacy Officer (CSPO) at Intel Corporation. In this role Malcolm is responsible for managing the risk, controls, privacy, security, and other related compliance activities for all of Intel s information assets, products and services. Before becoming Intel s first CSPO he was the Chief Information Security Officer (CISO) reporting into the Chief Information Officer. Malcolm also held roles in finance, procurement and various business operations. He has managed IT benchmarking efforts and Sarbanes Oxley systems compliance efforts. Harkins acted as the profit and loss manager for the Flash Product Group at Intel; was the general manager of Enterprise Capabilities, responsible for the delivery and support of Intel s finance and HR systems; and worked in an Intel business venture focusing on e-commerce hosting. Malcolm previously taught at the CIO institute at the UCLA Anderson School of Business and was an adjunct faculty member at Susquehanna University in 2009. In 2010, he received the excellence in the field of security award at the RSA conference. He was recognized by Computerworld magazine as one of the top 100 Information Technology Leaders for 2012. In addition, (ISC)2 recognized Malcolm in 2012 with the Information Security Leadership Award. Malcolm is a frequent speaker at industry events, he is also an author of many white papers. Malcolm received his bachelor s degree in economics from the University of California at Irvine and an MBA in finance and accounting from the University of California at Davis "This book is a must have resource guide for anyone who wants to ... implement TXT within their environments. I wish we had this guide when our engineering teams were implementing TXT on our solution platforms!” John McAuley,EMC Corporation "This book details innovative technology that provides significant benefit to both the cloud consumer and the cloud provider when working to meet the ever increasing requirements of trust and control in the cloud.” Alex Rodriguez, Expedient Data Centers "This book is an invaluable reference for understanding enhanced server security, and how to deploy and leverage computing environment trust to reduce supply chain risk.” Pete Nicoletti. Virtustream Inc. Intel® Trusted Execution Technology (Intel TXT) is a new security technology that started appearing on Intel server platforms in 2010. This book explains Intel Trusted Execution Technology for Servers, its purpose, application, advantages, and limitations. This book guides the server administrator / datacenter manager in enabling the technology as well as establishing a launch control policy that he can use to customize the server’s boot process to fit the datacenter’s requirements. This book explains how the OS (typically a Virtual Machine Monitor or Hypervisor) and supporting software can build on the secure facilities afforded by Intel TXT to provide additional security features and functions. It provides examples how the datacenter can create and use trusted pools. With a foreword from Albert Caballero, the CTO at Trapezoid. "This book is a must have resource guide for anyone who wants to ... implement TXT within their environments. I wish we had this guide when our engineering teams were implementing TXT on our solution platforms!" John McAuley, EMC Corporation "This book details innovative technology that provides significant benefit to both the cloud consumer and the cloud provider when working to meet the ever increasing requirements of trust and control in the cloud." Alex Rodriguez, Expedient Data Centers "This book is an invaluable reference for understanding enhanced server security, and how to deploy and leverage computing environment trust to reduce supply chain risk." Pete Nicoletti. Virtustream Inc. Intel® Trusted Execution Technology (Intel TXT) is a new security technology that started appearing on Intel server platforms in 2010. This book explains Intel Trusted Execution Technology for Servers, its purpose, application, advantages, and limitations. This book guides the server administrator / datacenter manager in enabling the technology as well as establishing a launch control policy that he can use to customize the server's boot process to fit the datacenter's requirements. This book explains how the OS (typically a Virtual Machine Monitor or Hypervisor) and supporting software can build on the secure facilities afforded by Intel TXT to provide additional security features and functions. It provides examples how the datacenter can create and use trusted pools. With a foreword from Albert Caballero, the CTO at Trapezoid
دانلود کتاب مدیریت ریسک و امنیت اطلاعات: محافظت برای توانمندسازی