وبلاگ بلیان

راهنمای مدیران فناوری اطلاعات برای مدیریت حوادث امنیت اطلاعات

The CIO's guide to information security incident management

معرفی کتاب «راهنمای مدیران فناوری اطلاعات برای مدیریت حوادث امنیت اطلاعات» (با عنوان لاتین The CIO's guide to information security incident management) نوشتهٔ Matthew William Arthur Pemble; Wendy Fiona Goucher، منتشرشده توسط نشر Auerbach Publications در سال 2019. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

This book will help IT and business operations managers who have been tasked with addressing security issues. It provides a solid understanding of security incident response and detailed guidance in the setting up and running of specialist incident management teams. Having an incident response plan is required for compliance with government regulations, industry standards such as PCI DSS, and certifications such as ISO 27001. This book will help organizations meet those compliance requirements. Read more... Abstract: This book will help IT and business operations managers who have been tasked with addressing security issues. It provides a solid understanding of security incident response and detailed guidance in the setting up and running of specialist incident management teams. Having an incident response plan is required for compliance with government regulations, industry standards such as PCI DSS, and certifications such as ISO 27001. This book will help organizations meet those compliance requirements Content: Cover Frontispiece Half Title Title Page Copyright Page Dedication Contents Introduction Authors Chapter 1: Oh, No. It's All Gone Horribly Wrong! Introduction Is It an "Information Security Incident"? The Meeting Basic Meeting Management First Steps Impacts Aims Authority Capabilities Constraints Second Steps -- Activities Third Steps -- Reporting Chapter 2: And, Breathe ... Introduction Thinking More Deeply about Goals What Do I Have to Tell People? How Critical to the Business Is Restoration of Service? What, When, Why and How? Immediate Concerns. Things You Might Want to Leave for LaterOngoing Management To Split or Not to Split the Meeting? Management Meeting Technical Meeting Management, Colleagues, Media and Customers Senior Management Colleagues The Public: Media and Customers What Next? Chapter 3: The First Day of the Rest of Your Life Introduction Completing Activities Taking Care of the Team Reverting (or Formalising) Changes Post-Incident Review Formalising the Future Chapter 4: Introducing Amber Inc. and Jade Ltd. Introduction Amber Inc. Jade Ltd. Chapter 5: And What Is a Security Incident? Introduction. Recognising an Event or IncidentDefining an Incident Grading Incidents Legal and Regulatory Meanings of "Incident" Business Continuity Case Studies Amber Inc. Jade Ltd. Further Reading Chapter 6: The Incident Timeline Introduction The Basics Notification Assessment Investigation Recovery Pre-Recovery Checks Closure Post-Incident Review Revealing the Case Studies Amber Inc. Jade Ltd. Chapter 7: Types and Priorities Introduction Flowchart Prioritisation Simple Schema Privacy and Investigations Additional Concerns Incident Categories Cause and Impact Incident Cause. ImpactsKISS Revealing the Case Studies Amber Inc. Jade Ltd. Chapter 8: The Investigation Cycle Introduction Conflicting Demands of Initial Review, Detailed Investigation and Restoration The Cyclical Model Analysis The Business Requirement "Monitoring the Incident" versus "Doing Something" Investigation Activities Categories of Activity Confirmatory Activities Preparatory Activities Exploratory Activities Advisory Activities Housekeeping The Theory of Events (and Why There Shouldn't Be Just One!) Restorative Activities Notification and Reporting Monitor and Review. When to Break Out?Keeping Control of Your Investigation Revealing the Case Studies Annex A: Managing the Incident Meeting A Short Meeting If You Have the Time Annex B: Sensibly Setting Tasks Try to Be SMART Chapter 9: Roles and Responsibilities Introduction The Incident Manager The Lead Investigator Separation of Duties Investigation Technicians Technical and Support Staff External Contractors Law Enforcement Creating an Effective Team Revealing the Case Studies Amber Inc. Jade Ltd. Chapter 10: Policies and Documentation Introduction Formal Documentation Minimum Requirements.
دانلود کتاب راهنمای مدیران فناوری اطلاعات برای مدیریت حوادث امنیت اطلاعات