Muutke küpsiste eelistusi

E-raamat: Mind the Tech Gap: Addressing the Conflicts between IT and Security Teams [Taylor & Francis e-raamat]

  • Formaat: 198 pages, 2 Line drawings, black and white; 47 Halftones, black and white; 49 Illustrations, black and white
  • Sari: Security, Audit and Leadership Series
  • Ilmumisaeg: 05-Oct-2022
  • Kirjastus: CRC Press
  • ISBN-13: 9781003264422
Teised raamatud teemal:
  • Taylor & Francis e-raamat
  • Hind: 147,72 €*
  • * hind, mis tagab piiramatu üheaegsete kasutajate arvuga ligipääsu piiramatuks ajaks
  • Tavahind: 211,02 €
  • Säästad 30%
Mind the Tech Gap: Addressing the Conflicts between IT and Security TeamsSuurem pilt
  • Formaat: 198 pages, 2 Line drawings, black and white; 47 Halftones, black and white; 49 Illustrations, black and white
  • Sari: Security, Audit and Leadership Series
  • Ilmumisaeg: 05-Oct-2022
  • Kirjastus: CRC Press
  • ISBN-13: 9781003264422
Teised raamatud teemal:
Taylor & Francis e-raamatudRohkem infot Taylor & Francis e-raamatute kohta
Raamatu kodulehekülg: https://www.taylorfrancis.com/books/9781003264422
"IT and cybersecurity teams have had a long-standing battle between functionality and security. But why? To understand where the problem lies, this book will explore the different job functions, goals, relationships, and other factors that may impact howIT and cybersecurity teams interact. With different levels of budget, competing goals, and a history of lack of communication, there is a lot of work to do to bring these teams together. Empathy and emotional intelligence are common phenomena discussed in leadership books, so why not at the practitioner level? Technical teams are constantly juggling projects, engineering tasks, risk management activities, security configurations, remediating audit findings, and the list goes on. Understanding how psychology and human factors engineering practices can improve both IT and cybersecurity teams can positively impact those relationships, as well as strengthen both functionality and security. There is no reason not to have these teams at odds or competing for their own team's mission, align the missions, and align the teams. The goal is to identify the problems in your own team or organization and apply the principles within to improve how teams communicate, collaborate, and compromise. Each organization will have its own unique challenges but following the question guide will help to identify other technical gaps horizontally or vertically"--

IT and cybersecurity teams have had a long-standing battle between functionality and security. To understand where the problem lies, this book will explore the different job functions, goals, relationships, and other factors that may impact how IT and cybersecurity teams interact.

List of figures
xiii
About the author xv
1 Background of It and Cybersecurity Fields
1(10)
Background
1(1)
History of IT
2(1)
History of cybersecurity
3(1)
Where IT meets cybersecurity
4(1)
Cybersecurity education
5(1)
IT education
6(1)
Software developers
7(1)
Major shifts in IT/cybersecurity
8(1)
What is the problem?
9(2)
2 Roles and responsibilities in IT
11(18)
Roles in IT
11(1)
Helpdesk
12(2)
Systems engineering
14(2)
Network engineer
16(2)
Software developers
18(2)
Database administrator/data science
20(2)
Cloud administrator/engineer
22(1)
Infrastructure architect
23(1)
Technical team leads
24(1)
Operational technology engineer
25(1)
IT generalist vs IT specialist
26(1)
Conclusion
27(1)
References
28(1)
3 Roles and responsibilities in cybersecurity
29(18)
Roles in cybersecurity
29(1)
Security analyst
30(1)
Security Assessors/Auditors
31(2)
Security Engineers (SEs)
33(1)
Security Managers (SMs)
34(1)
Security architects
35(1)
Red teams
36(1)
Incident response
37(1)
Digital forensics
38(2)
Governance, risk, and compliance
40(1)
Security researchers
41(2)
Threat intelligence analysts
43(1)
Conclusion
44(1)
References
44(3)
4 Where IT meets cybersecurity
47(14)
Technology meets cybersecurity
47(1)
People, process, and technology
48(2)
People
50(1)
Secure configuration
51(2)
Risk management
53(1)
Legal and privacy concerns
54(1)
DevSecOps
55(2)
Architecture
57(1)
New IT I development projects
58(1)
Empathy in IT and cybersecurity
59(1)
Conclusion
60(1)
References
60(1)
5 The disconnect (IT vs cybersecurity)
61(14)
The disconnect
61(1)
A history of discord
62(1)
Functionality
63(1)
Security
64(2)
IT vs cyber: round 1
66(1)
IT vs cyber: round 2
67(2)
IT vs cyber: KO
69(2)
Education
71(1)
Certifications
72(1)
Conclusion
73(2)
6 Separation of duties
75(12)
Introduction
75(1)
Separation of duties
75(2)
Job rotation
77(1)
Typical IT duties
78(1)
Typical cyber duties
79(1)
Incident response
80(1)
Permissions
81(2)
Siloed teams
83(1)
Helping or hurting?
83(2)
Conclusion
85(1)
References
85(2)
7 Management interaction
87(12)
Management interaction
87(1)
SOC leads
88(1)
IT operations leads
89(2)
Security management
91(2)
IT management
93(2)
CISO engagement
95(1)
CIO engagement
96(1)
Conclusion
97(2)
8 Financial issues and responsibilities
99(18)
IT budgets
99(1)
Cybersecurity budgets
100(2)
IT tools
102(1)
Cybersecurity tools
103(1)
IT services
104(1)
Cybersecurity services
105(1)
IT projects
106(2)
Cybersecurity projects
108(2)
IT resources
110(1)
Cybersecurity resources
111(1)
IT goals
112(1)
Cybersecurity goals
113(2)
IT versus cybersecurity
115(2)
9 Education gaps between IT and cybersecurity
117(12)
Introduction
117(1)
IT certifications
118(1)
Cybersecurity certifications
119(1)
IT higher education
120(1)
Cybersecurity higher education
121(1)
IT training options
122(1)
Cybersecurity training options
123(1)
Vendor-agnostic certifications
124(1)
Vendor-specific certifications
124(2)
Industry expectations
126(1)
References
127(2)
10 Bridging the technology and cybersecurity gap
129(12)
Where we are now
129(1)
Where we need to go
130(1)
Emotional intelligence
131(1)
Aligning goals
132(1)
Leading with empathy
133(1)
IT and security liaisons
134(1)
Technical and practical meet
135(1)
Cybersecurity foundational knowledge
136(1)
Communication gaps
137(1)
Where we could be
138(3)
11 Embracing functionality and security
141(12)
Missed opportunities
141(1)
Functionality is not a four-letter word
142(1)
Embracing security
143(1)
Problem-solving and decision-making
144(1)
Encouraging both operations and cybersecurity
145(1)
Compromise as a tool
146(1)
Adaptability
147(1)
Understanding cognitive limitations
148(1)
Understanding personality types
149(2)
Our differences make our teams stronger
151(1)
References
152(1)
12 Creating new roles
153(10)
Thinking outside current job descriptions
153(1)
New types of IT roles
154(1)
New types of cybersecurity roles
155(1)
IT security liaison
155(2)
Cybersecurity operations liaison
157(1)
Incident response/operations specialist
157(1)
IT/cybersecurity cooperation working group
158(1)
Human factors security engineer
159(1)
Human factors IT specialist
160(1)
Cybersecurity EI (emotional intelligence) engineer
161(1)
Conclusion
162(1)
13 Building trust and new relationships
163(14)
Letting go of the past
163(1)
Getting rid of preconceived notions
164(1)
Approaching projects in a new way
165(1)
Early and often open communication
166(1)
Have fun with it
167(1)
Considering the other side
168(1)
Improve security and functionality
169(1)
Changing meeting structure
170(1)
Remove siloed groups
171(2)
Encourage collaboration
173(1)
Building trust
174(3)
14 Path forward
177(20)
The problem
177(1)
Bridging the technical gap
178(1)
Human first
179(2)
Behavioral analysis techniques
181(1)
Technology and security second
182(1)
Vertical and lateral changes
183(1)
Current state
184(2)
Desired state
186(2)
How can we get there?
188(7)
Final thoughts
195(1)
Reference
196(1)
Index 197
Nikki Robinson is Cyber Woman Influencer of the Year 2023! She earned a DSc in Cybersecurity, several industry certifications including CISSP, and is a Security Architect by day, and an Adjunct Professor at night. She had more than 10 years of experience in IT operations before moving into the security field about 3 years ago. She studied vulnerability chaining concepts and completed her PhD in Human Factors to combine psychological and technical aspects to improve security programs. She has a passion for teaching and mentoring others on risk management, network defense strategies, and DFIR. She is currently a Security Architect and has technical experience in continuous monitoring, risk management, digital forensics, and incident response. She has spoken at several conferences on a variety of topics from human factors security engineering, malicious website graphing, and DevSecOps.
Püsilink: https://www.kriso.ee/db/9781003264422_pe.html
Märksõnad: