Book description
Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don’t have the budget to establish or outsource an information security (InfoSec) program, forcing them to learn on the job. For companies obliged to improvise, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost.
Each chapter in this book provides step-by-step instructions for dealing with a specific issue, including breaches and disasters, compliance, network infrastructure and password management, vulnerability scanning, and penetration testing, among others. Network engineers, system administrators, and security professionals will learn tools and techniques to help improve security in sensible, manageable chunks.
- Learn fundamentals of starting or redesigning an InfoSec program
- Create a base set of policies, standards, and procedures
- Plan and design incident response, disaster recovery, compliance, and physical security
- Bolster Microsoft and Unix systems, network infrastructure, and password management
- Use segmentation practices and designs to compartmentalize your network
- Explore automated process and tools for vulnerability management
- Securely develop code to reduce exploitable errors
- Understand basic penetration testing concepts through purple teaming
- Delve into IDS, IPS, SOC, logging, and monitoring
Publisher resources
Table of contents
- Foreword
- Introduction
- 1. Creating a Security Program
- 2. Asset Management and Documentation
- 3. Policies
- 4. Standards and Procedures
- 5. User Education
- 6. Incident Response
- 7. Disaster Recovery
- 8. Industry Compliance Standards and Frameworks
- 9. Physical Security
- 10. Microsoft Windows Infrastructure
- 11. Unix Application Servers
- 12. Endpoints
- 13. Password Management and Multifactor Authentication
- 14. Network Infrastructure
- 15. Segmentation
- 16. Vulnerability Management
- 17. Development
- 18. Purple Teaming
- 19. IDS and IPS
- 20. Logging and Monitoring
- 21. The Extra Mile
-
A. User Education Templates
-
Live Phishing Education Slides
- You’ve Been Hacked!
- What Just Happened, and Why?
- Social Engineering 101(0101)
- So It’s OK That You Were Exploited (This Time)
- No Blame, No Shames, Just...
- A Few Strategies for Next Time
- Because There Will Be a Next Time
- If Something Feels Funny
- If Something Looks Funny
- If Something Sounds Funny
- Feels, Looks, or Sounds Funny—Call the IS Helpdesk
- What If I Already Clicked the Link, or Opened the Attachment?
- What If I Didn’t Click the Link or Attachment?
- Your IT Team Is Here for You!
- Phishing Program Rules
-
Live Phishing Education Slides
- Index
Product information
- Title: Defensive Security Handbook
- Author(s):
- Release date: April 2017
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781491960332
You might also like
book
Defensive Security Handbook, 2nd Edition
Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don't have …
book
Mastering Defensive Security
An immersive learning experience enhanced with technical, hands-on labs to understand the concepts, methods, tools, platforms, …
book
Cybersecurity – Attack and Defense Strategies - Second Edition
Updated and revised edition of the bestselling guide to developing defense strategies against the latest threats …
book
Cybersecurity - Attack and Defense Strategies
Key Features Gain a clear understanding of the attack methods, and patterns to recognize abnormal behavior …