Book description
NoneTable of contents
- Cover
- Title
- Copyright
- Dedication
- Contents at a Glance
- Contents
- Foreword
- About the Authors
- Acknowledgments
- Introduction
-
Part I: The Cybersecurity Challenge
- Chapter 1: Defining the Cybersecurity Challenge
- Chapter 2: Meeting the Cybersecurity Challenge
-
Part II: A New Enterprise Cybersecurity Architecture
-
Chapter 3: Enterprise Cybersecurity Architecture
- Systems Administration
- Network Security
- Application Security
- Endpoint, Server, and Device Security
- Identity, Authentication, and Access Management
- Data Protection and Cryptography
- Monitoring, Vulnerability, and Patch Management
- High Availability, Disaster Recovery, and Physical Protection
- Incident Response
- Asset Management and Supply Chain
- Policy, Audit, E-Discovery, and Training
- Chapter 4: Implementing Enterprise Cybersecurity
-
Chapter 5: Operating Enterprise Cybersecurity
- Operational Responsibilities
- High-Level IT and Cybersecurity Processes
- Operational Processes and Information Systems
-
Functional Area Operational Objectives
- Systems Administration
- Network Security
- Application Security
- Endpoint, Server, and Device Security
- Identity, Authentication, and Access Management
- Data Protection and Cryptography
- Monitoring, Vulnerability, and Patch Management
- High Availability, Disaster Recovery, and Physical Protection
- Incident Response
- Asset Management and Supply Chain
- Policy, Audit, E-Discovery, and Training
-
Chapter 6: Enterprise Cybersecurity and the Cloud
- Introducing the Cloud
- Cloud Protection Challenges
-
Planning Enterprise Cybersecurity for the Cloud
- Systems Administration
- Network Security
- Application Security
- Endpoint, Server, and Device Security
- Identity, Authentication, and Access Management
- Data Protection and Cryptography
- Monitoring, Vulnerability, and Patch Management
- High Availability, Disaster Recovery, and Physical Protection
- Incident Response
- Asset Management and Supply Chain
- Policy, Audit, E-Discovery, and Training
-
Chapter 7: Enterprise Cybersecurity for Mobile and BYOD
- Introducing Mobile and BYOD
- Challenges with Mobile and BYOD
-
Enterprise Cybersecurity for Mobile and BYOD
- Systems Administration
- Network Security
- Application Security
- Endpoint, Server, and Device Security
- Identity, Authentication, and Access Management
- Data Protection and Cryptography
- Monitoring, Vulnerability, and Patch Management
- High Availability, Disaster Recovery, and Physical Protection
- Incident Response
- Asset Management and Supply Chain
- Policy, Audit, E-Discovery, and Training
-
Chapter 3: Enterprise Cybersecurity Architecture
-
Part III: The Art of Cyberdefense
- Chapter 8: Building an Effective Defense
-
Chapter 9: Responding to Incidents
-
The Incident Response Process
- Incident Response Step 1: Identify the Incident
- Incident Response Step 2: Investigate the Incident
- Incident Response Step 3: Collect Evidence
- Incident Response Step 4: Report the Results
- Incident Response Step 5: Contain the Incident
- Incident Response Step 6: Repair Gaps or Malfunctions
- Incident Response Step 7: Remediate Compromised Accounts, Computers, and Networks
- Incident Response Step 8: Validate Remediation and Strengthen Security Controls
- Incident Response Step 9: Report the Conclusion of the Incident
- Incident Response Step 10: Resume Normal IT Operations
- Supporting the Incident Response Process
-
The Incident Response Process
-
Chapter 10: Managing a Cybersecurity Crisis
- Devastating Cyberattacks and “Falling Off the Cliff”
- Keeping Calm and Carrying On
- Managing the Recovery Process
-
Recovering Cybersecurity and IT Capabilities
- Building the Bridge While You Cross It
- Preparing to Rebuild and Restore
- Closing Critical Cybersecurity Gaps
- Establishing Interim IT Capabilities
- Conducting Prioritized IT Recovery and Cybersecurity Improvements
- Establishing Full Operating Capabilities for IT and Cybersecurity
- Cybersecurity Versus IT Restoration
- Maximum Allowable Risk
- Ending the Crisis
- Being Prepared for the Future
-
Part IV: Enterprise Cyberdefense Assessment
- Chapter 11: Assessing Enterprise Cybersecurity
-
Chapter 12: Measuring a Cybersecurity Program
- Cybersecurity Measurement
-
Cybersecurity Program Measurement
- OM Step 1: Define the Question(s) to Be Answered
- OM Step 2: Select Appropriate Objects to Measure
- OM Step 3: For Each Object, Define the Object Characteristics to Measure
- OM Step 4: For Each Characteristic, Create a Value Scale
- OM Step 5: Measure Each Characteristic Using the Value Scale
- OM Step 6: Calculate the Overall Cybersecurity Program Assessment Index Using Object Measurement
- Visualizing Cybersecurity Assessment Scores
- Cybersecurity Measurement Summary
- Chapter 13: Mapping Against Cybersecurity Frameworks
-
Part V: Enterprise Cybersecurity Program
-
Chapter 14: Managing an Enterprise Cybersecurity Program
-
Enterprise Cybersecurity Program Management
- Cybersecurity Program Step 1: Assess Assets, Threats, and Risks
- Cybersecurity Program Step 2: Identify Security Scopes
- Cybersecurity Program Step 3: Assess Risk Mitigations, Capabilities by Functional Area, and Security Operations
- Cybersecurity Program Step 4: Identify Target Security Levels
- Cybersecurity Program Step 5: Identify Deficient Areas
- Cybersecurity Program Step 6: Prioritize Remediation and Improvements
- Cybersecurity Program Step 7: Resource and Execute Improvements
- Cybersecurity Program Step 8: Collect Operational Metrics
- Cybersecurity Program Step 9: Return to Step 1
- Assessing Security Status
- Analyzing Enterprise Cybersecurity Improvements
- Prioritizing Improvement Projects
- Tracking Cybersecurity Project Results
-
Enterprise Cybersecurity Program Management
- Chapter 15: Looking to the Future
-
Chapter 14: Managing an Enterprise Cybersecurity Program
-
Part VI: Appendices
-
Appendix A: Common Cyberattacks
- 1. Phishing / Spearphishing
- 2. Drive-By / Watering Hole / Malvertising
- 3. Code Injection / Webshell
- 4. Keylogging / Session Hijacking
- 5. Pass-the-Hash and Pass-the-Ticket
- 6. Credential Harvesting
- 7. Gate-Crashing
- 8. Malware / Botnet
- 9. Distributed Denial-of-Service (DDoS)
- 10. Identity Theft
- 11. Industrial Espionage
- 12. Pickpocket
- 13. Bank Heist
- 14. Ransomware
- 15. Webnapping
- 16. Hijacking
- 17. Decapitation
- 18. Sabotage
- 19. Sniper / Laser / Smart Bomb
- 20. Smokeout / Lockout
- 21. Infestation / Whack-a-Mole
- 22. Burndown
- 23. Meltdown
- 24. Defamation
- 25. Graffiti
- 26. Smokescreen / Diversion
- 27. Fizzle
-
Appendix B: Cybersecurity Frameworks
- (ISC)2 Common Body of Knowledge (CBK)
- ISO 27001/27002 Version 2013
- ISO 27001/27002 Version 2005
- NIST SP800-53 Revisions 3 and 4
- NIST Cybersecurity Framework (2014)
- DHS Cyber Resilience Review (CRR)
- Council on CyberSecurity Critical Security Controls
- Australian DSD Strategies to Mitigate Targeted Cyberintrusions
- PCI DSS Version 3.0
- HIPAA Security Rule
- HITRUST Common Security Framework (CSF)
- NERC CIP Cyber Security Version 5
- NERC CIP Cyber Security Version 3
-
Appendix C: Enterprise Cybersecurity Capabilities
- Systems Administration (SA)
- Network Security (NS)
- Application Security (AS)
- Endpoint, Server, and Device Security (ESDS)
- Identity, Authentication, and Access Management (IAAM)
- Data Protection and Cryptography (DPC)
- Monitoring, Vulnerability, and Patch Management (MVPM)
- High Availability, Disaster Recovery, and Physical Protection (HADRPP)
- Incident Response (IR)
- Asset Management and Supply Chain (AMSC)
- Policy, Audit, E-Discovery, and Training (PAET)
- References
- Appendix D: Sample Cybersecurity Policy
-
Appendix E: Cybersecurity Operational Processes
- Supporting Information Systems
- 1. Policies and Policy Exception Management
- 2. Project and Change Security Reviews
- 3. Risk Management
- 4. Control Management
- 5. Auditing and Deficiency Tracking
- 6. Asset Inventory and Audit
- 7. Change Control
- 8. Configuration Management Database Re-certification
- 9. Supplier Reviews and Risk Assessments
- 10. Cyberintrusion Response
- 11. All-Hazards Emergency Preparedness Exercises
- 12. Vulnerability Scanning, Tracking, and Management
- 13. Patch Management and Deployment
- 14. Security Monitoring
- 15. Password and Key Management
- 16. Account and Access Periodic Re-certification
- 17. Privileged Account Activity Audit
- Appendix F: Object Measurement
-
Appendix G: Cybersecurity Capability Value Scales
- Systems Administration (SA)
- Network Security (NS)
- Application Security (AS)
- Endpoint, Server, and Device Security (ESDS)
- Identity, Authentication, and Access Management (IAAM)
- Data Protection and Cryptography (DPC)
- Monitoring, Vulnerability, and Patch Management (MVPM)
- High Availability, Disaster Recovery, and Physical Protection (HADRPP)
- Incident Response (IR)
- Asset Management and Supply Chain (AMSC)
- Policy, Audit, E-Discovery, and Training (PAET)
- Appendix H: Cybersecurity Sample Assessment
- Appendix I: Network Segmentation
- Glossary
- Bibliography
-
Appendix A: Common Cyberattacks
- Index
Product information
- Title: Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats
- Author(s):
- Release date:
- Publisher(s): Apress
- ISBN: None
You might also like
book
Enterprise Cybersecurity Study Guide: How to Build a Successful Cyberdefense Program Against Advanced Threats
Use the methodology in this study guide to design, manage, and operate a balanced enterprise cybersecurity …
book
Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers
Understand the process of setting up a successful cyber threat intelligence (CTI) practice within an established …
book
Building an Information Security Awareness Program
The best defense against the increasing threat of social engineering attacks is Security Awareness Training to …
book
IT Security Risk Control Management: An Audit Preparation Plan
Follow step-by-step guidance to craft a successful security program. You will identify with the paradoxes of …