Information security handbook develop a threat model and incident response strategy to build a strong information security framework
Implement information security effectively as per your organization's needs. About This Book Learn to build your own information security framework, the best fit for your organization Build on the concepts of threat modeling, incidence response, and security analysis Practical use cases and bes...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham, [England] ; Mumbai, [India] :
Packt Publishing
2017.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009630116806719 |
Tabla de Contenidos:
- Cover
- Copyright
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- Customer Feedback
- Table of Contents
- Preface
- Chapter 1: Information and Data Security Fundamentals
- Information security challenges
- Evolution of cybercrime
- The modern role of information security
- IT security engineering
- Information assurance
- The CIA triad
- Organizational information security assessment
- Risk management
- Information security standards
- Policies
- Training
- Key components of an effective training and awareness program
- Summary
- Chapter 2: Defining the Threat Landscape
- What is important to your organization and who wants it?
- Compliance
- Hackers and hacking
- Black hat hacker
- White hat or ethical hacker
- Blue hat hacker
- Grey hat hacker
- Penetration testing
- Hacktivist
- Script kiddie
- Nation state
- Cybercrime
- Methods used by the attacker
- Exploits
- Hacker techniques
- Methods of conducting training and awareness
- Closing information system vulnerabilities
- Vulnerability management
- The case for vulnerability management
- Summary
- Chapter 3: Preparing for Information and Data Security
- Establishing an information security program
- Don't start from scratch, use a framework
- Security program success factors
- Executive or board support
- Supporting the organization's mission
- Rightsizing information security for the organization
- Security awareness and training program
- Information security built into SDLC
- Information security program maturity
- Information security policies
- Information security program policy
- Operational policy
- System-specific policy
- Standards
- Procedures
- Guidelines
- Recommended operational policies
- Planning policy
- Access control policy
- Awareness and training policy.
- Auditing and accountability policy
- Configuration management policy
- Contingency planning policy
- Identification and authentication policy
- Incident response policy
- Maintenance policy
- Media protection policy
- Personnel security policy
- Physical and environmental protection policy
- Risk assessment policy
- Security assessment policy
- System and communications protection policy
- System and information integrity policy
- Systems and services acquisitions policy
- Summary
- Chapter 4: Information Security Risk Management
- What is risk?
- Who owns organizational risk?
- Risk ownership
- What is risk management?
- Where is your valuable data?
- What does my organization have that is worth protecting?
- Intellectual property trade secrets
- Personally Identifiable Information - PII
- Personal Health Information - PHI
- General questions
- Performing a quick risk assessment
- Risk management is an organization-wide activity
- Business operations
- IT operations
- Personnel
- External organization
- Risk management life cycle
- Information categorization
- Data classification looks to understand
- Data classification steps
- Determining information assets
- Finding information in the environment
- Disaster recovery considerations
- Backup storage considerations
- Types of storage options
- Questions you should ask your business users regarding their information's location
- Questions you should ask your IT organization regarding the information's location
- Organizing information into categories
- Examples of information type categories
- Publicly available information
- Credit card information
- Trade secrets
- Valuing the information and establishing impact
- Valuing information
- Establishing impact
- Security control selection
- Information security frameworks.
- Security control implementation
- Assessing implemented security controls
- Authorizing information systems to operate
- Monitoring information system security controls
- Calculating risk
- Qualitative risk analysis
- Identifying your organizations threats
- Identifying your organizations vulnerabilities
- Pairing threats with vulnerabilities
- Estimating likelihood
- Estimating impact
- Conducting the risk assessment
- Management choices when it comes to risk
- Quantitative analysis
- Qualitative risk assessment example
- Summary
- Chapter 5: Developing Your Information and Data Security Plan
- Determine your information security program objectives
- Example information security program activities
- Elements for a successful information security program
- Analysis to rightsizing your information security program
- Compliance requirements
- Is your organization centralized or decentralized?
- Centralized
- Decentralized
- What is your organization's business risk appetite?
- How mature is your organization?
- Helping to guarantee success
- Business alignment
- Information security is a business project not an IT project
- Organizational change management
- Key information security program plan elements
- Develop your information security program strategy
- Establish key initiatives
- Define roles and responsibilities
- Defining enforcement authority
- Pulling it all together
- Summary
- Chapter 6: Continuous Testing and Monitoring
- Types of technical testing
- SDLC considerations for testing
- Project initiation
- Requirements analysis
- System design
- System implementation
- System testing
- Operations and maintenance
- Disposition
- SDLC summary
- Continuous monitoring
- Information security assessment automation
- Effective reporting of information security status.
- Alerting of information security weakness
- Vulnerability assessment
- Business relationship with vulnerability assessment
- Vulnerability scanning
- Vulnerability scanning process
- Vulnerability resolution
- Penetration testing
- Phases of a penetration test
- Difference between vulnerability assessment and penetration testing
- Examples of successful attacks in the news
- Point of sale system attacks
- Cloud-based misconfigurations
- Summary
- Chapter 7: Business Continuity/Disaster Recovery Planning
- Scope of BCDR plan
- Business continuity planning
- Disaster recovery planning
- Focus areas for BCDR planning
- Management
- Operational
- Technical
- Designing the BCDR plan
- Requirements and context gathering - business impact assessment
- Inputs to the BIA
- Outputs from the BIA
- Sample BIA form
- Define technical disasters recovery mechanisms
- Identify and document required resources
- Conduct a gap analysis
- Develop disaster recovery mechanisms
- Develop your plan
- Develop recovery teams
- Establish relocation plans
- Develop detailed recovery procedures
- Test the BCDR plan
- Summary
- Chapter 8: Incident Response Planning
- Do I need an incident response plan?
- Components of an incident response plan
- Preparing the incident response plan
- Understanding what is important
- Prioritizing the incident response plan
- Determining what normal looks Like
- Observe, orient, decide, and act - OODA
- Incident response procedure development
- Identification - detection and analysis
- Identification - incident response tools
- Observational (OODA) technical tools
- Orientation (OODA) tools
- Decision (OODA) tools
- Remediation - containment/recovery/mitigation
- Remediation - incident response tools
- Act (Response) (OODA) tools
- Post incident activity
- Lessons-learned sessions.
- Incident response plan testing
- Summary
- Chapter 9: Developing a Security Operations Center
- Responsibilities of the SOC
- Management of security operations center tools
- Security operation center toolset design
- Using already implemented toolsets
- Security operations center roles
- Log or information aggregation
- Log or information analysis
- Processes and procedures
- Identification - detection and analysis
- Events versus alerts versus incidents
- False positive versus false negative/true positive versus true negative
- Remediation - containment/eradication/recovery
- Security operations center tools
- Security operations center advantages
- MSSP advantages
- Summary
- Chapter 10: Developing an Information Security Architecture Program
- Information security architecture and SDLC/SELC
- Conducting an initial information security analysis
- Purpose and description of the information system
- Determining compliance requirements
- Compliance standards
- Documenting key information system and project roles
- Project roles
- Information system roles
- Defining the expected user types
- Documenting interface requirements
- Documenting external information systems access
- Conducting a business impact assessment
- Inputs to the BIA
- Conducting an information categorization
- Developing a security architecture advisement program
- Partnering with your business stakeholders
- Information security architecture process
- Example information security architecture process
- Summary
- Chapter 11: Cloud Security Consideration
- Cloud computing characteristics
- Cloud computing service models
- Infrastructure as a Service - IaaS
- Platform as a Service - PaaS
- Software as a Service - SaaS
- Cloud computing deployment models
- Public cloud
- Private cloud
- Community cloud
- Hybrid cloud.
- Cloud computing management models.
