IT security controls : a guide to corporate standards and frameworks

IT security controls a guide to corporate standards and frameworks

Use this reference for IT security practitioners to get an overview of the major standards and frameworks, and a proposed architecture to meet them. The book identifies and describes the necessary controls and processes that must be implemented in order to secure your organization's infrastruct...

Descripción completa

Detalles Bibliográficos
Otros Autores: Viegas, Virgilio, author (author), Kuyucu, Oben, author
Formato: Libro electrónico
Idioma:Inglés
Publicado: [Place of publication not identified] : Apress [2022]
Materias:
Computer security.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009655514806719
Tabla de Contenidos:
  • Intro
  • Table of Contents
  • About the Authors
  • About the Technical Reviewers
  • Acknowledgments
  • Introduction
  • Please check our GitHub page
  • Chapter 1: The Cybersecurity Challenge
  • Types of Threats
  • Who Are These People?
  • How Do Cyberattacks Happen?
  • What Can We Do?
  • Summary
  • Chapter 2: International Security Standards
  • ISO 27001 and ISO 27002
  • Information Security Policies (Clause A.5)
  • Organization of Information Security (Clause A.6)
  • Human Resource Security (Clause A.7)
  • Before Hiring
  • Employees
  • Termination and reassignment
  • Asset Management (Clause A.8)
  • Access Control (Clause A.9)
  • Cryptography (Clause A.10)
  • Physical and Environmental Security (Clause A.11)
  • Operations Security (Clause A.12)
  • Communications Security (Clause A.13)
  • System Acquisition, Development, and Maintenance (Clause A.14)
  • Supplier Relationships (Clause A.15)
  • Incident Management (Clause A.16)
  • Business Continuity Management (Clause A.17)
  • Compliance (Clause A.18)
  • ISO 27002
  • PCI DSS
  • Goal 1: Build and Maintain a Secure Network
  • Goal 2: Protect Cardholder Data
  • Goal 3: Maintain a Vulnerability Management Program
  • Goal 4: Implement Strong Access Control Measures
  • Goal 5: Regularly Monitor and Test Networks
  • Goal 6: Maintain a Policy That Addresses Information Security
  • Prioritization
  • SWIFT: Customer Security Controls Framework
  • Summary
  • Chapter 3: Information Security Frameworks
  • NIST Frameworks
  • NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations
  • NIST SP 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems
  • NIST Cybersecurity Framework
  • COBIT 5 for Information Security
  • COBIT 5 Process Goals Applied to Information Security
  • Other Regulatory Frameworks
  • CIS Controls.
  • Saudi Arabia Monetary Authority (SAMA) Cybersecurity Framework
  • Reserve Bank of India
  • FIFA World Cup Qatar 2022
  • Monetary Authority of Singapore
  • BDDK
  • Others
  • Summary
  • Chapter 4: IT Security Technical Controls
  • Off-Premises Unmanaged Devices
  • MDM: Mobile Device Management
  • MAM: Mobile Application Management
  • NAC: Network Access Control
  • Multi-Factor Authentication
  • RASP for Mobile Applications
  • Secure Connections
  • OSI Model
  • TCP/IP Model
  • IPsec, SSH, and TLS
  • IPsec
  • SSH
  • TLS
  • Clean Pipes
  • DDoS Mitigation
  • Managed Devices
  • Directory Service Integration
  • Centralized Endpoint Management
  • TPM: Trusted Platform Module
  • VPN Client
  • NAC: Network Access Control
  • Data Classification
  • UAM: User Activity Monitoring
  • Endpoint Protection
  • Phishing Reporting Tool
  • Host IPS or EDR
  • Desktop Firewall
  • Antivirus
  • Antispyware
  • Full-Disk Encryption
  • Application Control and Application Whitelisting
  • Perimeter Security
  • Firewalls
  • Intrusion Detection and Intrusion Protection Systems
  • Proxy and Content (URL) Filtering
  • DLP: Data Loss Prevention
  • Honeypot
  • WAF: Web Application Firewall
  • SSL VPN
  • DNS
  • Internal DNS Servers
  • External DNS Servers
  • Message Security
  • Directory Integration for External Applications
  • Sandbox
  • File Integrity
  • Encrypted Email
  • On-Premises Support Controls
  • Access Control
  • Secure VLAN Segmentation
  • Security Baselines
  • Redundancy
  • Load Balancing
  • Encryption
  • Multi-tier and Multi-layer
  • Multi-layering
  • Multi-tiering
  • TLS Decryption
  • Perimeter Static Routing
  • Heartbeat Interfaces
  • Disaster Recovery
  • Time Synchronization
  • Log Concentrator
  • Routing and Management Networks
  • Management Networks
  • Perimeter Routing Networks
  • Centralized Management
  • Physical Network Segmentation
  • Sinkhole.
  • Public Key Infrastructure
  • Security Monitoring and Enforcement
  • Privileged Access Management
  • Security Information and Event Management
  • Database Activity Monitoring
  • Single Sign-on
  • Risk Register
  • Chapter 5: Corporate Information Security Processes and Services
  • Security Governance
  • Policies and Procedures
  • Cybersecurity and Risk Assessment
  • Penetration Testing
  • Red Teaming
  • Code Review and Testing
  • Compliance Scans
  • Vulnerability Scans
  • CVSS: Common Vulnerability Scoring System
  • CVE: Common Vulnerabilities and Exposures
  • CCE: Common Configuration Enumeration
  • CPE: Common Platform Enumeration
  • XCCDF: Extensible Configuration Checklist Description Format
  • OVAL: Open Vulnerability and Assessment Language
  • Vulnerability Scanning Procedures
  • Firewalls and Network Devices Assurance
  • Security Operations Center
  • Incident Response and Recovery
  • Preparation
  • Detection and Analysis
  • Containment, Eradication, and Recovery
  • Post-Incident Activity
  • Threat Hunting
  • Threat Intelligence
  • Security Engineering
  • Asset Management
  • Media Sanitation
  • Configuration and Patch Management
  • Security Architecture
  • Chapter 6: People
  • Security Awareness
  • Security Training
  • Chapter 7: Security Metrics
  • Governance and Oversight
  • Antivirus and Anti-Malware Metrics
  • Clean Pipes
  • Network Security
  • Internet Access: Proxy and Content Filtering
  • Security Awareness and Training
  • Firewall Management
  • Enterprise Mobility Management
  • Incident Management and Response
  • Vulnerability Management
  • Penetration Testing, Code Review, and Security Assessments
  • Change Management
  • Access Control
  • Other Metrics
  • Summary
  • Chapter 8: Case Studies
  • Target Data Breach
  • DynDNS Distributed Denial-of-Service Attack
  • NHS WannaCry Ransomware.
  • Chapter 9: Security Testing and  Attack Simulation Tools
  • Penetration Testing Tools
  • Information Gathering and Intelligence
  • Sniffers
  • Vulnerability Scanning
  • Web Application Vulnerability Scanning
  • SQL Injection
  • Network Tools
  • Breach and Attack Simulation
  • System Information Tools
  • Password Cracking
  • Session Hijacking
  • Steganography
  • Windows Log Tools
  • Wireless Network Tools
  • Bluetooth Attacks
  • Website Mirroring
  • Intrusion Detection
  • Mobile Devices
  • Social Engineering
  • IoT (Internet of Things)
  • User Awareness: eLearning
  • Forensics and Incident Response
  • HoneyPots
  • Summary
  • Appendix 1: IT Security Technical Controls, Processes, and Services Matrix
  • Appendix 2: Information Security Certifications
  • Appendix 3: Knowledge, Skills and Abilities (KSAs)
  • Appendix 4: Resource Library
  • Index.

Ejemplares similares