Executive's Cybersecurity Program Handbook A Comprehensive Guide to Building and Operationalizing a Complete Cybersecurity Program
Develop strategic plans for building cybersecurity programs and prepare your organization for compliance investigations and audits Key Features Get started as a cybersecurity executive and design an infallible security program Perform assessments and build a strong risk management framework Promote...
| Autor principal: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham :
Packt Publishing, Limited
2023.
|
| Edición: | 1st ed |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009724838406719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright and Credits
- Dedication
- Contributors
- Table of Contents
- Preface
- Part 1 - Getting Your Program Off the Ground
- Chapter 1: The First 90 Days
- Getting executive buy-in
- Budget or no budget?
- Vision statements
- Mission statements
- Program charters
- Purpose
- Scope
- Responsibilities
- Those responsible for the charter
- The pillars of your cybersecurity program
- Summary
- References
- Chapter 2: Choosing the Right Cybersecurity Framework
- What is a cybersecurity framework?
- Types of cybersecurity frameworks
- Examining security as a checkbox
- Understanding continual improvement
- Selecting the right framework
- The framework used in this book
- Summary
- References
- Chapter 3: Cybersecurity Strategic Planning through the Assessment Process
- Developing your cybersecurity strategy
- Who should perform the assessment?
- Preparing for the assessment
- Drafting an engagement letter
- Project initiation and information gathering
- Performing the assessment
- Wrapping up the assessment
- Administrative review of policy documents using the NIST CSF
- A technical review using the CIS controls
- Understanding the current and future state of your program
- Developing goals
- The exit interview
- Summary
- References
- Part 2 - Administrative Cybersecurity Controls
- Chapter 4: Establishing Governance through Policy
- The importance of governance
- The importance of policy documents
- Exploring PSPs
- Policies
- Standards
- Procedures
- Policy workflow
- Getting executive sign-off for policy documents
- Creating new policies
- Reviewing policies
- Building a framework layout
- Exploring policy objectives
- Summary
- References
- Chapter 5: The Security Team
- The need for more security professionals.
- Applying NIST NICE framework to your organization
- Exploring cybersecurity roles
- Cybersecurity analysts
- Cybersecurity engineers
- Cybersecurity architects
- Cybersecurity compliance specialists
- Head of security
- Exploring cybersecurity architectural frameworks
- SABSA
- TOGAF
- OSA
- Staffing - insourcing versus outsourcing
- Structuring the cybersecurity team
- Summary
- References
- Chapter 6: Risk Management
- Why do we need risk management?
- Exploring IT risks
- Human
- Technology
- Environmental
- The NIST RMF
- Tier 1 - organizational risk
- Tier 2 - mission/business process
- Tier 3 - information systems
- Applying risk management to IT resources
- Categorize
- Select
- Implement
- Assess
- Authorize
- Monitor
- Documenting in the SSP
- What is a risk register?
- Driving to a resolution
- Summary
- References
- Chapter 7: Incident Response
- NIST incident response methodology
- Preparation
- Detection and analysis
- Containment, eradication, and recovery
- Post-incident activity
- Incident response playbooks
- Train like we fight
- Walk-through exercises
- Tabletop exercises
- Live action exercises
- Summary
- References
- Chapter 8: Security Awareness and Training
- Understanding security awareness, training, and education
- Awareness
- Training
- Education
- Setting up a security training program
- Establishing the need for a security training program
- Obtaining executive support
- Developing metrics
- Examining course objectives
- Continuous improvement
- Training for compliance
- Summary
- References
- Part 3 - Technical Controls
- Chapter 9: Network Security
- The history of the internet
- The OSI model
- The first three OSI layers
- IPv4 addressing and micro-segmentation
- Traditional network security
- Traffic inspection
- Networks of today.
- Building trust into the network
- Virtual private networking and remote access
- Getting to know the "zero trust" concept
- Understanding firewall functionality
- Web application firewalls
- DNS firewalls
- Distributed denial of service
- Summary
- References
- Chapter 10: Computer and Server Security
- The history of operating systems
- Exploring server hardening steps
- Operating system patching
- Least privilege
- Removing unneeded services
- Host-based security
- Picking the right password
- MFA
- Secure software configurations
- Changing system defaults
- Remote management
- Zero trust
- Dangers of TOFU
- The IoT
- Understanding encryption
- Digital signatures
- Protecting the private key
- Summary
- References
- Chapter 11: Securing Software Development through DevSecOps
- Why introduce cybersecurity early?
- A new style in project management
- The six principles of DevSecOps
- Planning
- Building
- Testing
- Deploying
- Operating
- Code reviews
- Static application security testing
- Dynamic application security testing
- Software composition analysis
- Open source licensing
- Copyright licenses
- Copyleft licenses
- Permissive licenses
- Gitflow branching
- Secure coding checklists
- NIST
- SEI
- OWASP
- Embedded secrets
- Summary
- References
- Chapter 12: Testing Your Security and Building Metrics
- Understanding your requirements
- Business requirements
- Regulatory requirements
- Continuous evaluation of your security program
- Maintaining corporate security
- Maintaining third-party security
- Why CARE about metrics?
- Vulnerability metrics
- Incident reporting - red team versus blue team
- Reporting to the executive team and BoD
- System security plans and the risk register
- A risk heat map
- Balanced scorecard
- Summary
- References
- Index.
- Other Books You May Enjoy
- About Packt.
