Tabla de Contenidos: “…Compliance with Standards -- NIST -- ISO 27002 -- COBIT -- Summary -- References -- Part II: Data Security -- Chapter 8: Securing Unstructured Data -- Structured Data vs. …”

Tabla de Contenidos: “…Routes to information sharing -- Part III Appendices -- Appendix A - Standards -- Cyber security standards -- ISO/IEC 27000 series standards -- Other relevant ISO standards -- Business continuity standards -- National Institute of Standards and Technology (NIST) standards -- Appendix B - Good Practice Guidelines -- General cyber security advice -- UK government cyber security advice -- Appendix C - Cyber Security Law -- UK Law -- EU Directives and Regulations -- Appendix D - Training and Qualifications -- Generic cyber security training and qualifications -- Specific cyber security training and qualifications -- Appendix E - Links to Other Useful Organisations -- Appendix F - Further Reading -- Appendix G - Abbreviations and Glossary -- Abbreviations -- Glossary -- Index -- Back Cover…”

“…In the concluding chapters, you will use three NIST-recommended systems: the Advanced Encryption Standard (AES), the Secure Hash Algorithm (SHA), and the Rivest-Shamir-Adleman (RSA). …”

Tabla de Contenidos: “…SOVD example, demo, and details -- Example of a diagnostic message using UDS and SOVD -- Example of an SOVD interface as part of applications on the server side -- SOVD documentation and demo -- SOVD and UDS comparison -- Summary -- References -- Part 3: Secure Development for Automotive IoT -- Chapter 6: Exploring Secure Development Processes for Automotive IoT -- An overview of security threats and the need for security and secure development processes -- New cybersecurity threats -- Examples of recent attacks -- Simplified threat model of automotive IoT ecosystem -- ISO/SAE 21434 and ASPICE for Cybersecurity -- ISO/SAE 21434 Overview -- ISO/SAE 21434 organizational-level requirements -- ISO/SAE 21434 project-level requirements -- ASPICE for Cybersecurity overview -- ASPICE for Cybersecurity - security activities -- NIST Cybersecurity Framework, ISO 27001, SOC 2, and OWASP -- NIST Cybersecurity Framework -- ISO 27001 -- SOC 2 -- OWASP -- DevSecOps and agile development -- V-model -- Agile -- Scrum -- DevSecOps -- Summary -- References -- Chapter 7: Establishing a Secure Software Development Platform -- Activities in the SSDLC -- TARA/threat model -- Requirements review -- Design review -- Code review -- Static application security testing -- Vulnerability scanning -- Fuzz testing -- Dynamic application security testing -- Interactive application security testing -- Penetration testing -- Project inventory -- Project information and risk level -- Cybersecurity assurance level and activities -- Example project inventory -- Practical steps for establishing a secure software development platform -- Purpose and need -- Overview of the secure software development platform -- Requirements, policies, and compliance -- Vulnerability management -- AppSec tooling -- Common AppSec tooling and test approaches -- SAST -- SCA -- DAST -- Fuzz testing…”

Tabla de Contenidos: “…2.8.3 - Recommendation 2: Impact assessments of emerging technologies should be inclusive, easy to use and flexibleAcronyms; References; Chapter 3 - The Evolution of the Smart Grid Threat Landscape and Cross-Domain Risk Assessment; 3.1 - Introduction; 3.2 - Smart Grid Architectures: The Basics; 3.2.1 - GridWise Interoperability Context-Setting Framework; 3.2.2 - NIST Smart Grid Framework; 3.2.3 - Smart Grid Architecture Model and EU Mandate M490; 3.3 - Smart Grid Threat Landscape; 3.3.1 - Threat Types; 3.3.2 - Threat Agents; 3.3.3 - Attack Vectors; 3.3.4 - Case Studies…”

Tabla de Contenidos: “…-- Selecting essential cybersecurity metrics -- Why and how organizations can automate this process -- What pitfalls to avoid when automating the workflows of the blue team -- Automating how KRIs are collected and presented -- Summary -- Chapter 3: Risk Assessment -- Following the NIST methodology -- NIST risk assessment methodology -- Asset inventory -- Risk management methods -- Threat identification -- Risk calculation -- Risk management responsibilities -- Summary -- References -- Chapter 4: Blue Team Operations -- Understanding defense strategy -- Blue team operations - infrastructure -- Blue team operations - applications…”

“…In this regard, the National Institute of Standards and Technology (NIST) began to standardize post-quantum cryptography in 2016. …”

Tabla de Contenidos: “…Protective failure -- Continuous protection -- Redundancy -- Use of standardized cryptography -- Summary -- Further reading -- Chapter 3: Threat Landscape against Vehicle Components -- Threats against external vehicle interfaces -- Backend-related threats -- Connectivity threats -- Threats against the E/E topology -- Highly distributed E/E architecture -- Domain-centralized E/E architecture -- Central vehicle computer architecture -- Threats against in-vehicle networks -- CAN -- FlexRay -- Ethernet -- The Unified Diagnostic Services (UDS) protocol -- SAE J1939 protocols -- SAE J2497 (PLC4TRUCKS) -- Threats against sensors -- Common ECU threats -- Debug ports -- Flash programming -- Power and mode manipulation -- Tampering with machine learning algorithms -- Software attacks -- Disclosure and tampering of cryptographic keys -- Summary -- References -- Part 2: Understanding the Secure Engineering Development Process -- Chapter 4: Exploring the Landscape of Automotive Cybersecurity Standards -- Primary standards -- UNECE WP.29 -- Chinese regulation and standardization -- Secondary standards -- IATF 16949:2016 -- Automotive SPICE (ASPICE) -- Trusted Information Security Assessment Exchange (TISAX) -- SAE J3101 - hardware-protected security for ground vehicles -- Coding and software standards -- NIST cryptographic standards -- Supporting standards and resources -- MITRE Common Weakness Enumeration (CWE) -- US DoT NHTSA Cybersecurity Best Practices for the Safety of Modern Vehicles -- ENISA good practices for the security of smart cars -- SAE J3061 - cybersecurity guidebook for cyber-physical vehicle systems -- ISO/IEC 27001 -- NIST SP 800-160 -- Uptane -- Summary -- References -- Chapter 5: Taking a Deep Dive into ISO/SAE21434 -- Notations -- At a glance - the ISO 21434 standard -- Organizational cybersecurity management -- Management systems…”

Tabla de Contenidos: “…Delving into TOGAF, ArchiMate, and related tools -- EA -- Introducing TOGAF's ADM -- Building blocks -- Architecture patterns -- EA wrap-up -- Introducing security frameworks -- COBIT for risk -- NIST -- ITIL in a nutshell -- Summary -- Chapter 3: Understanding ATAM and the Software Quality Attributes -- Introducing ATAM -- Understanding sensitivity points, trade-off points, risks, and non-risks -- Exploring quality attributes -- Getting started with quality-attribute scenarios -- Practical use case -- Utility trees -- Quality-attribute scenarios -- Identified sensitivity points…”

Tabla de Contenidos: “…Integration with other Defender security products -- Microsoft Defender for Endpoint -- Microsoft Defender for Cloud Apps -- Microsoft Purview Data Loss Prevention -- How Defender for Office 365 could have averted famous attacks -- Democratic National Committee email hack -- Sony Pictures Entertainment hack -- Summary -- References -- Chapter 3: The Security Wild WestBasic Checks and Balances -- Common security frameworks and approaches -- ISO 27001 -- NIST Cybersecurity Framework -- HIPAA -- PCI DSS -- GDPR -- FISMA -- What are an organization's vision, policies, and procedures?…”

Tabla de Contenidos: “…Cover -- FM -- Copyright -- Foreword -- Contributors -- Table of Contents -- Preface -- Chapter 1: Introduction to Cloud Computing -- Making the Most Out of this Book -- Your Certification and Beyond -- What is Cloud Computing? -- The NIST Definition of Cloud Computing -- Evolution of the Cloud Computing Model -- Evolution of Cloud Computing Architectures -- Why Cloud Computing? …”

Tabla de Contenidos:

Tabla de Contenidos: “…Healthcare InstitutionsFinancial Institutions; Cyber Security Information Sharing Legislation: Watch this Space; Best Practices, Standards, and Frameworks; PCI DSS; NIST Cyber Security Framework; Defense in Depth; Tier 1 Security Technologies; Tier 2 Security Technologies; Update and Evaluate Security Products and Technologies; Cyber Security and the Human Factor; Today's Information Assurance Needs; Chapter 2: Threat Forecasting; Synopsis; Introduction; Threat Forecasting; Dangers of Technology Sprawl; High Speed Big Data Collection and Surveillance; Threat Epidemiology…”

Tabla de Contenidos: “…; Assessments Are the Right Thing to Do; Assessments Are Required; Information Protection Requirements; National Institute of Standards and Technology (NIST) Guidance; North American Electric Reliability Council (NERC) Critical Infrastructure Protection (CIP) Standards; Water Infrastructure Security Enhancement (WISE); The Critical Infrastructure Information Act of 2002…”

Tabla de Contenidos: “…SAS 70 ExampleCloud and ISMS; Data; Loss; Risks; De-perimeterization; De-perimeterization as a Strategy; Cloud Security Practice; IaaS Practice; PaaS Practice; SaaS Practice; Governance and Security Standards; Basic Authentication; Digest Authentication; Open Authorization; OpenID; Security Assertion Markup Language (SAML); Conclusion; CHAPTER 5 Cloud Implementation Implementation Architecture and Cloud-Related Technologies; Functional and Management Interfaces; NIST Cloud Implementation Architecture; Service Layer; IaaS Service Layer; PaaS Service Layer; SaaS Service Layer…”

Tabla de Contenidos: “…Process Optimization: A Review of Key PointsThe NIST Approach; Summary; References; Chapter 13. A Blueprint for Security; Introduction; Risk in the Development Lifecycle; Security Architecture; Patterns and Baselines; Architectural Risk Analysis; Summary; Reference; Chapter 14. …”

Tabla de Contenidos: “…Kad je posla dičaka po ništ 308 -- Der Bub wurde um nichts geschickt 309 -- 51. …”

Tabla de Contenidos: “…Cover -- Cover -- Title Page -- Copyright and Credit -- Dedication -- Contributors -- Table of Contents -- Preface -- Part 1: Getting Started with Okta -- Chapter 1: IAM and Okta -- Exploring the origins of Okta -- Understanding IAM and Okta -- Exploring Okta -- Zero trust -- Discovering the basic features of Okta -- Universal Directory -- Single sign-on -- Multifactor authentication and adaptive multifactor authentication -- Lifecycle management -- Advanced features of Okta -- Okta Advanced Server Access -- Workflows -- Okta Access Gateway -- API Access Gateway -- Okta and NIST -- Summary -- Chapter 2: Working with Universal Directory -- Directory integrations -- Microsoft AD integration -- LDAP integration -- Everything about users -- Using groups -- Types of groups in Okta -- Using AD groups -- Creating users in AD through Okta groups -- Pushing groups -- Deleting groups -- Assigning applications to groups -- Some best practices for group usage -- Overview of devices -- Registering a device -- Summary -- Chapter 3: Using Single Sign-On for a Great End User Experience -- Using single sign-on with Okta -- Understanding global session policies -- Using the Okta dashboard -- Setting up Agentless Desktop single sign-on -- Simplifying administration with the Okta Integration Network -- Setting up a basic integration with Secure Web Authentication -- SWA with the App Integration Wizard -- Using SAML and OpenID Connect applications -- Managing inbound SSO -- IdP discovery -- Summary -- Chapter 4: Increasing Security with Adaptive Multifactor Authentication -- Factor types -- Knowledge factors -- Possession factors -- Biometric factors -- Authenticators and enrollment -- Knowledge factors -- Possession factors -- Biometric factors -- MFA enrollment -- Contextual access management -- Device security signals -- Integrating with MDM…”

Tabla de Contenidos: “…HMG SECURITY-RELATED DOCUMENTS -- HMG SECURITY POLICY FRAMEWORK -- THE NATIONAL SECURITY STRATEGY -- CONTEST, THE UNITED KINGDOM'S STRATEGY FOR COUNTERING TERRORISM -- THE MINIMUM CYBER SECURITY STANDARD -- THE UK CYBER SECURITY STRATEGY 2016-2021 -- UK GOVERNMENT SECURITY CLASSIFICATIONS -- SUMMARY -- APPENDIX A - TAXONOMIES AND DESCRIPTIONS -- INFORMATION RISK -- TYPICAL IMPACTS OR CONSEQUENCES -- APPENDIX B - TYPICAL THREATS AND HAZARDS -- MALICIOUS INTRUSION (HACKING) -- ENVIRONMENTAL THREATS -- ERRORS AND FAILURES -- SOCIAL ENGINEERING -- MISUSE AND ABUSE -- PHYSICAL THREATS -- MALWARE -- APPENDIX C - TYPICAL VULNERABILITIES -- ACCESS CONTROL -- POOR PROCEDURES -- PHYSICAL AND ENVIRONMENTAL SECURITY -- COMMUNICATIONS AND OPERATIONS MANAGEMENT -- PEOPLE-RELATED SECURITY FAILURES -- APPENDIX D - INFORMATION RISK CONTROLS -- STRATEGIC CONTROLS -- TACTICAL CONTROLS -- OPERATIONAL CONTROLS -- THE CENTRE FOR INTERNET SECURITY CONTROLS VERSION 8 -- ISO/IEC 27001:2017 CONTROLS -- NIST SPECIAL PUBLICATION 800-53 REVISION 5 -- APPENDIX E - METHODOLOGIES, GUIDELINES AND TOOLS -- METHODOLOGIES -- OTHER GUIDELINES AND TOOLS -- APPENDIX F - TEMPLATES -- APPENDIX G - HMG CYBERSECURITY GUIDELINES -- HMG CYBER ESSENTIALS SCHEME -- 10 STEPS TO CYBER SECURITY -- APPENDIX H - REFERENCES AND FURTHER READING -- PRIMARY UK LEGISLATION -- GOOD PRACTICE GUIDELINES -- OTHER REFERENCE MATERIAL -- NCSC CERTIFIED PROFESSIONAL SCHEME -- OTHER UK GOVERNMENT PUBLICATIONS -- RISK MANAGEMENT METHODOLOGIES -- UK AND INTERNATIONAL STANDARDS -- APPENDIX I - DEFINITIONS, STANDARDS AND GLOSSARY OF TERMS -- DEFINITIONS AND GLOSSARY OF TERMS -- INFORMATION RISK MANAGEMENT STANDARDS -- INDEX -- Back cover…”