Tabla de Contenidos: “…Chapter 25 The Urgency of Having a Cyber Risk Management Plan -- The NIST Framework -- New Securities Exchange Corporation Cybersecurity Regulations -- Risk Management Pillars for the New Technological Era -- Risk Management Strategies at the Organizational Level -- All-Inclusive Approach to Risk Management -- Tools to Help Enable Cyber Risk Management: Encryption and Cryptography -- Digital Conversion Tools -- Cybersecurity Equals Economic Resilience -- The Need for Government and Industry Cooperation -- Conclusion: Emerging Technologies, Cybersecurity, and Our Digital Future -- Notes -- Acknowledgments -- About the Author -- Index -- EULA…”

Tabla de Contenidos: “…EXPOSICIÓN DE LA METODOLOGÍA NIST SP (...); 19. EXPOSICIÓN DE LA METODOLOGÍA MAGERIT (...); 20. …”

Tabla de Contenidos: “…Vulnerability life cycle; 6.4. NIST Security Content Automation Protocol (SCAP) Ecosystem…”

Tabla de Contenidos: “…-- Information in This Chapter: -- Introduction -- Defining intelligence -- The intelligence cycle -- Types of intelligence -- The professional analyst -- Denial and deception -- Intelligence throughout the ages -- Sun Tzu -- Julius Caesar -- George Washington -- Bletchley Park -- Conclusion -- References -- Chapter 3 - Building a network security intelligence model -- Information in This Chapter: -- Introduction -- Defining cyber threat intelligence -- The anatomy of an attack -- Approaching cyber attacks differently -- A note about time to live -- Incorporating the intelligence lifecycle into security workflow -- Intelligence is alive -- A picture is worth a thousand words -- Automation -- Conclusion -- References -- Chapter 4 - Gathering data -- Information in This Chapter: -- Introduction -- The continuous monitoring framework -- NIST cybersecurity framework -- The framework core -- Framework implementation tiers -- The framework profile -- Security + intelligence -- The business side of security -- Planning a phased approach -- The goal -- The initial assessment -- Analyzing the current security state -- Moving to the next phase…”

Tabla de Contenidos: “…-- Expectation of Privacy -- Chapter 5: Choosing Your Procedures -- Forensic Imaging -- Determining Your Comfort Level -- Forensic Imaging Method Pros and Cons -- Creating Forms and Your Lab Manual -- Chain of Custody Forms -- Request Forms -- Report Forms -- Standard Operating Procedures Manual -- Chapter 6: Testing Your Tools -- When Do You Need to Test -- Collecting Data for Public Research or Presentations -- Testing a Forensic Method -- Testing a Tool -- Where to Get Test Evidence -- Raw Images -- Creating Your Own Test Images -- Forensic Challenges -- Learn Forensics with David Cowen on YouTube -- Honeynet Project -- DC3 Challenge -- DFRWS Challenge -- SANS Forensic Challenges -- High School Forensic Challenge -- Collections of Tool Testing Images -- Digital Forensic Tool Testing Images -- NIST Computer Forensics Reference Data Sets Images -- The Hacking Case -- NIST Computer Forensics Tool Testing -- Chapter 7: Live vs. …”

Tabla de Contenidos: “…-- Principles -- Open Web Application Security Project -- NIST's Secure Software Development Framework -- MITRE frameworks -- Software development lifecycles -- Microsoft's Security Development Lifecycle -- Confidentiality, integrity, and availability -- Summary -- Self-assessment questions -- Answers -- Chapter 2: Designing a Secure Functional Model -- Requirements gathering and specification -- Non-functional requirements and security -- Capturing scenarios -- Textual use cases and misuse cases -- Graphical use cases and misuse cases -- Graphical use case diagram -- Graphical misuse case diagram -- Example enterprise secure functional model -- Purchase of tickets via self-service -- Trying to purchase tickets beyond the patron limit -- Summary -- Self-assessment questions -- Answers -- Chapter 3: Designing a Secure Object Model -- Identify objects and relationships -- Class diagrams -- Stereotypes -- Invariants -- Example of the enterprise secure object model -- Summary -- Self-assessment questions -- Answers -- Chapter 4: Designing a Secure Dynamic Model -- Technical requirements -- Object behavior -- Modeling interactions between objects -- UML sequence diagrams -- UML activity diagrams -- Constraints -- Example of the enterprise secure dynamic model -- Summary -- Self-assessment questions -- Answers -- Chapter 5: Designing a Secure System Model -- Partitions -- Modeling interactions between partitions -- UML component diagrams -- Patterns -- Example - developing an enterprise secure system model -- Summary -- Self-assessment questions -- Answers -- Chapter 6: Threat Modeling -- Threat model overview -- The STRIDE threat model -- The DREAD threat model…”

Tabla de Contenidos: “…Vernam; 4.4 The One-Time Pad; 4.5 Finding the Key of Vernam-Vigenère Ciphertext with Known Period by Correlation; 4.6 Coincidence; 4.7 Venona; 4.8 Polyalphabetic Substitution Problems; CHAPTER 5 STATISTICAL TESTS; 5.1 Weaknesses in a Cryptosystem; 5.2 The Kolmogorov-Smirnov Test; 5.3 NIST's Proposed Statistical Tests; 5.4 Diagnosis…”

Tabla de Contenidos: “…Risk and Control Reporting Techniques -- Key Performance Indicators -- Key Risk Indicators -- Key Control Indicators -- Chapter Review -- Quick Review -- Questions -- Answers -- Chapter 4 Information Technology and Security -- Enterprise Architecture -- Platforms -- Software -- Databases -- Operating Systems -- Networks -- Cloud -- Gateways -- Enterprise Architecture Frameworks -- Implementing a Security Architecture -- IT Operations Management -- Project Management -- Business Continuity and Disaster Recovery Management -- Business Impact Analysis -- Recovery Objectives -- Recovery Strategies -- Plan Testing -- Resilience and Risk Factors -- Data Lifecycle Management -- Standards and Guidelines -- Data Retention Policies -- Hardware Disposal and Data Destruction Policies -- Systems Development Life Cycle -- Planning -- Requirements -- Design -- Development -- Testing -- Implementation and Operation -- Disposal -- SDLC Risks -- Emerging Technologies -- Information Security Concepts, Frameworks, and Standards -- Confidentiality, Integrity, and Availability -- Access Control -- Data Sensitivity and Classification -- Identification and Authentication -- Authorization -- Accountability -- Non-Repudiation -- Frameworks, Standards, and Practices -- NIST Risk Management Framework -- ISO 27001/27002/27701/31000 -- COBIT 2019 (ISACA) -- The Risk IT Framework (ISACA) -- Security and Risk Awareness Training Programs -- Awareness Tools and Techniques -- Developing Organizational Security and Risk Awareness Programs -- Data Privacy and Data Protection Principles -- Security Policies -- Access Control -- Physical Access Security -- Network Security -- Human Resources -- Chapter Review -- Quick Review -- Questions -- Answers -- Appendix A Implementing and Managing a Risk Management Program -- Today's Risk Landscape -- What Is a Risk Management Program?…”

Tabla de Contenidos: “…Cover -- Title Page -- Copyright and Credits -- Dedication -- Foreword -- Contributors -- Table of Contents -- Part 1: Attack Preparation -- Chapter 1: Mindset and Methodologies -- Approach and mindset -- The approach -- The process -- The testing techniques -- The baseline competencies -- The mindset -- Methodologies and frameworks -- NIST SP 800-115 -- Penetration Testing Execution Standard (PTES) -- OWASP's WSTG -- ISECOM's OSSTMM -- The recipe -- Summary -- Further reading -- Chapter 2: Toolset for Web Attacks and Exploitation -- Technical requirements -- Operating systems and the tools of the trade -- Operating system -- Linux -- Windows -- macOS -- Browser -- Interception proxy -- Python for automating web tasks -- Virtualization and containerization systems -- VirtualBox -- Docker -- Summary -- Further reading -- Part 2: Evergreen Attacks -- Chapter 3: Attacking the Authentication Layer - a SAML Use Case -- Technical requirements -- Scenario files -- The Doors of Durin SAML login scenario -- How does SAML work and what are its vulnerabilities? …”

Tabla de Contenidos: “…Objectives of the Business Impact Analysis Developing the Project Plan BIA Process Steps Performing the BIA Gathering Information Performing a Vulnerability Assessment Analyzing the Information Documenting the Results and Presenting the Recommendations Risk Risk Management Risk Framework Risk Assessment or Evaluation Risk Mitigation and Response Risk Monitoring Risk Assessment Secure Configuration Management Phases of Security-Focused Configuration Management Security Configuration Management Plan Coordination Configuration Control Change Control Board (CCB) or Technical Review Board (TRB) Configuration Items Baseline Identification Functional Baseline Design Baseline Development Baseline Product Baseline Roles and Responsibilities Change Control Process Change Classifications Change Control Forms Problem Resolution Tracking Measurements Configuration Status Accounting Configuration Management Libraries Release Management (RM) Configuration Audits Functional Configuration Audit Physical Configuration Audit Tools Training Training Approach Contingency Planning Types of Plans Business Continuity Plan (BCP) Continuity of Operations (COOP) Plan Cyber Incident Response Plan Disaster Recovery Plan (DRP) Contingency Plan (CP) Occupant Emergency Plan (OEP) Crisis Communications Plan Backup Methods and Off-Site Storage Cloud Computing Essential Characteristics Service Models Continuous Monitoring Continuous Monitoring Strategy Organization (Tier 1) and Mission/Business Processes (Tier 2) Continuous Monitoring Strategy Information System (Tier 3) Continuous Monitoring Strategy Process Roles and Responsibilities Define Sample Populations Continuous Monitoring Program Determine Metrics Monitoring and Assessment Frequencies Considerations in Determining Assessment and Monitoring Frequencies Physical Security History Security Level (SL) Determination Threat Factors/Criteria Building Security Level Matrix Building Security Level Scoring Criteria Mission/Business Public Impact Building Occupants Building Square Footage Impact on Tenants Other Factors Level E Facilities Campuses, Complexes, and Corporate or Commercial Centers Changes in the Building Security Level Building Security Illumination Lighting for CCTV Surveillance Building Security Levels Minimum Security Standards Entry Security Interior Security Security Planning The Certification and Accreditation Process Accreditation Decisions Continuous Monitoring General Process Phase I Security Categorization System Security Plans (SSPs) Risk Assessments (RAs) Contingency Plans (CPs) Security Control Compliance Matrix (SCCM) Standard Operating Procedures (SOPs) Privacy Impact Assessment (PIA) Configuration Management Plan (CMP) Service Level Agreements (SLAs) General Process Phase II: Security Test and Evaluation (ST&E) Develop the Security Test and Evaluation (ST&E) Plan Execute the ST&E Plan Create the ST&E Report and Recommend Countermeasures Update the Risk Assessment Update the Security Plan Document Certification Findings General Management and Methodologies Employed Methodologies Internal Review Procedures End-State Security Model Appendix A: List of References (NIST ) Appendix B: List of References (FIPS) Appendix C: Sample Certification Statement Appendix D: Sample Rules of Engagement…”

Tabla de Contenidos: “…-- Preparation -- Identification or Analysis -- Containment, Mitigation, or Eradication -- Recovery -- Post-incident -- Your Computer Security Incident Response Team -- Cybersecurity Frameworks -- NIST Cybersecurity Framework -- ISO 27000 Cybersecurity Frameworks -- CIS Controls -- COBIT Cybersecurity Framework -- Security Frameworks and Cloud Security -- Chapter 6 Step 6: Control Your Data Assets -- The CIA Triad -- Access Control -- Patch Management -- Physical Security and Your Data -- Malware -- Cryptography Basics -- Bring Your Own Device and Working from Home -- Managed Service Providers -- The Dark Web and Your Data -- Security Leaders on Cyber Defense -- Control Your Data -- Chapter 7 Step 7: Understand the Human Factor -- Social Engineering -- Phishing -- What Can NFTs and ABA Teach Us About Social Engineering? …”

Tabla de Contenidos: “…Getting started with Responsible AI in your organization -- Regulatory compliance in Azure Policy for Azure Machine Learning -- Azure Security Benchmark -- Federal Risk and Authorization Management Program -- New Zealand Information Security Manual (restricted) -- NIST SP 800-53 Rev. 5 -- Reserve Bank of India IT Framework for Banks v2016 -- Compliance auditing and reporting -- Azure portal -- Azure Resource Graph Explorer -- Compliance automation in Azure -- Azure Blueprints -- IaC -- Summary -- Part 2: Securing Your Data -- Chapter 4: Data Protection and Governance -- Working with data governance in Azure -- Identifying challenges -- Exploring benefits -- Getting started using cloud data best practices -- Exploring Azure tools and resources -- Storing and retrieving data in Azure Machine Learning -- Connecting datastores -- Adding data assets -- Encrypting and securing data -- Encryption at rest -- Encryption in transit -- Exploring backup and recovery -- Reviewing backup options for your datastores -- Recovering your workspace -- Summary -- Chapter 5: Data Privacy and Responsible AI Best Practices -- Technical requirements -- Working with Python -- Running a notebook in Azure Machine Learning -- Installing the SmartNoise SDK -- Installing Fairlearn -- Discovering and protecting sensitive data -- Identifying sensitive data -- Exploring data anonymization -- Introducing differential privacy -- Mitigating fairness -- Fairlearn -- Working with model interpretability -- Exploring the Responsible AI dashboard -- Exploring FL and secure multi-party computation -- FL with Azure Machine Learning -- Summary -- Further reading -- Part 3: Securing and Monitoring Your AI Environment -- Chapter 6: Managing and Securing Access -- Working with the PoLP -- Authenticating with Microsoft Entra ID -- Implementing RBAC -- Working with built-in roles…”

Tabla de Contenidos: “…-- Evaluating Architectural Fit and Integration -- Evaluating Actual Operational Work Involved -- The Difference between Monitoring and Participation -- Finding the Right Guidance -- HIPAA/HITECH -- HITRUST -- PCI-DSS -- ISO Information Security Management Standards 27001, 27002, 27017, 27018 -- ISO/IEC 27018 - Public Cloud PII Protection -- ISO/IEC 27017 - Cloud Services Security Controls -- Certified Vendors ISO 17021, and Separation of Duties -- American Institute of Certified Public Accountants/Service Organizational Controls Reports -- NIST Cybersecurity Framework (NIST CSF) -- CSA CCM, CAIQ, and STAR Registry -- CURES Act and HITECH Certification Requirements -- What Does This All Mean?…”

Tabla de Contenidos: “…-- 1.3 The Inception of Zero Trust Concept -- 1.3.1 Cloud Security Alliance's Software Define Perimeter and Zero Trust -- 1.3.2 Google's BeyondCorp Zero Trust Model -- 1.3.3 Gartner's CARTA Framework for Zero Trust -- 1.3.3.1 CARTA's Zero Trust Implementation Approach -- 1.3.4 Netflix's LISA Model for Zero Trust -- 1.3.4.1 LISA Principles -- 1.3.5 Forrester's ZTX Framework -- 1.3.6 NIST SP 800:207 Zero Trust Framework -- 1.3.6.1 NIST's Zero Trust Architecture Foundation -- 1.3.6.2 Policy Engine -- 1.3.6.3 Policy Administrator -- 1.3.6.4 Policy Enforcement Point -- 1.3.7 The Open Group Zero Trust's Approach -- 1.3.7.1 Key Requirements for Zero Trust as per the Open Group -- 1.3.7.2 Organizational Value and Risk Alignment -- 1.3.7.3 Guardrails and Governance -- 1.3.7.4 Technology -- 1.3.7.5 Security Controls -- 1.3.8 Microsoft's Zero Trust Principles -- 1.4 Why Zero Trust Is Important -- 1.5 Benefits of Zero Trust -- 1.6 Zero Trust Principle Redefined -- 1.6.1 Re-Examine All Default Access Controls -- 1.6.2 Micro-Segmentation -- 1.6.3 Preventing Lateral Movement -- 1.6.4 Leverage a Variety of Preventative Techniques -- 1.6.5 Enable Real-Time Monitoring and Controls to Identify and Halt Malicious Activity Quickly -- 1.6.6 Align to the Broader Security Strategy -- 1.7 Zero Trust for Everyone -- 1.7.1 Government -- 1.7.2 Enterprises -- 1.7.3 Small and Medium Businesses -- 1.7.4 Consumers -- 1.8 Chapter Summary -- 2 Zero Trust - Disrupting the Business Model…”

Tabla de Contenidos: “…1.5.4 Part IV: Unsupervised Hyperspectral Analysis 1.5.5 Part V: Hyperspectral Information Compression; 1.5.6 Part VI: Hyperspectral Signal Coding; 1.5.7 Part VII: Hyperspectral Signal Feature Characterization; 1.5.8 Applications; 1.5.8.1 Chapter 30: Applications of Target Detection; 1.5.8.2 Chapter 31: Nonlinear Dimensionality Expansion to Multispectral Imagery; 1.5.8.3 Chapter 32: Multispectral Magnetic Resonance Imaging; 1.6 Laboratory Data to be Used in This Book; 1.6.1 Laboratory Data; 1.6.2 Cuprite Data; 1.6.3 NIST/EPA Gas-Phase Infrared Database…”

Tabla de Contenidos: “…-- History and Evolution -- Forrester's Zero Trust eXtended (ZTX) Model -- Gartner's Approach to Zero Trust -- Our Perspective on Zero Trust -- Core Principles -- Expanded Principles -- A Working Definition -- Zero Trust Platform Requirements -- Summary -- Chapter 3: Zero Trust Architectures -- A Representative Enterprise Architecture -- Identity and Access Management -- Network Infrastructure (Firewalls, DNS, Load Balancers) -- Jump Boxes -- Privileged Access Management -- Network Access Control -- Intrusion Detection/Intrusion Prevention -- Virtual Private Network -- Next-Generation Firewalls -- Security Information and Event Management -- Web Server and Web Application Firewall -- Infrastructure as a Service -- Software as a Service and Cloud Access Security Brokers -- A Zero Trust Architecture -- The NIST Zero Trust Model -- A Conceptual Zero Trust Architecture -- Policy Components -- Types of Policy Enforcement Points -- What Is a Policy Enforcement Point? …”

Tabla de Contenidos: “…Common Pitfalls -- Common Cloud Vulnerabilities -- Describe the Secure Software Development Lifecycle Process -- NIST Secure Software Development Framework -- OWASP Software Assurance Security Model -- Business Requirements -- Phases and Methodologies -- Apply the Secure Software Development Lifecycle -- Avoid Common Vulnerabilities During Development -- Cloud-Specific Risks -- Quality Assurance -- Threat Modeling -- Software Configuration Management and Versioning -- Apply Cloud Software Assurance and Validation -- Functional Testing -- Security Testing Methodologies -- Use Verified Secure Software -- Approved Application Programming Interfaces -- Supply-Chain Management -- Third-Party Software Management -- Validated Open-Source Software -- Comprehend the Specifics of Cloud Application Architecture -- Supplemental Security Components -- Cryptography -- Sandboxing -- Application Virtualization and Orchestration -- Design Appropriate Identity and Access Management Solutions -- Federated Identity -- Identity Providers -- Single Sign-On -- Multifactor Authentication -- Cloud Access Security Broker -- Summary -- Domain 5 Cloud Security Operations -- Implement and Build Physical and Logical Infrastructure for Cloud Environment -- Hardware-Specific Security Configuration Requirements -- Installation and Configuration of Virtualization Management Tools -- Virtual Hardware-Specific Security Configuration Requirements -- Installation of Guest Operating System Virtualization Toolsets -- Operate Physical and Logical Infrastructure for Cloud Environment -- Configure Access Control for Local and Remote Access -- Secure Network Configuration -- Operating System Hardening through the Application of Baselines -- Availability of Stand-Alone Hosts -- Availability of Clustered Hosts -- Availability of Guest Operating Systems…”

Tabla de Contenidos: “…Exposición de la metodología NIST SP 800-30 -- 19. Exposición de la metodología Magerit versión 2 -- 20. …”

Tabla de Contenidos: “…Cover -- Copyright -- Credits -- About the Author -- About the Reviewers -- www.PacktPub.com -- Customer Feedback -- Table of Contents -- Preface -- Chapter 1: Common Web Applications and Architectures -- Common architectures -- Standalone models -- Three-tier models -- Model-View-Controller design -- Web application hosting -- Physical hosting -- Virtual hosting -- Cloud hosting -- Containers - a new trend -- Application development cycles -- Coordinating with development teams -- Post deployment - continued vigilance -- Common weaknesses - where to start -- Web application defenses -- Standard defensive elements -- Additional layers -- Summary -- Chapter 2: Guidelines for Preparation and Testing -- Picking your favorite testing framework -- Frameworks through a product -- Train like you play -- The EC-Council approach -- The GIAC/SANS approach -- The Offensive Security approach -- Open source methodologies and frameworks -- ISECOM's OSSTMM -- ISSAF -- NIST publications -- OWASP's OTG -- Keeping it legal and ethical -- What is legal? …”