Information security handbook : develop a threat model and incident response strategy to build a strong information security framework / Darren Death.

Format:

Book

Author/Creator:

Death, Darren, author.

Language:

English

Subjects (All):

Computer networks--Security measures.

Computer networks.

Physical Description:

1 online resource (1 volume) : illustrations

Edition:

1st edition

Place of Publication:

Birmingham, [England] ; Mumbai, [India] : Packt Publishing, 2017.

System Details:

Mode of access: World Wide Web.

text file

Biography/History:

Death Darren: Darren Death is ASRC Federal's Chief Information Security Officer. He is responsible for managing the enterprise cybersecurity program across a 3 billion-dollar portfolio of business sectors, including financial services, government contracting, and construction. A proven technology leader with over 20 years of experience deploying enterprise systems for large private and public organizations, Darren Death has led, designed, and implemented large-scale, organizational-wide enterprise IT systems with far-reaching impact. Before joining ASRC Federal, while at the Department of Justice, he was responsible for creating a nationwide enterprise processing capability across the US Attorney, Marshalls Service, and the Bureau of Alcohol, Tobacco, and Firearms divisions. At the Library of Congress, Darren was responsible for all emerging technologies related to information security. He holds a doctoral degree in information technology, specializing in information assurance and cybersecurity.

Summary:

Implement information security effectively as per your organization's needs. About This Book Learn to build your own information security framework, the best fit for your organization Build on the concepts of threat modeling, incidence response, and security analysis Practical use cases and best practices for information security Who This Book Is For This book is for security analysts and professionals who deal with security mechanisms in an organization. If you are looking for an end to end guide on information security and risk analysis with no prior knowledge of this domain, then this book is for you. What You Will Learn Develop your own information security framework Build your incident response mechanism Discover cloud security considerations Get to know the system development life cycle Get your security operation center up and running Know the various security testing types Balance security as per your business needs Implement information security best practices In Detail Having an information security mechanism is one of the most crucial factors for any organization. Important assets of organization demand a proper risk management and threat model for security, and so information security concepts are gaining a lot of traction. This book starts with the concept of information security and shows you why it's important. It then moves on to modules such as threat modeling, risk management, and mitigation. It also covers the concepts of incident response systems, information rights management, and more. Moving on, it guides you to build your own information security framework as the best fit for your organization. Toward the end, you'll discover some best practices that can be implemented to make your security framework strong. By the end of this book, you will be well-versed with all the factors involved in information security, which will help you build a security framework that is a perfect fit your organization's requirements. Style and approach This book takes a practical approach, walking you through information security fundamentals, along with information security best practices.

Contents:

Cover

Copyright

Credits

About the Author

About the Reviewers

www.PacktPub.com

Customer Feedback

Table of Contents

Preface

Chapter 1: Information and Data Security Fundamentals

Information security challenges

Evolution of cybercrime

The modern role of information security

IT security engineering

Information assurance

The CIA triad

Organizational information security assessment

Risk management

Information security standards

Policies

Training

Key components of an effective training and awareness program

Summary

Chapter 2: Defining the Threat Landscape

What is important to your organization and who wants it?

Compliance

Hackers and hacking

Black hat hacker

White hat or ethical hacker

Blue hat hacker

Grey hat hacker

Penetration testing

Hacktivist

Script kiddie

Nation state

Cybercrime

Methods used by the attacker

Exploits

Hacker techniques

Methods of conducting training and awareness

Closing information system vulnerabilities

Vulnerability management

The case for vulnerability management

Chapter 3: Preparing for Information and Data Security

Establishing an information security program

Don't start from scratch, use a framework

Security program success factors

Executive or board support

Supporting the organization's mission

Rightsizing information security for the organization

Security awareness and training program

Information security built into SDLC

Information security program maturity

Information security policies

Information security program policy

Operational policy

System-specific policy

Standards

Procedures

Guidelines

Recommended operational policies

Planning policy

Access control policy

Awareness and training policy.

Auditing and accountability policy

Configuration management policy

Contingency planning policy

Identification and authentication policy

Incident response policy

Maintenance policy

Media protection policy

Personnel security policy

Physical and environmental protection policy

Risk assessment policy

Security assessment policy

System and communications protection policy

System and information integrity policy

Systems and services acquisitions policy

Chapter 4: Information Security Risk Management

What is risk?

Who owns organizational risk?

Risk ownership

What is risk management?

Where is your valuable data?

What does my organization have that is worth protecting?

Intellectual property trade secrets

Personally Identifiable Information - PII

Personal Health Information - PHI

General questions

Performing a quick risk assessment

Risk management is an organization-wide activity

Business operations

IT operations

Personnel

External organization

Risk management life cycle

Information categorization

Data classification looks to understand

Data classification steps

Determining information assets

Finding information in the environment

Disaster recovery considerations

Backup storage considerations

Types of storage options

Questions you should ask your business users regarding their information's location

Questions you should ask your IT organization regarding the information's location

Organizing information into categories

Examples of information type categories

Publicly available information

Credit card information

Trade secrets

Valuing the information and establishing impact

Valuing information

Establishing impact

Security control selection

Information security frameworks.

Security control implementation

Assessing implemented security controls

Authorizing information systems to operate

Monitoring information system security controls

Calculating risk

Qualitative risk analysis

Identifying your organizations threats

Identifying your organizations vulnerabilities

Pairing threats with vulnerabilities

Estimating likelihood

Estimating impact

Conducting the risk assessment

Management choices when it comes to risk

Quantitative analysis

Qualitative risk assessment example

Chapter 5: Developing Your Information and Data Security Plan

Determine your information security program objectives

Example information security program activities

Elements for a successful information security program

Analysis to rightsizing your information security program

Compliance requirements

Is your organization centralized or decentralized?

Centralized

Decentralized

What is your organization's business risk appetite?

How mature is your organization?

Helping to guarantee success

Business alignment

Information security is a business project not an IT project

Organizational change management

Key information security program plan elements

Develop your information security program strategy

Establish key initiatives

Define roles and responsibilities

Defining enforcement authority

Pulling it all together

Chapter 6: Continuous Testing and Monitoring

Types of technical testing

SDLC considerations for testing

Project initiation

Requirements analysis

System design

System implementation

System testing

Operations and maintenance

Disposition

SDLC summary

Continuous monitoring

Information security assessment automation

Effective reporting of information security status.

Alerting of information security weakness

Vulnerability assessment

Business relationship with vulnerability assessment

Vulnerability scanning

Vulnerability scanning process

Vulnerability resolution

Phases of a penetration test

Difference between vulnerability assessment and penetration testing

Examples of successful attacks in the news

Point of sale system attacks

Cloud-based misconfigurations

Chapter 7: Business Continuity/Disaster Recovery Planning

Scope of BCDR plan

Business continuity planning

Disaster recovery planning

Focus areas for BCDR planning

Management

Operational

Technical

Designing the BCDR plan

Requirements and context gathering - business impact assessment

Inputs to the BIA

Outputs from the BIA

Sample BIA form

Define technical disasters recovery mechanisms

Identify and document required resources

Conduct a gap analysis

Develop disaster recovery mechanisms

Develop your plan

Develop recovery teams

Establish relocation plans

Develop detailed recovery procedures

Test the BCDR plan

Chapter 8: Incident Response Planning

Do I need an incident response plan?

Components of an incident response plan

Preparing the incident response plan

Understanding what is important

Prioritizing the incident response plan

Determining what normal looks Like

Observe, orient, decide, and act - OODA

Incident response procedure development

Identification - detection and analysis

Identification - incident response tools

Observational (OODA) technical tools

Orientation (OODA) tools

Decision (OODA) tools

Remediation - containment/recovery/mitigation

Remediation - incident response tools

Act (Response) (OODA) tools

Post incident activity

Lessons-learned sessions.

Incident response plan testing

Chapter 9: Developing a Security Operations Center

Responsibilities of the SOC

Management of security operations center tools

Security operation center toolset design

Using already implemented toolsets

Security operations center roles

Log or information aggregation

Log or information analysis

Processes and procedures

Events versus alerts versus incidents

False positive versus false negative/true positive versus true negative

Remediation - containment/eradication/recovery

Security operations center tools

Security operations center advantages

MSSP advantages

Chapter 10: Developing an Information Security Architecture Program

Information security architecture and SDLC/SELC

Conducting an initial information security analysis

Purpose and description of the information system

Determining compliance requirements

Compliance standards

Documenting key information system and project roles

Project roles

Information system roles

Defining the expected user types

Documenting interface requirements

Documenting external information systems access

Conducting a business impact assessment

Conducting an information categorization

Developing a security architecture advisement program

Partnering with your business stakeholders

Information security architecture process

Example information security architecture process

Chapter 11: Cloud Security Consideration

Cloud computing characteristics

Cloud computing service models

Infrastructure as a Service - IaaS

Platform as a Service - PaaS

Software as a Service - SaaS

Cloud computing deployment models

Public cloud

Private cloud

Community cloud

Hybrid cloud.

Cloud computing management models.

Notes:

Includes bibliographical references and index.

Description based on online resource; title from PDF title page (EBC, viewed January 27, 2018).

ISBN:

9781788473262

1788473264

OCLC:

1019827284