8 steps to better security : a simple cyber resilience guide for business / Kim Crawley.

Format:

Book

Author/Creator:

Crawley, Kim, author.

Language:

English

Subjects (All):

Computer security.

Business enterprises--Computer networks--Security measures.

Business enterprises.

Computer networks--Management.

Computer networks.

Computer networks--Security measures.

Physical Description:

1 online resource (227 pages)

Place of Publication:

Hoboken, New Jersey : John Wiley & Sons, Inc., [2022]

Summary:

"Harden your business against internal and external cybersecurity threats with a single accessible resource. In 8 Steps to Better Security: A Simple Cyber Resilience Guide for Business, cybersecurity researcher and writer Kim Crawley delivers a grounded and practical roadmap to cyber resilience in any organization. Offering you the lessons she learned while working for major tech companies like Sophos, AT&T, BlackBerry Cylance, Tripwire, and Venafi, Crawley condenses the essence of business cybersecurity into eight steps. Written to be accessible to non-technical businesspeople as well as security professionals, and with insights from other security industry leaders, this important book will walk you through how to: foster a strong security culture that extends from the custodial team to the C-suite; build an effective security team, regardless of the size or nature of your business; comply with regulatory requirements, including general data privacy rules and industry-specific legislation; test your cybersecurity, including third-party penetration testing and internal red team specialists. Perfect for CISOs, security leaders, non-technical businesspeople, and managers at any level, 8 Steps to Better Security is also a must-have resource for companies of all sizes, and in all industries." -- Description provided by publisher.

Contents:

Cover

Title Page

Copyright Page

About the Author

Acknowledgments

Contents

Foreword

Introduction

Chapter 1 Step 1: Foster a Strong Security Culture

Kevin Mitnick, Human Hacker Extraordinaire

The Importance of a Strong Security Culture

Hackers Are the Bad Guys, Right?

What Is Security Culture?

How to Foster a Strong Security Culture

Security Leaders on Security Culture

What Makes a Good CISO?

The Biggest Mistakes Businesses Make When It Comes to Cybersecurity

The Psychological Phases of a Cybersecurity Professional

Chapter 2 Step 2: Build a Security Team

Why Step 2 Is Controversial

How to Hire the Right Security Team. . .the Right Way

Security Team Tips from Security Leaders

The "Culture Fit"-Yuck!

Cybersecurity Budgets

Design Your Perfect Security Team

Chapter 3 Step 3: Regulatory Compliance

What Are Data Breaches, and Why Are They Bad?

The Scary Truth Found in Data Breach Research

An Introduction to Common Data Privacy Regulations

The General Data Protection Regulation

The California Consumer Privacy Act

The Health Insurance Portability and Accountability Act

The Gramm-Leach-Bliley Act

Payment Card Industry Data Security Standard

Governance, Risk Management, and Compliance

More About Risk Management

Threat Modeling

Chapter 4 Step 4: Frequent Security Testing

What Is Security Testing?

Security Testing Types

Security Audits

Vulnerability Assessments Versus Penetration Testing

Red Team Testing

Bug Bounty Programs

What's Security Maturity?

The Basics of Security Audits and Vulnerability Assessments

Log Early, Log Often

Prepare for Vulnerability Assessments and Security Audits

A Concise Guide to Penetration Testing

Penetration Testing Based on Network Knowledge.

Penetration Testing Based on Network Aspects

Security Leaders on Security Maturity

Security Testing Is Crucial

Chapter 5 Step 5: Security Framework Application

What Is Incident Response?

Preparation

Identification or Analysis

Containment, Mitigation, or Eradication

Recovery

Post-incident

Your Computer Security Incident Response Team

Cybersecurity Frameworks

NIST Cybersecurity Framework

ISO 27000 Cybersecurity Frameworks

CIS Controls

COBIT Cybersecurity Framework

Security Frameworks and Cloud Security

Chapter 6 Step 6: Control Your Data Assets

The CIA Triad

Access Control

Patch Management

Physical Security and Your Data

Malware

Cryptography Basics

Bring Your Own Device and Working from Home

Managed Service Providers

The Dark Web and Your Data

Security Leaders on Cyber Defense

Control Your Data

Chapter 7 Step 7: Understand the Human Factor

Social Engineering

Phishing

What Can NFTs and ABA Teach Us About Social Engineering?

How to Prevent Social Engineering Attacks on Your Business

UI and UX Design

Internal Threats

Hacktivism

Chapter 8 Step 8: Build Redundancy and Resilience

Understanding Data and Networks

Building Capacity and Scalability with the Power of the Cloud

Back It Up, Back It Up, Back It Up

RAID

What Ransomware Taught Business About Backups

Business Continuity

Disaster Recovery

Chapter 9 Afterword

Step 1

The Most Notorious Cyberattacker Was Actually a Con Man

A Strong Security Culture Requires All Hands on Deck

Hackers Are the Good Guys, Actually

Recommended Readings

Step 2

Tackling the Cybersecurity Skills Gap Myth

Take "Culture Fit" Out of Your Vocabulary.

Your Cybersecurity Budget

Step 3

Data Breaches

Data Privacy Regulations

Risk Management

Step 4

Vulnerability Assessments

Penetration Testing

Recommended Reading

Step 5

Incident Response

Step 6

Physical Security

Cryptography

BYOD and Working from Home

Data Loss Prevention

Step 7

Step 8

Cloud Networks

Data Backups

Business Continuity and Disaster Recovery

Keeping Your Business Cyber Secure

Index

EULA.

Notes:

Description based on print version record.

Includes index.

ISBN:

9781119811244

1119811244

9781119811251

1119811252

OCLC:

1282302724