My Account Log in

1 option

Building effective cybersecurity programs : a security manager's handbook / Tari Schreider ; Kristen Noakes-Fry, ABCI, editor.

Ebook Central Academic Complete Available online

View online
Format:
Book
Author/Creator:
Schreider, Tari, author.
Contributor:
Noakes-Fry, Kristen, editor.
Series:
A Rothstein Publishing Collection EBook Series
Language:
English
Subjects (All):
Internet--Security measures.
Internet.
Computer security.
Physical Description:
1 online resource (249 pages)
Edition:
1st ed.
Place of Publication:
Brookfield, Connecticut : Rothstein Publishing, 2018.
Summary:
You know by now that your company could not survive without the Internet. Not in today's market. You are either part of the digital economy or reliant upon it. With critical information assets at risk, your company requires a state-of-the-art cybersecurity program. But how do you achieve the best possible program? Tari Schreider, in Building Effective Cybersecurity Programs: A Security Manager's Handbook, lays out the step-by-step roadmap to follow as you build or enhance your cybersecurity program.
Contents:
Cover
Title page
Copyright
Dedication
Acknowledgments
Table of Contents
Preface
Introduction
Foreword
Chapter 1: Designing a Cybersecurity Program
1.1 Cybersecurity Program Design Methodology
1.1.1 Need for a Design to Attract the Best Personnel
1.1.2 A Recommended Design Approach: ADDIOI Model™
1.1.3 The Six Phases of the ADDIOI Model™
1.2 Defining Architectures, Frameworks, and Models
1.2.1 Program Design Guide
1.3 Design Principles
1.4 Good Practice vs. Best Practice
1.5 Adjust Your Design Perspective
1.6 Architectural Views
1.7 Cybersecurity Program Blueprint
1.8 Program Structure
1.8.1 Office of the CISO
1.8.2 Security Engineering
1.8.3 Security Operations
1.8.4 Cyber Threat Intelligence
1.8.5 Cyber Incident Response
1.8.6 Physical Security
1.8.7 Recovery Operations
1.9 Cybersecurity Program Frameworks and Models
1.9.1 HITRUST CSF
1.9.2 Information Security Forum (ISF) Framework
1.9.3 ISO/IEC 27001/27002 Information Security Management (ISMS)
1.9.4 NIST Cybersecurity Framework
1.10 Maturing Cybersecurity Programs
1.11 Cybersecurity Program Design Checklist
References
Chapter 2: Establishing a Foundation of Governance
2.1 Governance Overview
2.2 Cybersecurity Governance Playbook
2.3 Selecting a Governance Framework
2.3.1 COBIT® 5: Framework for Information Technology Governance and Control
2.3.2 COSO 2013 Internal Control - Integrated Framework
2.3.3 Information Governance Reference Model (IGRM)
2.3.4 Information Coalition - Information Governance Model
2.3.5 OCEG GRC Capability Model™ 3.0 (Red Book)
2.4 Governance Oversight Board
2.5 Cybersecurity Policy Model
2.5.1 Cybersecurity Policy Management
2.5.2 Cybersecurity Policy Management Software
2.6 Governance, Risk, and Compliance (GRC) Software.
2.7 Key Cybersecurity Program Management Disciplines
2.8 Creating a Culture of Cybersecurity
2.9 Governance Foundation Checklist
Chapter 3: Building a Cyber Threat, Vulnerability Detection, and Intelligence Capability
3.1 Cyber Threats and Vulnerabilities
3.1.1 Threats, Vulnerability, and Intelligence Mode
3.2 Cyber Threats
3.2.1 Lesson from the Honeybees
3.2.2 Cyber Threat Categories
3.2.3 Threat Taxonomies
3.2.3.1 Threat Taxonomy Sources
3.2.4 Cyber Threat Actors
3.2.5 Cyber Threat-Hunting
3.2.5.1 Cyber Threat-Hunting Tools
3.2.6 Cyber Threat-Modeling
3.2.6.1 Cyber Threat Analysis and Modeling (TAM) Products
3.2.7 Cyber Threat Detection Solutions
3.2.8 Cyber Threat Metrics
3.2.8.1 Example Cyber Threat Metrics
3.2.9 Cybersecurity Threat Maps
3.3 Vulnerability Management
3.3.1 Vulnerability Scanning
3.3.2 Patch Management
3.3.2.1 Virtual Patch Management
3.4 Attack Surface
3.4.1 Attack Surface Mapping
3.4.2 Shadow IT Attack Surface
3.4.3 Attack Surface Classification
3.5 Cyber Threat Intelligence
3.5.1 Cyber Threat Intelligence Services
3.5.2 Cyber Threat Intelligence Program Use Cases
3.6 Cyber Kill Chain
3.7 Cyber Threat, Vulnerability Detection, and Intelligence Checklist
Chapter 4: Building a Cyber Risk Management Capability
4.1 Cyber Risk
4.1.1 Cyber Risk Landscape
4.1.2 Risk Types
4.1.3 Cyber Risk Appetite
4.1.3.1 Risk Appetite Statement
4.1.4 Risk Tolerance
4.1.5 Risk Threshold
4.1.6 Risk Acceptance
4.1.6.1 Risk Acceptance Statement
4.1.7 Inherent Risk
4.1.8 Residual Risk
4.1.9 Annualized Loss Expectancy (ALE)
4.1.10 Return on Investment (ROI)
4.2 Cyber Risk Assessments
4.2.1 Business Impact Assessment (BIA)
4.2.2 Calculating Risk
4.2.2.1 Risk Calculation Software.
4.2.3 Risk Registry
4.2.3.1 Risk Registry Products
4.3 Cyber Risk Standards
4.4 Cyber Risk Management Lifecycle
4.5 Cyber Risk Treatment
4.6 Risk Monitoring
4.7 Risk Reporting
4.8 Risk Management Frameworks
4.9 Risk Maturity Models
4.10 Third-Party Risk Management (TPRM)
4.10.1 TPRM Program Structure
4.10.2 Third-Party Attestation Services
4.11 Cyber Black Swans
4.12 Cyber Risk Cassandras
4.13 Cyber Risk Management Checklist
Chapter 5: Implementing a Defense-in-Depth Strategy
5.1 Defense-in-Depth
5.1.1 Industry Perception
5.1.2 Defense-in-Depth Models
5.1.3 Origin of Contemporary Defense-in-Depth Models
5.1.4 Defense-in-Depth Layer Categorization
5.1.5 Defense-in-Depth Criticism
5.1.6 Defensive Layers
5.2 Improving the Effectiveness of Defense-in-Depth
5.2.1 Governance, Risk and, Compliance (GRC) Domain
5.2.2 Threat and Vulnerability Management (TVM) Domain
5.2.3 Application, Database, and Software Protection (ADS) Domain
5.2.4 Security Operations (SecOps) Domain
5.2.5 Device and Data Protection (DDP) Domain
5.2.6 Cloud Service and Infrastructure Protection (CIP) Domain
5.3 Defense-in-Depth Model Schema
5.4 Open Source Software Protection
5.5 Defense-in-Depth Checklist
Chapter 6: Applying Service Management to Cybersecurity Programs
6.1 Information Technology Service Management (ITSM)
6.1.1 Brief History of ITSM and ITIL
6.2 Cybersecurity Service Management
6.2.1 Cybersecurity Service Management Approach
6.3 Cybersecurity Program Personnel
6.3.1 Applying the RACI-V Model to Cybersecurity Program Staffing
6.3.2 Applying the Kanban Method to Cybersecurity Program Staff Workflow
6.3.3 Bimodal IT Environments
6.4 Cybersecurity Operations Center (C-SOC)
6.5 Incident Management.
6.5.1 Incident Response Management Products
6.6 Security Automation and Orchestration (SAO)
6.7 DevSecOps
6.7.1 Rugged DevOps
6.7.2 DevSecOps Factory Model™
6.8 Software-Defined Security (SDSec)
6.9 Artificial Intelligence
6.10 Cybersecurity Program Operationalization Checklist
Appendix A: Useful Checklists and Information
Table A-1. Sample Cybersecurity Program Key Performance Measures (KPM)
Table A-2. Threat Fusion Platforms
Table A-3. Cybersecurity Maturity Models
Table A-4. Policy Management Software
Table A-5. Governance, Risk, and Compliance (GRC) Program Software Products
Table A-6. Vulnerability Scanning Solutions
Table A-7. Security Patch Management Solutions
Table A-8. Virtual Patching Solutions
Table A-9. IT Asset Management Products
Table A-10. Cloud Access Security Broker (CASB) Solutions
Table A-11. Threat Intelligence Services
Table A-12. Data Breach and Threats Reports
Table A-13. Managed Security Service Providers (MSSP)
Table A-14. Cybersecurity Automation and Orchestration Solutions
Credits
About the Author
More from Rothstein Publishing.
Notes:
Includes bibliographical references.
Description based on online resource; title from PDF title page (ebrary, viewed November 21, 2017).
Description based on publisher supplied metadata and other sources.
ISBN:
1-944480-51-X
OCLC:
1009301265

The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.

Find

Home Release notes

My Account

Shelf Request an item Bookmarks Fines and fees Settings

Guides

Using the Find catalog Using Articles+ Using your account