1 option
Building effective cybersecurity programs : a security manager's handbook / Tari Schreider ; Kristen Noakes-Fry, ABCI, editor.
- Format:
- Book
- Author/Creator:
- Schreider, Tari, author.
- Series:
- A Rothstein Publishing Collection EBook Series
- Language:
- English
- Subjects (All):
- Internet--Security measures.
- Internet.
- Computer security.
- Physical Description:
- 1 online resource (249 pages)
- Edition:
- 1st ed.
- Place of Publication:
- Brookfield, Connecticut : Rothstein Publishing, 2018.
- Summary:
- You know by now that your company could not survive without the Internet. Not in today's market. You are either part of the digital economy or reliant upon it. With critical information assets at risk, your company requires a state-of-the-art cybersecurity program. But how do you achieve the best possible program? Tari Schreider, in Building Effective Cybersecurity Programs: A Security Manager's Handbook, lays out the step-by-step roadmap to follow as you build or enhance your cybersecurity program.
- Contents:
- Cover
- Title page
- Copyright
- Dedication
- Acknowledgments
- Table of Contents
- Preface
- Introduction
- Foreword
- Chapter 1: Designing a Cybersecurity Program
- 1.1 Cybersecurity Program Design Methodology
- 1.1.1 Need for a Design to Attract the Best Personnel
- 1.1.2 A Recommended Design Approach: ADDIOI Model™
- 1.1.3 The Six Phases of the ADDIOI Model™
- 1.2 Defining Architectures, Frameworks, and Models
- 1.2.1 Program Design Guide
- 1.3 Design Principles
- 1.4 Good Practice vs. Best Practice
- 1.5 Adjust Your Design Perspective
- 1.6 Architectural Views
- 1.7 Cybersecurity Program Blueprint
- 1.8 Program Structure
- 1.8.1 Office of the CISO
- 1.8.2 Security Engineering
- 1.8.3 Security Operations
- 1.8.4 Cyber Threat Intelligence
- 1.8.5 Cyber Incident Response
- 1.8.6 Physical Security
- 1.8.7 Recovery Operations
- 1.9 Cybersecurity Program Frameworks and Models
- 1.9.1 HITRUST CSF
- 1.9.2 Information Security Forum (ISF) Framework
- 1.9.3 ISO/IEC 27001/27002 Information Security Management (ISMS)
- 1.9.4 NIST Cybersecurity Framework
- 1.10 Maturing Cybersecurity Programs
- 1.11 Cybersecurity Program Design Checklist
- References
- Chapter 2: Establishing a Foundation of Governance
- 2.1 Governance Overview
- 2.2 Cybersecurity Governance Playbook
- 2.3 Selecting a Governance Framework
- 2.3.1 COBIT® 5: Framework for Information Technology Governance and Control
- 2.3.2 COSO 2013 Internal Control - Integrated Framework
- 2.3.3 Information Governance Reference Model (IGRM)
- 2.3.4 Information Coalition - Information Governance Model
- 2.3.5 OCEG GRC Capability Model™ 3.0 (Red Book)
- 2.4 Governance Oversight Board
- 2.5 Cybersecurity Policy Model
- 2.5.1 Cybersecurity Policy Management
- 2.5.2 Cybersecurity Policy Management Software
- 2.6 Governance, Risk, and Compliance (GRC) Software.
- 2.7 Key Cybersecurity Program Management Disciplines
- 2.8 Creating a Culture of Cybersecurity
- 2.9 Governance Foundation Checklist
- Chapter 3: Building a Cyber Threat, Vulnerability Detection, and Intelligence Capability
- 3.1 Cyber Threats and Vulnerabilities
- 3.1.1 Threats, Vulnerability, and Intelligence Mode
- 3.2 Cyber Threats
- 3.2.1 Lesson from the Honeybees
- 3.2.2 Cyber Threat Categories
- 3.2.3 Threat Taxonomies
- 3.2.3.1 Threat Taxonomy Sources
- 3.2.4 Cyber Threat Actors
- 3.2.5 Cyber Threat-Hunting
- 3.2.5.1 Cyber Threat-Hunting Tools
- 3.2.6 Cyber Threat-Modeling
- 3.2.6.1 Cyber Threat Analysis and Modeling (TAM) Products
- 3.2.7 Cyber Threat Detection Solutions
- 3.2.8 Cyber Threat Metrics
- 3.2.8.1 Example Cyber Threat Metrics
- 3.2.9 Cybersecurity Threat Maps
- 3.3 Vulnerability Management
- 3.3.1 Vulnerability Scanning
- 3.3.2 Patch Management
- 3.3.2.1 Virtual Patch Management
- 3.4 Attack Surface
- 3.4.1 Attack Surface Mapping
- 3.4.2 Shadow IT Attack Surface
- 3.4.3 Attack Surface Classification
- 3.5 Cyber Threat Intelligence
- 3.5.1 Cyber Threat Intelligence Services
- 3.5.2 Cyber Threat Intelligence Program Use Cases
- 3.6 Cyber Kill Chain
- 3.7 Cyber Threat, Vulnerability Detection, and Intelligence Checklist
- Chapter 4: Building a Cyber Risk Management Capability
- 4.1 Cyber Risk
- 4.1.1 Cyber Risk Landscape
- 4.1.2 Risk Types
- 4.1.3 Cyber Risk Appetite
- 4.1.3.1 Risk Appetite Statement
- 4.1.4 Risk Tolerance
- 4.1.5 Risk Threshold
- 4.1.6 Risk Acceptance
- 4.1.6.1 Risk Acceptance Statement
- 4.1.7 Inherent Risk
- 4.1.8 Residual Risk
- 4.1.9 Annualized Loss Expectancy (ALE)
- 4.1.10 Return on Investment (ROI)
- 4.2 Cyber Risk Assessments
- 4.2.1 Business Impact Assessment (BIA)
- 4.2.2 Calculating Risk
- 4.2.2.1 Risk Calculation Software.
- 4.2.3 Risk Registry
- 4.2.3.1 Risk Registry Products
- 4.3 Cyber Risk Standards
- 4.4 Cyber Risk Management Lifecycle
- 4.5 Cyber Risk Treatment
- 4.6 Risk Monitoring
- 4.7 Risk Reporting
- 4.8 Risk Management Frameworks
- 4.9 Risk Maturity Models
- 4.10 Third-Party Risk Management (TPRM)
- 4.10.1 TPRM Program Structure
- 4.10.2 Third-Party Attestation Services
- 4.11 Cyber Black Swans
- 4.12 Cyber Risk Cassandras
- 4.13 Cyber Risk Management Checklist
- Chapter 5: Implementing a Defense-in-Depth Strategy
- 5.1 Defense-in-Depth
- 5.1.1 Industry Perception
- 5.1.2 Defense-in-Depth Models
- 5.1.3 Origin of Contemporary Defense-in-Depth Models
- 5.1.4 Defense-in-Depth Layer Categorization
- 5.1.5 Defense-in-Depth Criticism
- 5.1.6 Defensive Layers
- 5.2 Improving the Effectiveness of Defense-in-Depth
- 5.2.1 Governance, Risk and, Compliance (GRC) Domain
- 5.2.2 Threat and Vulnerability Management (TVM) Domain
- 5.2.3 Application, Database, and Software Protection (ADS) Domain
- 5.2.4 Security Operations (SecOps) Domain
- 5.2.5 Device and Data Protection (DDP) Domain
- 5.2.6 Cloud Service and Infrastructure Protection (CIP) Domain
- 5.3 Defense-in-Depth Model Schema
- 5.4 Open Source Software Protection
- 5.5 Defense-in-Depth Checklist
- Chapter 6: Applying Service Management to Cybersecurity Programs
- 6.1 Information Technology Service Management (ITSM)
- 6.1.1 Brief History of ITSM and ITIL
- 6.2 Cybersecurity Service Management
- 6.2.1 Cybersecurity Service Management Approach
- 6.3 Cybersecurity Program Personnel
- 6.3.1 Applying the RACI-V Model to Cybersecurity Program Staffing
- 6.3.2 Applying the Kanban Method to Cybersecurity Program Staff Workflow
- 6.3.3 Bimodal IT Environments
- 6.4 Cybersecurity Operations Center (C-SOC)
- 6.5 Incident Management.
- 6.5.1 Incident Response Management Products
- 6.6 Security Automation and Orchestration (SAO)
- 6.7 DevSecOps
- 6.7.1 Rugged DevOps
- 6.7.2 DevSecOps Factory Model™
- 6.8 Software-Defined Security (SDSec)
- 6.9 Artificial Intelligence
- 6.10 Cybersecurity Program Operationalization Checklist
- Appendix A: Useful Checklists and Information
- Table A-1. Sample Cybersecurity Program Key Performance Measures (KPM)
- Table A-2. Threat Fusion Platforms
- Table A-3. Cybersecurity Maturity Models
- Table A-4. Policy Management Software
- Table A-5. Governance, Risk, and Compliance (GRC) Program Software Products
- Table A-6. Vulnerability Scanning Solutions
- Table A-7. Security Patch Management Solutions
- Table A-8. Virtual Patching Solutions
- Table A-9. IT Asset Management Products
- Table A-10. Cloud Access Security Broker (CASB) Solutions
- Table A-11. Threat Intelligence Services
- Table A-12. Data Breach and Threats Reports
- Table A-13. Managed Security Service Providers (MSSP)
- Table A-14. Cybersecurity Automation and Orchestration Solutions
- Credits
- About the Author
- More from Rothstein Publishing.
- Notes:
- Includes bibliographical references.
- Description based on online resource; title from PDF title page (ebrary, viewed November 21, 2017).
- Description based on publisher supplied metadata and other sources.
- ISBN:
- 1-944480-51-X
- OCLC:
- 1009301265
The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.