Cargando…

Enterprise cybersecurity : how to build a successful cyberdefense program against advanced threats /

Enterprise Cybersecurity empowers organizations of all sizes to defend themselves with next-generation cybersecurity programs against the escalating threat of modern targeted cyberattacks. This book presents a comprehensive framework for managing all aspects of an enterprise cybersecurity program. I...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autores principales: Donaldson, Scott E. (Autor), Siegel, Stanley G. (Autor), Williams, Chris K. (Autor), Aslam, Abdul (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: [Berkeley, CA] : Apress, [2015]
Colección:Expert's voice in cybersecurity.
Temas:
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Machine generated contents note: ch. 1 Defining the Cybersecurity Challenge
  • Cyberattacks of Today
  • Sony Pictures Entertainment Breach of 2014
  • Advanced Persistent Threats
  • Waves of Malware
  • Types of Cyberattackers
  • Commodity Threats
  • Hacktivists
  • Organized Crime
  • Espionage
  • Cyberwar
  • Types of Cyberattacks
  • Confidentiality: Steal Data
  • Integrity: Modify Data (Steal Money)
  • Availability: Deny Access
  • Steps of a Cyberintrusion
  • Attack Trees and Attack Graphs
  • Lockheed Martin Kill Chain
  • Mandiant Attack Life Cycle
  • Enterprise Cybersecurity Attack Sequence
  • Why Cyberintrusions Succeed
  • Explosion in Connectivity
  • Consolidation of Enterprise IT
  • Defeat of Preventive Controls
  • Failure of Detective Controls
  • Compliance over Capability
  • Gap in Cybersecurity Effectiveness
  • New Cybersecurity Mindset
  • Effective Enterprise Cybersecurity Program
  • ch. 2 Meeting the Cybersecurity Challenge
  • Cybersecurity Frameworks
  • Cybersecurity Process
  • Cybersecurity Challenges
  • Risk Management Process
  • Considering Vulnerabilities, Threats, and Risks
  • Risk Analysis and Mitigation
  • Cybersecurity Controls
  • Cybersecurity Capabilities
  • Cybersecurity and Enterprise IT
  • Emplacing Cyberdefenses
  • How Cyberdefenses Interconnect
  • Enterprise Cybersecurity Architecture
  • ch. 3 Enterprise Cybersecurity Architecture
  • Systems Administration
  • Systems Administration: Goal and Objectives
  • Systems Administration: Threat Vectors
  • Systems Administration: Capabilities
  • Network Security
  • Network Security: Goal and Objectives
  • Network Security: Threat Vectors
  • Network Security: Capabilities
  • Application Security
  • Application Security: Goal and Objectives
  • Application Security: Threat Vectors
  • Application Security: Capabilities
  • Endpoint, Server, and Device Security
  • Endpoint, Server, and Device Security: Goal and Objectives
  • Endpoint, Server, and Device Security: Threat Vectors
  • Endpoint, Server, and Device Security: Capabilities
  • Identity, Authentication, and Access Management
  • Identity, Authentication, and Access Management: Goal and Objectives
  • Identity, Authentication, and Access Management: Threat Vectors
  • Identity, Authentication, and Access Management: Capabilities
  • Data Protection and Cryptography
  • Data Protection and Cryptography: Goal and Objectives
  • Data Protection and Cryptography: Threat Vectors
  • Data Protection and Cryptography: Capabilities
  • Monitoring, Vulnerability, and Patch Management
  • Monitoring, Vulnerability, and Patch Management: Goal and Objectives
  • Monitoring, Vulnerability, and Patch Management: Threat Vectors
  • Monitoring, Vulnerability, and Patch Management: Capabilities
  • High Availability, Disaster Recovery, and Physical Protection
  • High Availability, Disaster Recovery, and Physical Protection: Goal and Objectives
  • High Availability, Disaster Recovery, and Physical Protection: Threat Vectors
  • High Availability, Disaster Recovery, and Physical Protection: Capabilities
  • Incident Response
  • Incident Response: Goal and Objectives
  • Incident Response: Threat Vectors
  • Incident Response: Capabilities
  • Asset Management and Supply Chain
  • Asset Management and Supply Chain: Goal and Objectives
  • Asset Management and Supply Chain: Threat Vectors
  • Asset Management and Supply Chain: Capabilities
  • Policy, Audit, E-Discovery, and Training
  • Policy, Audit, E-Discovery, and Training: Goal and Objectives
  • Policy, Audit, E-Discovery, and Training: Threat Vectors
  • Policy, Audit, E-Discovery, and Training: Capabilities
  • ch. 4 Implementing Enterprise Cybersecurity
  • IT Organization
  • IT System Life Cycle
  • Defining Security Policies
  • Defining Security Scopes
  • Eight Types of Security Scopes
  • Considerations in Selecting Security Scopes
  • Identifying Security Scopes
  • Security Scopes for the Typical Enterprise
  • Considerations in Selecting Security Scopes
  • Selecting Security Controls
  • Selecting Security Capabilities
  • Selecting Security Technologies
  • Considering Security Effectiveness
  • ch. 5 Operating Enterprise Cybersecurity
  • Operational Responsibilities
  • Business (CIO, customers)
  • Security (Cybersecurity)
  • (IT) Strategy/Architecture
  • (IT) Engineering
  • (IT) Operations
  • High-Level IT and Cybersecurity Processes
  • IT Operational Process
  • Risk Management Process
  • Vulnerability Management and Incident Response Process
  • Auditing and Deficiency Tracking Process
  • Operational Processes and Information Systems
  • Cybersecurity Operational Processes
  • Supporting Information Systems
  • Functional Area Operational Objectives
  • Systems Administration
  • Network Security
  • Application Security
  • Endpoint, Server, and Device Security
  • Identity, Authentication, and Access Management
  • Data Protection and Cryptography
  • Monitoring, Vulnerability, and Patch Management
  • High Availability, Disaster Recovery, and Physical Protection
  • Incident Response
  • Asset Management and Supply Chain
  • Policy, Audit, E-Discovery, and Training
  • ch. 6 Enterprise Cybersecurity and the Cloud
  • Introducing the Cloud
  • Cloud Protection Challenges
  • Developer Operations (DevOps) and Developer Security Operations (DevSecOps)
  • Scopes and Account Management
  • Authentication
  • Data Protection and Key Management
  • Logging, Monitoring, and Investigations
  • Reliability and Disaster Recovery
  • Scale and Reliability
  • Contracts and Agreements
  • Planning Enterprise Cybersecurity for the Cloud
  • Systems Administration
  • Network Security
  • Application Security
  • Endpoint, Server, and Device Security
  • Identity, Authentication, and Access Management
  • Data Protection and Cryptography
  • Monitoring, Vulnerability, and Patch Management
  • High Availability, Disaster Recovery, and Physical Protection
  • Incident Response
  • Asset Management and Supply Chain
  • Policy, Audit, E-Discovery, and Training
  • ch. 7 Enterprise Cybersecurity for Mobile and BYOD
  • Introducing Mobile and BYOD
  • Challenges with Mobile and BYOD
  • Legal Agreements for Data Protection
  • Personal Use and Personal Data
  • Mobile Platform
  • Sensors and Location Awareness
  • Always-On and Always-Connected
  • Multi-Factor Authentication
  • Mobile Device Management
  • Enterprise Cybersecurity for Mobile and BYOD
  • Systems Administration
  • Network Security
  • Application Security
  • Endpoint, Server, and Device Security
  • Identity, Authentication, and Access Management
  • Data Protection and Cryptography
  • Monitoring, Vulnerability, and Patch Management
  • High Availability, Disaster Recovery, and Physical Protection
  • Incident Response
  • Asset Management and Supply Chain
  • Policy, Audit, E-Discovery, and Training
  • ch. 8 Building an Effective Defense
  • Attacks Are as Easy as 1, 2, 3!
  • Enterprise Attack Sequence in Detail
  • Attack Sequence Step 1 Establish Foothold
  • Attack Sequence Step 2 Command and Control
  • Attack Sequence Step 3 Escalate Privileges
  • Attack Sequence Step 4 Move Laterally
  • Attack Sequence Step 5 Complete the Mission
  • Why Security Fails Against Advanced Attacks
  • Failure of Endpoint Security
  • "Inevitability of 'the Click" Challenge
  • Systems Administration Hierarchy
  • Escalating Attacks and Defenses
  • Business Challenges to Security
  • Tension between Security and Productivity
  • Maximum Allowable Risk
  • Security Effectiveness over Time
  • Security Total Cost of Ownership
  • Philosophy of Effective Defense
  • Mazes Versus Minefields
  • Disrupt, Detect, Delay, Defeat
  • Cybercastles
  • Nested Defenses
  • Elements of an Effective Cyberdefense
  • Network Segmentation
  • Strong Authentication
  • Detection
  • Incident Response
  • Resiliency
  • ch.
  • 9 Responding to Incidents
  • Incident Response Process
  • Incident Response Step 1 Identify the Incident
  • Incident Response Step 2 Investigate the Incident
  • Incident Response Step 3 Collect Evidence
  • Incident Response Step 4 Report the Results
  • Incident Response Step 5 Contain the Incident
  • Incident Response Step 6 Repair Gaps or Malfunctions
  • Incident Response Step 7 Remediate Compromised Accounts, Computers, and Networks
  • Incident Response Step 8 Validate Remediation and Strengthen Security Controls
  • Incident Response Step 9 Report the Conclusion of the Incident
  • Incident Response Step 10 Resume Normal IT Operations
  • Supporting the Incident Response Process
  • ch. 10 Managing a Cybersecurity Crisis
  • Devastating Cyberattacks and "Falling Off the Cliff"
  • Snowballing Incident
  • Falling Off the Cliff
  • Reporting to Senior Enterprise Leadership
  • Calling for Help
  • Keeping Calm and Carrying On
  • Playing Baseball in a Hailstorm
  • Communications Overload
  • Decision-Making under Stress
  • Asks Versus Needs: Eliciting Accurate Requirements and Guidance
  • Observe Orient Decide Act (00DA) Loop
  • Establishing an Operational Tempo
  • Operating in Crisis Mode
  • Managing the Recovery Process
  • Cyber Hand-to-Hand Combat
  • "Throwing Money at Problems"
  • Identifying Resources and Resource Constraints
  • Building a Resource-Driven Project Plan
  • Maximizing Parallelism in Execution
  • Taking Care of People
  • Recovering Cybersecurity and IT Capabilities
  • Building the Bridge While You Cross It
  • Preparing to Rebuild and Restore
  • Closing Critical Cybersecurity Gaps
  • Establishing Interim IT Capabilities
  • Conducting Prioritized IT Recovery and Cybersecurity Improvements.
  • Note continued: Establishing Full Operating Capabilities for IT and Cybersecurity
  • Cybersecurity Versus IT Restoration
  • Maximum Allowable Risk
  • Ending the Crisis
  • Resolving the Crisis
  • Declaring the Crisis Remediated and Over
  • After Action Review and Lessons Learned
  • Establishing a "New Normal" Culture
  • Being Prepared for the Future
  • ch. 11 Assessing Enterprise Cybersecurity
  • Cybersecurity Auditing Methodology
  • Challenge of Proving Negatives
  • Cybersecurity Audit Objectives
  • Cybersecurity Audit Plans
  • Audit Evidence Collection
  • Audit Artifacts
  • Audit Results
  • Deficiency Tracking
  • Reporting and Records Retention
  • Cybersecurity Audit Types
  • "Audit First" Design Methodology
  • Threat Analysis
  • Audit Controls
  • Forensic Controls
  • Detective Controls
  • Preventive Controls
  • Letting Audits Drive Control Design
  • Enterprise Cybersecurity Assessments
  • Level 1 Assessment: Focus on Risk Mitigations
  • Level 2 Assessment: Focus on Functional Areas
  • Level 3 Assessment: Focus on Security Capabilities
  • Level 4 Assessment: Focus on Controls, Technologies, and Processes
  • Audit Deficiency Management
  • ch. 12 Measuring a Cybersecurity Program
  • Cybersecurity Measurement
  • Cybersecurity Program Measurement
  • OM Step 1 Define the Question(s) to Be Answered
  • OM Step 2 Select Appropriate Objects to Measure
  • OM Step 3 For Each Object, Define the Object Characteristics to Measure
  • OM Step 4 For Each Characteristic, Create a Value Scale
  • OM Step 5 Measure Each Characteristic Using the Value Scale
  • OM Step 6 Calculate the Overall Cybersecurity Program Assessment Index Using Object Measurement
  • Visualizing Cybersecurity Assessment Scores
  • Cybersecurity Measurement Summary
  • ch. 13 Mapping Against Cybersecurity Frameworks
  • Looking at Control Frameworks
  • Clearly Defining "Controls"
  • Mapping Against External Frameworks
  • Assessment Audit and Security Scopes
  • IT Systems and Security Controls
  • Balancing Prevention with Detection and Response
  • Security Capabilities, Technologies, and Processes
  • Validation Audit and Reporting
  • One Audit, Many Results
  • Audit Report Mapping
  • Deficiency Tracking and Management
  • ch. 14 Managing an Enterprise Cybersecurity Program
  • Enterprise Cybersecurity Program Management
  • Cybersecurity Program Step 1 Assess Assets, Threats, and Risks
  • Cybersecurity Program Step 2 Identify Security Scopes
  • Cybersecurity Program Step 3 Assess Risk Mitigations, Capabilities by Functional Area, and Security Operations
  • Cybersecurity Program Step 4 Identify Target Security Levels
  • Cybersecurity Program Step 5 Identify Deficient Areas
  • Cybersecurity Program Step 6 Prioritize Remediation and Improvements
  • Cybersecurity Program Step 7 Resource and Execute Improvements
  • Cybersecurity Program Step 8 Collect Operational Metrics
  • Cybersecurity Program Step 9 Return to Step 1
  • Assessing Security Status
  • Cybersecurity Program Step 3 Assess Risk Mitigations, Capabilities, and Security Operations
  • Cybersecurity Program Step 4 Identify Target Security Levels
  • Cybersecurity Program Step 5 Identify Deficient Areas
  • Cybersecurity Program Step 6 Prioritize Remediation and Improvements
  • Analyzing Enterprise Cybersecurity Improvements
  • Considering Types of Improvements
  • Considering Threat Scenarios
  • Examining Cybersecurity Assessment Scores across Multiple Scopes
  • Considering Improvement Opportunities across Multiple Scopes
  • Considering "Bang for the Buck"
  • Prioritizing Improvement Projects
  • Immediate: Executing
  • This Year: Preparing
  • Next Year: Resourcing
  • Future: Prioritizing
  • Updating Priority Lists
  • Tracking Cybersecurity Project Results
  • Visualizing Cybersecurity Program Assessment Scores
  • Measuring Cybersecurity Program Assessment Scores over Time
  • ch.
  • 15 Looking to the Future
  • Power of Enterprise Cybersecurity Architecture
  • Evolution of Cyberattack and Defense
  • Before the Internet
  • Generation 1 Hardening the Host
  • Generation 2 Protecting the Network
  • Generation 3 Layered Defense and Active Response
  • Generation 4 Automated Response
  • Generation 5 Biological Defense
  • Cybergenerations Moving Down Market
  • Future Cybersecurity Evolution
  • Evolving Enterprise Cybersecurity over Time
  • Enterprise Cybersecurity Implementation Considerations
  • Tailoring Cybersecurity Assessments
  • Evolution of Enterprise Cybersecurity Capabilities
  • Evolution of Enterprise Cybersecurity Functional Areas
  • Final Thoughts
  • Appendix A: Common Cyberattacks
  • 1. Phishing/Spearphishing
  • 2. Drive-By/Watering Hole/Malvertising
  • 3. Code Injection/Webshell
  • 4. Keylogging/Session Hijacking
  • 5. Pass-the-Hash and Pass-the-Ticket
  • 6. Credential Harvesting
  • 7. Gate-Crashing
  • 8. Malware/Botnet
  • 9. Distributed Denial-of-Service (DDoS)
  • 10. Identity Theft
  • 11. Industrial Espionage
  • 12. Pickpocket
  • 13. Bank Heist
  • 14. Ransomware
  • 15. Webnapping
  • 16. Hijacking
  • 17. Decapitation
  • 18. Sabotage
  • 19. Sniper/Laser/Smart Bomb
  • 20. Smokeout/Lockout
  • 21. Infestation/Whack-a-Mole
  • 22. Burndown
  • 23. Meltdown
  • 24. Defamation
  • 25. Graffiti
  • 26. Smokescreen/Diversion
  • 27. Fizzle
  • Appendix B: Cybersecurity Frameworks
  • (ISC)2 Common Body of Knowledge (CBK)
  • ISO 27001/27002 Version 2013
  • ISO 27001/27002 Version 2005
  • NIST SP800-53 Revisions 3 and 4
  • NIST Cybersecurity Framework (2014)
  • DHS Cyber Resilience Review (CRR)
  • Council on CyberSecurity Critical Security Controls
  • Australian DSD Strategies to Mitigate Targeted Cyberintrusions
  • PCI DSS Version 3.0
  • HIPAA Security Rule
  • HITRUST Common Security Framework (CSF)
  • NERC CIP Cyber Security Version 5
  • NERC CIP Cyber Security Version 3
  • Appendix C: Enterprise Cybersecurity Capabilities
  • Systems Administration (SA)
  • Network Security (NS)
  • Application Security (AS)
  • Endpoint, Server, and Device Security (ESDS)
  • Identity, Authentication, and Access Management (IAAM)
  • Data Protection and Cryptography (DPC)
  • Monitoring, Vulnerability, and Patch Management (MVPM)
  • High Availability, Disaster Recovery, and Physical Protection (HADRPP)
  • Incident Response (IR)
  • Asset Management and Supply Chain (AMSC)
  • Policy, Audit, E-Discovery, and Training (PAET)
  • References
  • Appendix D: Sample Cybersecurity Policy
  • Policy
  • Appendix E: Cybersecurity Operational Processes
  • Supporting Information Systems
  • 1. Policies and Policy Exception Management
  • 2. Project and Change Security Reviews
  • 3. Risk Management
  • 4. Control Management
  • 5. Auditing and Deficiency Tracking
  • 6. Asset Inventory and Audit
  • 7. Change Control
  • 8. Configuration Management Database Re-certification
  • 9. Supplier Reviews and Risk Assessments
  • 10. Cyberintrusion Response
  • 11. All-Hazards Emergency Preparedness Exercises
  • 12. Vulnerability Scanning, Tracking, and Management
  • 13. Patch Management and Deployment
  • 14. Security Monitoring
  • 15. Password and Key Management
  • 16. Account and Access Periodic Re-certification
  • 17. Privileged Account Activity Audit
  • Appendix F: Object Measurement
  • OM Index Equation
  • OM Steps
  • OM Value Scales
  • Expert Judgment OM Example
  • Observed Data OM Example
  • OM Measurement Map
  • Other Cybersecurity-Related Measurements
  • Appendix G: Cybersecurity Capability Value Scales
  • Systems Administration (SA)
  • Network Security (NS)
  • Application Security (AS)
  • Endpoint, Server, and Device Security (ESDS)
  • Identity, Authentication, and Access Management (IAAM)
  • Data Protection and Cryptography (DPC)
  • Monitoring, Vulnerability, and Patch Management (MVPM)
  • High Availability, Disaster Recovery, and Physical Protection (HADRPP)
  • Incident Response (IR)
  • Asset Management and Supply Chain (AMSC)
  • Policy, Audit, E-Discovery, and Training (PAET)
  • Appendix H: Cybersecurity Sample Assessment
  • Sample Assessment Scope and Methodology
  • Level 1 Assessment: Focus on Risk Mitigations
  • Level 2 Assessment: Focus on Functional Areas
  • Level 3 Assessment: Focus on Capabilities
  • Appendix I: Network Segmentation
  • Legacy Network
  • Protecting the Security Infrastructure
  • Watertight Compartments
  • Systems Administration
  • Applications
  • Web Traffic
  • Network Segmentation Summary.