Enterprise cybersecurity : how to build a successful cyberdefense program against advanced threats /
Enterprise Cybersecurity empowers organizations of all sizes to defend themselves with next-generation cybersecurity programs against the escalating threat of modern targeted cyberattacks. This book presents a comprehensive framework for managing all aspects of an enterprise cybersecurity program. I...
Clasificación: | Libro Electrónico |
---|---|
Autores principales: | , , , |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
[Berkeley, CA] :
Apress,
[2015]
|
Colección: | Expert's voice in cybersecurity.
|
Temas: | |
Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Machine generated contents note: ch. 1 Defining the Cybersecurity Challenge
- Cyberattacks of Today
- Sony Pictures Entertainment Breach of 2014
- Advanced Persistent Threats
- Waves of Malware
- Types of Cyberattackers
- Commodity Threats
- Hacktivists
- Organized Crime
- Espionage
- Cyberwar
- Types of Cyberattacks
- Confidentiality: Steal Data
- Integrity: Modify Data (Steal Money)
- Availability: Deny Access
- Steps of a Cyberintrusion
- Attack Trees and Attack Graphs
- Lockheed Martin Kill Chain
- Mandiant Attack Life Cycle
- Enterprise Cybersecurity Attack Sequence
- Why Cyberintrusions Succeed
- Explosion in Connectivity
- Consolidation of Enterprise IT
- Defeat of Preventive Controls
- Failure of Detective Controls
- Compliance over Capability
- Gap in Cybersecurity Effectiveness
- New Cybersecurity Mindset
- Effective Enterprise Cybersecurity Program
- ch. 2 Meeting the Cybersecurity Challenge
- Cybersecurity Frameworks
- Cybersecurity Process
- Cybersecurity Challenges
- Risk Management Process
- Considering Vulnerabilities, Threats, and Risks
- Risk Analysis and Mitigation
- Cybersecurity Controls
- Cybersecurity Capabilities
- Cybersecurity and Enterprise IT
- Emplacing Cyberdefenses
- How Cyberdefenses Interconnect
- Enterprise Cybersecurity Architecture
- ch. 3 Enterprise Cybersecurity Architecture
- Systems Administration
- Systems Administration: Goal and Objectives
- Systems Administration: Threat Vectors
- Systems Administration: Capabilities
- Network Security
- Network Security: Goal and Objectives
- Network Security: Threat Vectors
- Network Security: Capabilities
- Application Security
- Application Security: Goal and Objectives
- Application Security: Threat Vectors
- Application Security: Capabilities
- Endpoint, Server, and Device Security
- Endpoint, Server, and Device Security: Goal and Objectives
- Endpoint, Server, and Device Security: Threat Vectors
- Endpoint, Server, and Device Security: Capabilities
- Identity, Authentication, and Access Management
- Identity, Authentication, and Access Management: Goal and Objectives
- Identity, Authentication, and Access Management: Threat Vectors
- Identity, Authentication, and Access Management: Capabilities
- Data Protection and Cryptography
- Data Protection and Cryptography: Goal and Objectives
- Data Protection and Cryptography: Threat Vectors
- Data Protection and Cryptography: Capabilities
- Monitoring, Vulnerability, and Patch Management
- Monitoring, Vulnerability, and Patch Management: Goal and Objectives
- Monitoring, Vulnerability, and Patch Management: Threat Vectors
- Monitoring, Vulnerability, and Patch Management: Capabilities
- High Availability, Disaster Recovery, and Physical Protection
- High Availability, Disaster Recovery, and Physical Protection: Goal and Objectives
- High Availability, Disaster Recovery, and Physical Protection: Threat Vectors
- High Availability, Disaster Recovery, and Physical Protection: Capabilities
- Incident Response
- Incident Response: Goal and Objectives
- Incident Response: Threat Vectors
- Incident Response: Capabilities
- Asset Management and Supply Chain
- Asset Management and Supply Chain: Goal and Objectives
- Asset Management and Supply Chain: Threat Vectors
- Asset Management and Supply Chain: Capabilities
- Policy, Audit, E-Discovery, and Training
- Policy, Audit, E-Discovery, and Training: Goal and Objectives
- Policy, Audit, E-Discovery, and Training: Threat Vectors
- Policy, Audit, E-Discovery, and Training: Capabilities
- ch. 4 Implementing Enterprise Cybersecurity
- IT Organization
- IT System Life Cycle
- Defining Security Policies
- Defining Security Scopes
- Eight Types of Security Scopes
- Considerations in Selecting Security Scopes
- Identifying Security Scopes
- Security Scopes for the Typical Enterprise
- Considerations in Selecting Security Scopes
- Selecting Security Controls
- Selecting Security Capabilities
- Selecting Security Technologies
- Considering Security Effectiveness
- ch. 5 Operating Enterprise Cybersecurity
- Operational Responsibilities
- Business (CIO, customers)
- Security (Cybersecurity)
- (IT) Strategy/Architecture
- (IT) Engineering
- (IT) Operations
- High-Level IT and Cybersecurity Processes
- IT Operational Process
- Risk Management Process
- Vulnerability Management and Incident Response Process
- Auditing and Deficiency Tracking Process
- Operational Processes and Information Systems
- Cybersecurity Operational Processes
- Supporting Information Systems
- Functional Area Operational Objectives
- Systems Administration
- Network Security
- Application Security
- Endpoint, Server, and Device Security
- Identity, Authentication, and Access Management
- Data Protection and Cryptography
- Monitoring, Vulnerability, and Patch Management
- High Availability, Disaster Recovery, and Physical Protection
- Incident Response
- Asset Management and Supply Chain
- Policy, Audit, E-Discovery, and Training
- ch. 6 Enterprise Cybersecurity and the Cloud
- Introducing the Cloud
- Cloud Protection Challenges
- Developer Operations (DevOps) and Developer Security Operations (DevSecOps)
- Scopes and Account Management
- Authentication
- Data Protection and Key Management
- Logging, Monitoring, and Investigations
- Reliability and Disaster Recovery
- Scale and Reliability
- Contracts and Agreements
- Planning Enterprise Cybersecurity for the Cloud
- Systems Administration
- Network Security
- Application Security
- Endpoint, Server, and Device Security
- Identity, Authentication, and Access Management
- Data Protection and Cryptography
- Monitoring, Vulnerability, and Patch Management
- High Availability, Disaster Recovery, and Physical Protection
- Incident Response
- Asset Management and Supply Chain
- Policy, Audit, E-Discovery, and Training
- ch. 7 Enterprise Cybersecurity for Mobile and BYOD
- Introducing Mobile and BYOD
- Challenges with Mobile and BYOD
- Legal Agreements for Data Protection
- Personal Use and Personal Data
- Mobile Platform
- Sensors and Location Awareness
- Always-On and Always-Connected
- Multi-Factor Authentication
- Mobile Device Management
- Enterprise Cybersecurity for Mobile and BYOD
- Systems Administration
- Network Security
- Application Security
- Endpoint, Server, and Device Security
- Identity, Authentication, and Access Management
- Data Protection and Cryptography
- Monitoring, Vulnerability, and Patch Management
- High Availability, Disaster Recovery, and Physical Protection
- Incident Response
- Asset Management and Supply Chain
- Policy, Audit, E-Discovery, and Training
- ch. 8 Building an Effective Defense
- Attacks Are as Easy as 1, 2, 3!
- Enterprise Attack Sequence in Detail
- Attack Sequence Step 1 Establish Foothold
- Attack Sequence Step 2 Command and Control
- Attack Sequence Step 3 Escalate Privileges
- Attack Sequence Step 4 Move Laterally
- Attack Sequence Step 5 Complete the Mission
- Why Security Fails Against Advanced Attacks
- Failure of Endpoint Security
- "Inevitability of 'the Click" Challenge
- Systems Administration Hierarchy
- Escalating Attacks and Defenses
- Business Challenges to Security
- Tension between Security and Productivity
- Maximum Allowable Risk
- Security Effectiveness over Time
- Security Total Cost of Ownership
- Philosophy of Effective Defense
- Mazes Versus Minefields
- Disrupt, Detect, Delay, Defeat
- Cybercastles
- Nested Defenses
- Elements of an Effective Cyberdefense
- Network Segmentation
- Strong Authentication
- Detection
- Incident Response
- Resiliency
- ch.
- 9 Responding to Incidents
- Incident Response Process
- Incident Response Step 1 Identify the Incident
- Incident Response Step 2 Investigate the Incident
- Incident Response Step 3 Collect Evidence
- Incident Response Step 4 Report the Results
- Incident Response Step 5 Contain the Incident
- Incident Response Step 6 Repair Gaps or Malfunctions
- Incident Response Step 7 Remediate Compromised Accounts, Computers, and Networks
- Incident Response Step 8 Validate Remediation and Strengthen Security Controls
- Incident Response Step 9 Report the Conclusion of the Incident
- Incident Response Step 10 Resume Normal IT Operations
- Supporting the Incident Response Process
- ch. 10 Managing a Cybersecurity Crisis
- Devastating Cyberattacks and "Falling Off the Cliff"
- Snowballing Incident
- Falling Off the Cliff
- Reporting to Senior Enterprise Leadership
- Calling for Help
- Keeping Calm and Carrying On
- Playing Baseball in a Hailstorm
- Communications Overload
- Decision-Making under Stress
- Asks Versus Needs: Eliciting Accurate Requirements and Guidance
- Observe Orient Decide Act (00DA) Loop
- Establishing an Operational Tempo
- Operating in Crisis Mode
- Managing the Recovery Process
- Cyber Hand-to-Hand Combat
- "Throwing Money at Problems"
- Identifying Resources and Resource Constraints
- Building a Resource-Driven Project Plan
- Maximizing Parallelism in Execution
- Taking Care of People
- Recovering Cybersecurity and IT Capabilities
- Building the Bridge While You Cross It
- Preparing to Rebuild and Restore
- Closing Critical Cybersecurity Gaps
- Establishing Interim IT Capabilities
- Conducting Prioritized IT Recovery and Cybersecurity Improvements.
- Note continued: Establishing Full Operating Capabilities for IT and Cybersecurity
- Cybersecurity Versus IT Restoration
- Maximum Allowable Risk
- Ending the Crisis
- Resolving the Crisis
- Declaring the Crisis Remediated and Over
- After Action Review and Lessons Learned
- Establishing a "New Normal" Culture
- Being Prepared for the Future
- ch. 11 Assessing Enterprise Cybersecurity
- Cybersecurity Auditing Methodology
- Challenge of Proving Negatives
- Cybersecurity Audit Objectives
- Cybersecurity Audit Plans
- Audit Evidence Collection
- Audit Artifacts
- Audit Results
- Deficiency Tracking
- Reporting and Records Retention
- Cybersecurity Audit Types
- "Audit First" Design Methodology
- Threat Analysis
- Audit Controls
- Forensic Controls
- Detective Controls
- Preventive Controls
- Letting Audits Drive Control Design
- Enterprise Cybersecurity Assessments
- Level 1 Assessment: Focus on Risk Mitigations
- Level 2 Assessment: Focus on Functional Areas
- Level 3 Assessment: Focus on Security Capabilities
- Level 4 Assessment: Focus on Controls, Technologies, and Processes
- Audit Deficiency Management
- ch. 12 Measuring a Cybersecurity Program
- Cybersecurity Measurement
- Cybersecurity Program Measurement
- OM Step 1 Define the Question(s) to Be Answered
- OM Step 2 Select Appropriate Objects to Measure
- OM Step 3 For Each Object, Define the Object Characteristics to Measure
- OM Step 4 For Each Characteristic, Create a Value Scale
- OM Step 5 Measure Each Characteristic Using the Value Scale
- OM Step 6 Calculate the Overall Cybersecurity Program Assessment Index Using Object Measurement
- Visualizing Cybersecurity Assessment Scores
- Cybersecurity Measurement Summary
- ch. 13 Mapping Against Cybersecurity Frameworks
- Looking at Control Frameworks
- Clearly Defining "Controls"
- Mapping Against External Frameworks
- Assessment Audit and Security Scopes
- IT Systems and Security Controls
- Balancing Prevention with Detection and Response
- Security Capabilities, Technologies, and Processes
- Validation Audit and Reporting
- One Audit, Many Results
- Audit Report Mapping
- Deficiency Tracking and Management
- ch. 14 Managing an Enterprise Cybersecurity Program
- Enterprise Cybersecurity Program Management
- Cybersecurity Program Step 1 Assess Assets, Threats, and Risks
- Cybersecurity Program Step 2 Identify Security Scopes
- Cybersecurity Program Step 3 Assess Risk Mitigations, Capabilities by Functional Area, and Security Operations
- Cybersecurity Program Step 4 Identify Target Security Levels
- Cybersecurity Program Step 5 Identify Deficient Areas
- Cybersecurity Program Step 6 Prioritize Remediation and Improvements
- Cybersecurity Program Step 7 Resource and Execute Improvements
- Cybersecurity Program Step 8 Collect Operational Metrics
- Cybersecurity Program Step 9 Return to Step 1
- Assessing Security Status
- Cybersecurity Program Step 3 Assess Risk Mitigations, Capabilities, and Security Operations
- Cybersecurity Program Step 4 Identify Target Security Levels
- Cybersecurity Program Step 5 Identify Deficient Areas
- Cybersecurity Program Step 6 Prioritize Remediation and Improvements
- Analyzing Enterprise Cybersecurity Improvements
- Considering Types of Improvements
- Considering Threat Scenarios
- Examining Cybersecurity Assessment Scores across Multiple Scopes
- Considering Improvement Opportunities across Multiple Scopes
- Considering "Bang for the Buck"
- Prioritizing Improvement Projects
- Immediate: Executing
- This Year: Preparing
- Next Year: Resourcing
- Future: Prioritizing
- Updating Priority Lists
- Tracking Cybersecurity Project Results
- Visualizing Cybersecurity Program Assessment Scores
- Measuring Cybersecurity Program Assessment Scores over Time
- ch.
- 15 Looking to the Future
- Power of Enterprise Cybersecurity Architecture
- Evolution of Cyberattack and Defense
- Before the Internet
- Generation 1 Hardening the Host
- Generation 2 Protecting the Network
- Generation 3 Layered Defense and Active Response
- Generation 4 Automated Response
- Generation 5 Biological Defense
- Cybergenerations Moving Down Market
- Future Cybersecurity Evolution
- Evolving Enterprise Cybersecurity over Time
- Enterprise Cybersecurity Implementation Considerations
- Tailoring Cybersecurity Assessments
- Evolution of Enterprise Cybersecurity Capabilities
- Evolution of Enterprise Cybersecurity Functional Areas
- Final Thoughts
- Appendix A: Common Cyberattacks
- 1. Phishing/Spearphishing
- 2. Drive-By/Watering Hole/Malvertising
- 3. Code Injection/Webshell
- 4. Keylogging/Session Hijacking
- 5. Pass-the-Hash and Pass-the-Ticket
- 6. Credential Harvesting
- 7. Gate-Crashing
- 8. Malware/Botnet
- 9. Distributed Denial-of-Service (DDoS)
- 10. Identity Theft
- 11. Industrial Espionage
- 12. Pickpocket
- 13. Bank Heist
- 14. Ransomware
- 15. Webnapping
- 16. Hijacking
- 17. Decapitation
- 18. Sabotage
- 19. Sniper/Laser/Smart Bomb
- 20. Smokeout/Lockout
- 21. Infestation/Whack-a-Mole
- 22. Burndown
- 23. Meltdown
- 24. Defamation
- 25. Graffiti
- 26. Smokescreen/Diversion
- 27. Fizzle
- Appendix B: Cybersecurity Frameworks
- (ISC)2 Common Body of Knowledge (CBK)
- ISO 27001/27002 Version 2013
- ISO 27001/27002 Version 2005
- NIST SP800-53 Revisions 3 and 4
- NIST Cybersecurity Framework (2014)
- DHS Cyber Resilience Review (CRR)
- Council on CyberSecurity Critical Security Controls
- Australian DSD Strategies to Mitigate Targeted Cyberintrusions
- PCI DSS Version 3.0
- HIPAA Security Rule
- HITRUST Common Security Framework (CSF)
- NERC CIP Cyber Security Version 5
- NERC CIP Cyber Security Version 3
- Appendix C: Enterprise Cybersecurity Capabilities
- Systems Administration (SA)
- Network Security (NS)
- Application Security (AS)
- Endpoint, Server, and Device Security (ESDS)
- Identity, Authentication, and Access Management (IAAM)
- Data Protection and Cryptography (DPC)
- Monitoring, Vulnerability, and Patch Management (MVPM)
- High Availability, Disaster Recovery, and Physical Protection (HADRPP)
- Incident Response (IR)
- Asset Management and Supply Chain (AMSC)
- Policy, Audit, E-Discovery, and Training (PAET)
- References
- Appendix D: Sample Cybersecurity Policy
- Policy
- Appendix E: Cybersecurity Operational Processes
- Supporting Information Systems
- 1. Policies and Policy Exception Management
- 2. Project and Change Security Reviews
- 3. Risk Management
- 4. Control Management
- 5. Auditing and Deficiency Tracking
- 6. Asset Inventory and Audit
- 7. Change Control
- 8. Configuration Management Database Re-certification
- 9. Supplier Reviews and Risk Assessments
- 10. Cyberintrusion Response
- 11. All-Hazards Emergency Preparedness Exercises
- 12. Vulnerability Scanning, Tracking, and Management
- 13. Patch Management and Deployment
- 14. Security Monitoring
- 15. Password and Key Management
- 16. Account and Access Periodic Re-certification
- 17. Privileged Account Activity Audit
- Appendix F: Object Measurement
- OM Index Equation
- OM Steps
- OM Value Scales
- Expert Judgment OM Example
- Observed Data OM Example
- OM Measurement Map
- Other Cybersecurity-Related Measurements
- Appendix G: Cybersecurity Capability Value Scales
- Systems Administration (SA)
- Network Security (NS)
- Application Security (AS)
- Endpoint, Server, and Device Security (ESDS)
- Identity, Authentication, and Access Management (IAAM)
- Data Protection and Cryptography (DPC)
- Monitoring, Vulnerability, and Patch Management (MVPM)
- High Availability, Disaster Recovery, and Physical Protection (HADRPP)
- Incident Response (IR)
- Asset Management and Supply Chain (AMSC)
- Policy, Audit, E-Discovery, and Training (PAET)
- Appendix H: Cybersecurity Sample Assessment
- Sample Assessment Scope and Methodology
- Level 1 Assessment: Focus on Risk Mitigations
- Level 2 Assessment: Focus on Functional Areas
- Level 3 Assessment: Focus on Capabilities
- Appendix I: Network Segmentation
- Legacy Network
- Protecting the Security Infrastructure
- Watertight Compartments
- Systems Administration
- Applications
- Web Traffic
- Network Segmentation Summary.