Asset attack vectors : building effective vulnerability management strategies to protect organizations /
Build an effective vulnerability management strategy to protect your organization's assets, applications, and data. Today's network environments are dynamic, requiring multiple defenses to mitigate vulnerabilities and stop data breaches. In the modern enterprise, everything connected to th...
Clasificación: | Libro Electrónico |
---|---|
Autor principal: | |
Otros Autores: | |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
[Berkeley, CA] :
Apress,
2018.
|
Temas: | |
Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Intro; Table of Contents; About the Authors; About the Technical Reviewer; Acknowledgments; Preface; Introduction; Chapter 1: The Attack Chain; Chapter 2: The Vulnerability Landscape; Vulnerabilities; Configurations; Exploits; False Positives; False Negatives; Malware; Social Engineering; Phishing; Curiosity Killed the Cat; Nothing Bad Will Happen; Did You Know They Removed Gullible from the Dictionary?; It Can't Happen to Me; How to Determine if Your Email Is a Phishing Attack; Ransomware; Insider Threats; External Threats; Vulnerability Disclosure; Chapter 3: Threat Intelligence.
- Chapter 4: Credential Asset RisksChapter 5: Vulnerability Assessment; Active Vulnerability Scanning; Passive Scanners; Intrusive Vulnerability Scanning; Nonintrusive Scanning; Vulnerability Scanning Limitations and Shortcomings; Chapter 6: Configuration Assessment; Regulations; Frameworks; Benchmarks; Configuration Assessment Tools; SCAP; Chapter 7: Risk Measurement; CVE; CVSS; STIG; OVAL; IAVA; Chapter 8: Vulnerability States; Vulnerability Risk Based on State; The Three Vulnerability States; Active Vulnerabilities; Dormant Vulnerabilities; Carrier Vulnerabilities; State Prioritization.
- Chapter 9: Vulnerability AuthoritiesChapter 10: Penetration Testing; Chapter 11: Remediation; Microsoft; Apple; Cisco; Google; Oracle; Red Hat; Adobe; Open Source; Everyone Else; Chapter 12: The Vulnerability Management Program; Design; Develop; Deploy; Operate; Maturity; Maturity Categories; Descriptions; Chapter 13: Vulnerability Management Design; Crawl, Walk, Run, Sprint; Implement for Today, But Plan for Tomorrow; It's All About Business Value; Chapter 14: Vulnerability Management Development; Vulnerability Management Scope; Operating Systems; Client Applications; Web Applications.
- Network DevicesDatabases; Flat File Databases; Hypervisors; IaaS and PaaS; Mobile Devices; IoT; Industrial Control Systems (ICS) and SCADA; DevOps; Docker and Containers; Code Review; Tool Selection; The Vulnerability Management Process; Assessment; Measure; Remediation; Rinse and Repeat {Cycle}; End of Life; Common Vulnerability Lifecycle Mistakes; Mistake 1: Disjointed Vulnerability Management; Solution; Mistake 2: Relying on Remote Assessment Alone; Solution; Mistake 3: Unprotected Zero-Day Vulnerabilities; Solution; Mistake 4: Decentralized Visibility; Solution.
- Mistake 5: Compliance at the Expense of SecuritySolution; Common Challenges; Aging Infrastructure; Depth and Breadth of the Program; Building the Plan; Step 1: What to Assess?; Step 2: Assessment Configuration; Step 3: Assessment Frequency; Step 4: Establish Ownership; Step 5: Data and Risk Prioritization; Step 6: Reporting; Step 7: Remediation Management; Step 8: Verification and Measurements; Step 9: Third-Party Integration; Chapter 15: Vulnerability Management Deployment; Approach 1: Critical and High-Risk Vulnerabilities Only; Approach 2: Statistical Sampling.