Executive's Cybersecurity Program Handbook A Comprehensive Guide to Building and Operationalizing a Complete Cybersecurity Program /

Develop strategic plans for building cybersecurity programs and prepare your organization for compliance investigations and audits Key Features Get started as a cybersecurity executive and design an infallible security program Perform assessments and build a strong risk management framework Promote...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Brown, Jason (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham : Packt Publishing, Limited, 2023.
Edición:1st edition.
Temas:
Computer security.
Business > Data processing.
Sécurité informatique.
Gestion > Informatique.
Business > Data processing
Computer security
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright and Credits
  • Dedication
  • Contributors
  • Table of Contents
  • Preface
  • Part 1
  • Getting Your Program Off the Ground
  • Chapter 1: The First 90 Days
  • Getting executive buy-in
  • Budget or no budget?
  • Vision statements
  • Mission statements
  • Program charters
  • Purpose
  • Scope
  • Responsibilities
  • Those responsible for the charter
  • The pillars of your cybersecurity program
  • Summary
  • References
  • Chapter 2: Choosing the Right Cybersecurity Framework
  • What is a cybersecurity framework?
  • Types of cybersecurity frameworks
  • Examining security as a checkbox
  • Understanding continual improvement
  • Selecting the right framework
  • The framework used in this book
  • Summary
  • References
  • Chapter 3: Cybersecurity Strategic Planning through the Assessment Process
  • Developing your cybersecurity strategy
  • Who should perform the assessment?
  • Preparing for the assessment
  • Drafting an engagement letter
  • Project initiation and information gathering
  • Performing the assessment
  • Wrapping up the assessment
  • Administrative review of policy documents using the NIST CSF
  • A technical review using the CIS controls
  • Understanding the current and future state of your program
  • Developing goals
  • The exit interview
  • Summary
  • References
  • Part 2
  • Administrative Cybersecurity Controls
  • Chapter 4: Establishing Governance through Policy
  • The importance of governance
  • The importance of policy documents
  • Exploring PSPs
  • Policies
  • Standards
  • Procedures
  • Policy workflow
  • Getting executive sign-off for policy documents
  • Creating new policies
  • Reviewing policies
  • Building a framework layout
  • Exploring policy objectives
  • Summary
  • References
  • Chapter 5: The Security Team
  • The need for more security professionals
  • Applying NIST NICE framework to your organization
  • Exploring cybersecurity roles
  • Cybersecurity analysts
  • Cybersecurity engineers
  • Cybersecurity architects
  • Cybersecurity compliance specialists
  • Head of security
  • Exploring cybersecurity architectural frameworks
  • SABSA
  • TOGAF
  • OSA
  • Staffing
  • insourcing versus outsourcing
  • Structuring the cybersecurity team
  • Summary
  • References
  • Chapter 6: Risk Management
  • Why do we need risk management?
  • Exploring IT risks
  • Human
  • Technology
  • Environmental
  • The NIST RMF
  • Tier 1
  • organizational risk
  • Tier 2
  • mission/business process
  • Tier 3
  • information systems
  • Applying risk management to IT resources
  • Categorize
  • Select
  • Implement
  • Assess
  • Authorize
  • Monitor
  • Documenting in the SSP
  • What is a risk register?
  • Driving to a resolution
  • Summary
  • References
  • Chapter 7: Incident Response
  • NIST incident response methodology
  • Preparation
  • Detection and analysis
  • Containment, eradication, and recovery
  • Post-incident activity
  • Incident response playbooks
  • Train like we fight
  • Walk-through exercises
  • Tabletop exercises

Ejemplares similares