Modern Cybersecurity Strategies for Enterprises: Protect and Secure Your Enterprise Networks, Digital Business Assets, and Endpoint Security with Tested and Proven Methods
- Length: 564 pages
- Edition: 1
- Language: English
- Publisher: BPB Publications
- Publication Date: 2022-08-29
- ISBN-10: 9355513135
- ISBN-13: 9789355513137
- Sales Rank: #1012673 (See Top 100 Books)
Security is a shared responsibility, and we must all own it
Key Features
- Expert-led instructions on the pillars of a secure corporate infrastructure and identifying critical components.
- Provides Cybersecurity strategy templates, best practices, and recommendations presented with diagrams.
- Adopts a perspective of developing a Cybersecurity strategy that aligns with business goals.
Description
Once a business is connected to the Internet, it is vulnerable to cyberattacks, threats, and vulnerabilities. These vulnerabilities now take several forms, including Phishing, Trojans, Botnets, Ransomware, Distributed Denial of Service (DDoS), Wiper Attacks, Intellectual Property thefts, and others.
This book will help and guide the readers through the process of creating and integrating a secure cyber ecosystem into their digital business operations. In addition, it will help readers safeguard and defend the IT security infrastructure by implementing the numerous tried-and-tested procedures outlined in this book.
The tactics covered in this book provide a moderate introduction to defensive and offensive strategies, and they are supported by recent and popular use-cases on cyberattacks. The book provides a well-illustrated introduction to a set of methods for protecting the system from vulnerabilities and expert-led measures for initiating various urgent steps after an attack has been detected.
What you will learn
- Adopt MITRE ATT&CK and MITRE framework and examine NIST, ITIL, and ISMS recommendations.
- Understand all forms of vulnerabilities, application security mechanisms, and deployment strategies.
- Know-how of Cloud Security Posture Management (CSPM), Threat Intelligence, and modern SIEM systems.
- Learn security gap analysis, Cybersecurity planning, and strategy monitoring.
Who this book is for
Professionals in IT security, Cybersecurity, and other related fields working to improve the organization’s overall security will find this book a valuable resource and companion.
This book will guide young professionals who are planning to enter Cybersecurity with the right set of skills and knowledge.
Cover Page
Title Page
Copyright Page
Dedication Page
About the Author
About the Reviewers
Acknowledgement
Preface
Errata
Table of Contents
Section - I: Overview and Need for Cybersecurity
1. Overview of Information Security and Cybersecurity
Structure
Objectives
Information security principles
Confidentiality
Integrity
Availability
Additional/supporting principles
Information security policies
Need for an information security policy
Building block of information security policy
Cybersecurity - overview
Definition of cybersecurity
Difference between information security and cybersecurity
Common threats in the market
What is a cybersecurity threat?
Types of cybersecurity threats
Sources behind these Threat umbrellas
Importance of cybersecurity
Impact of cybercrime
Facts and figures to understand the seriousness of cybersecurity
Need of the hour and problem statement
Few examples to justify the need of the hour
Problem statement
Cybersecurity strategy and its importance
Common cybersecurity myths
Strategy components
Risk assessment
Technologies’ adoption
Conclusion
Questions
2. Aligning Security With Business Objectives and Defining CISO Role
Structure
Objectives
Today’s challenges for the CISO
Aligning security with business objectives
Learn the game ~ know your business
Break the ice - Partner with executives and Board members
Learn to speak “business language”
Money speaks ~ Align security with profit
Future security leaders
Technology
Process
People
Return on Investment (RoI) in cybersecurity
Business outlook
Definition and formula
Role understanding for the modern security leaders
CISO responsibilities
Effective communication - from CISO to business
Budget justification & review meeting
Cybersecurity roadmap
Conclusion
Questions
Section - II: Building Blocks for a Secured Ecosystem and Identification of Critical Components
3. Next-generation Perimeter Solutions
Structure
Objectives
Overview and concept understanding
Perimeter network
What is a perimeter firewall?
Next-generation firewall (NGFW) solution - the first line of defense to your realm
Need to have a strong and robust perimeter security solution
Importance of next-generation firewall
The benefit of having a next-generation perimeter security solution
Critical components of Next-generation Perimeter solution
Deep packet inspection (DPI)
Working principle and inspection technique
Challenges that you may face while onboarding the DPI
The use case for DPI
Web Proxy and Secure web gateway (SWG)
Definition
Secure web gateway (SWG)
Web Application Firewall (WAF)
Understanding the difference between WAF and Perimeter firewall
Application traffic vs. network traffic
Need to have a WAF
WAF implementation types
VPN solutions
Business and technical need for a VPN solution
Types of VPN
Functionality that should be included in your VPN solution
Zero-day attack protection
Definition and quick understanding
What to look for in a zero-day security solution?
Deployment options
Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)
Need to have an IDS/IPS for your network/business challenge
Deploying criteria for IDS and IPS
DoS and DDoS protection
Types of DoS and DDoS attack
DNS security
DNS attack types
Mitigation plan or recommendation
Onboarding, adoption, and maturity path
Onboarding and adoption of technology
Maturity path
Leading players in this domain
Next-generation firewall (NGFW)
Web Security solutions
Intrusion detection system (IDS) and Intrusion prevention system (IPS)
Conclusion
Questions
4. Next-generation Endpoint Security
Structure
Objectives
Overview and concept understanding
Defining endpoint and endpoint security
Scope understanding
What is considered an endpoint?
Endpoint protection types and modules
Need and importance of endpoint security
Analyzing your requirements
Requirement to become next-generation endpoint security
Traditional solution vs. modern technologies
Endpoint protection platforms (EPP) vs. traditional antivirus solutions
Future-ready landscape and recommendations
Guidelines to choose the right solution for your business
Deployment guide and decision criteria
Evaluating and reviewing solutions
To evaluate and measure the “enhanced performance” improvement
To evaluate and measure the “time-to-value”
Other considerations
Industry reports
Proof of Concept (POC)
Maturity path for endpoint security
Maturity level
Leading players in this domain
Conclusion
5. Security Incident Response (IR) Methodology
Structure
Objectives
Overview and concept understanding
Definition
Basic principles
Types of security incidents
Importance and key considerations while developing IR plan
Key considerations for IR planning
Industry Standard Incident Response frameworks
SANS
IR methodology
Building an IR team
Creating an IR plan
Building blocks of IRP
How to use IR tools, when to use them, and why?
Problem-solving approach
Adoption of the MITRE ATT&CK framework
Adversarial tactics
Techniques
Common knowledge
Appropriate placeholders for MITRE ATT&CK
ATT&CK metrics
Tools and resources for the MITRE ATT&CK framework
Security incident - handling
Sources of Indicators and Precursors
Incident notification
Containment strategy selection
Obtaining and managing evidence
Identification of the attack hosts
Eradication and recovery
Post-incident activity
Incident handling checklist and recommendations
Recommendations
Best practices while handling IR
Conclusion
Questions
6. Cloud Security and Identity Management
Structure
Objectives
Overview and concept understanding
Working model
Shared responsibility in cloud
Responsibility of cloud service provider (CSP)
Client’s responsibility
Cyber hygiene and importance
Importance of adopting cyber hygiene
Challenges while implementing hygiene
Cloud security architecture (CSA)
Need to have a CSA
CSA model for different types of cloud
Cloud security framework (CSF)
Cloud security principles
Selection of CSF
Adopting NIST into cloud security
Leading frameworks for cloud
Common compliance
Cloud well-architected framework
Building blocks of a cloud security architecture and compliance framework
Compliance and visibility
Secure computing
Protection at the Network layer
Cloud governance
Change control management
Monitoring and reporting
Maturity model for cloud security
Best practices for cloud security
Overview of Identity and Access Management (IAM)
Importance and business benefits of IAM
The importance of PAM in your organization
Technologies under IAM
Component under IAM
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Privileged Access Control (PAM)
Building blocks for IAM solution implementation
Data
Simplification of a rigid and inefficient process
Picking the right tool
Building blocks for PAM solution and key considerations
Transformation to cloud based IAM solution
Critical consideration while implementing IAM in cloud
Strategy for IAM adoption
Best practices while deploying IAM and its components
RBAC
PAM
Recommended solution and OEMs for IAM
Conclusion
Questions
7. Vulnerability Management and Application Security
Structure
Objectives
Overview and concept understanding
Vulnerability management lifecycle
Vulnerability management process
Identification of vulnerabilities
Validation of vulnerability
Vulnerability treatment
Vulnerabilities reporting
Risk-based vulnerability management
Increasing cyber-resilience
Static Application Security Testing (SAST)
Implementation strategy and guidelines
Benefits of next-generation SAST solutions
Dynamic Application Security Testing (DAST)
Working principle
Pro and cons of DAST
Avoiding common mistakes
Penetration testing
Measure effectiveness through pen test
Different stages in a pen test
Frequency at which to run pen tests
Recommended tools in this space
Vulnerability scanning tools
Vulnerability Management tools
Future-ready vulnerability management programs
Plan to cut across all the layers
Maturity model for vulnerability management (VM)
Phase 1 - Initial stage
Phase 2 - Managed stage
Phase 3 - Defined stage
Phase 4 - Quantitatively managed stage
Phase 5 - Optimized stage
Recommended approach and best practices
Conclusion
Questions
8. Critical Infrastructure Component of Cloud and Data Classification
Structure
Objectives
Overview of infrastructure components of the cloud ecosystem
Components of private cloud infrastructure
Cloud infrastructure deployment models
Securing your cloud components
Security around your data center and private cloud
Securing virtualization layer
Sprawl VM
Data that is highly sensitive in a virtual machine
Offline and dormant virtual machines (VMs) security
Security of active VMs and pre-configured (golden image) VMs
Virtual networks are difficult to see and control because of a lack of visibility
Using the self-service portal to hijack an account or a service
APIs from CSP pose a threat
Storage services on the public cloud
The risk associated with private cloud
Breach of security
Concerns about physical safety
Capacity purchased too much or too little
Concerns about compliance
Issues with productivity
Securing private cloud
The approach to secure private cloud
Hybrid cloud security
Security challenges with hybrid cloud
Hybrid cloud security strategy
Multi-cloud Security
The business benefit from the multi-cloud strategy
Key security considerations for multi-cloud strategy
Recommendation to improve multi-cloud security
Key Consideration for Cloud Security
Overview and concept understanding of data classification
Data classification - definition
Need for data classification
The benefit of data classification
Challenges to data classification
Level of data sensitivity
Data classification types
The building block of data classification
Data classification process
Deep dive into the shared responsibility model
Cloud service provider (CSP) responsibilities
Core cloud team roles and responsibilities
Recommended approach best practices for data classification
Conclusion
Questions
Section - III: Assurance Framework (the RUN Mode) and Adoption of Regulatory Standards
9. Importance of Regulatory Requirements and Business Continuity
Structure
Objectives
Overview and concept understanding of compliance
Compliance definition
Types of data subjected to compliance
Regulatory compliance definition
Importance of regulatory compliance
Business benefits of cybersecurity compliance
Consequences of non-compliance
Understanding of cybersecurity frameworks
NIST
NIST 800-53
ISO/IEC 27001
CIS
PCI DSS
Business alignment with framework and regulations
Cloud-based compliance requirements
Organization developing cloud compliance
Widely adopted cloud compliance
Selecting the right compliance for your business
An approach to the compliance program
Identification of the data types and the requirements that may apply
Create a compliance team and CISO appointment
Create a risk assessment methodology
Risk and vulnerability assessment
Choose the right framework
Implement technical controls based on framework and risk tolerance
Set up policies, procedures, and process controls
Monitor, review, and respond regularly
Alignment of organizational compliance and security goals
Budgetary alignment
Strategic alignment
Control alignment
Summary
Overview and concept understanding of business continuity
Importance of business continuity
Business continuity planning (BCP)
Development of Business Continuity Plan (BCP)
Importance of business continuity planning
Key components of the BCP
Readiness of BCP
Business Continuity Management (BCM)
Mapping business continuity with associated standards
Business impact analysis (BIA)
BIA execution approach
BIA result analysis
Sample questionnaire you should consider while planning your BIA
Summary
Recommendation for integrating cybersecurity with business continuity
Recommendations to ensure compliance for organizations
Conclusion
Questions
References and useful links
10. Risk Management - Life Cycle
Structure
Objectives
Overview of and understanding risk management
Cybersecurity risk management - definition
Risk calculation
Cybersecurity risk management framework
Importance of cybersecurity risk management
The key consideration for cybersecurity risk management
Create a cybersecurity risk management strategy
Developing the cybersecurity risk management plan
Measures to reduce cybersecurity risks (risk treatment plan)
Continual monitoring
Role of internal audits and compliance in cybersecurity risk management
Risk appetite, scorecard, and prioritization
Factors influencing the risk appetite
To calculate your risk appetite
The key consideration to defining risk appetite for your organization
Best practices for cybersecurity risk assessment
Integrate cybersecurity into your enterprise risk management framework
Locate workflows that add value
Make cyber risks a top priority
Regular risk assessments should be implemented
Best practices for cybersecurity risk management
Go with a risk-based approach
Adoption of a cybersecurity risk strategy
Adoption of cybersecurity risk management framework
Conclusion
Questions
11. People, Process, and Awareness
Structure
Objectives
Importance of roles and responsibilities in cybersecurity
Guidelines
Roles and responsibilities
To create an effective cybersecurity team
Critical roles in your security organization
Critical team in your security organization
Partner ecosystem
Summary
Insourcing and outsourcing
Understand the difference between insourcing and outsourcing
Resource demand and capacity management
Define resource transparency requirements
Define roles and not skills and names
Human resources should be in charge of resource breakdown
Role of HR in cybersecurity
Determine a company’s risk exposure
Employee data access and control
Assistance in the development of security policy
Encourage the adoption of a cyber-safety mindset
Cybersecurity training for employees
Establishing a strong partner ecosystem
Key considerations while choosing the right partner
Third-party risk, vendor risk, and supply chain risk
Mitigating third-party risks in supply chain management
Third-party risk management audit
The implication of third-party failure
Adoption of cybersecurity in project management
Define the boundaries of the information system
Best practices for Supply Chain Risk Management (SCRM)
Determine the risks that have been identified
Security awareness training
Cybersecurity awareness and its importance
Benefits of awareness training
Best practices to adopt for security awareness
Best practices while adapting HR function for cybersecurity
Conclusion
Questions
References
12. Threat Intelligence and Next-generation SIEM Solution
Structure
Objectives
Concept understanding of threat intelligence
Common indicators of compromise (IoC)
Importance of threat intelligence in cybersecurity space
Threat intelligence types
Threat intelligence lifecycle
Lifecycle steps
Audience who gets benefits out of threat intelligence
Advanced persistent threats (APT)
Working principle of APT attack
Characteristics of APT attacks
Importance of speed in APT protection
Threat hunting
Proactive threat hunting process
Threat hunting methodologies
Best practices to adopt for threat hunting
Recommended open-source threat Intel feeds
AlienVault Open Threat Exchange (AlienVault Open Threat Exchange)
Cisco Talos Intelligence
The Spamhaus Project
Internet Storm Center (SANS)
Google Safe Browsing
Threat Intelligence platform
IBM X-Force Exchange
Anomali ThreatStream
Palo Alto Networks Cortex XSOAR TIM
Mandiant Threat Intelligence Suite
ThreatConnect
Security Incident Event Management (SIEM) overview
Traditional SIEM solutions
next-generation SIEM Solution
next-generation SIEM features
Need for next-generation SIEM Solution and Core tenets
Conceptual building blocks of next-generation SIEM
Architecture
Behavioral analytics
Cloud deployment
Incident response
Data enrichment
Packaged content
Key considerations while selecting next-generation SIEM Solution
Deployment in the Cloud vs. On-Prem
Analytics
Estimation of costs
Configurations for alerts
Regulations on compliance and auditing
Architecture, technology, and adoption path
Capabilities and components to be considered
Logging process of SIEM
The log flow
SIEM integration
Choosing the right model for your business
Sizing guidelines for SIEM solution
Change in architecture - traditional vs next-generation
Strategy to evaluate and adopt next-generation SIEM solution
Establishing the business case
Plan for requirements
Develop a selection process
The evaluation process for potential vendors
Proof of concept (POC)
Proceed with selector vendor
Recommended vendors for next-Gen SIEM solution
Azure Sentinel
Elastic Stack
Exabeam
LogRhythm
Rapid7 Insight IDR
Securonix
Splunk
Best practices and the maturity path of next-generation SIEM solution
SIEM use cases: define and implement
SIEM correlation rules tuning
SIEM maturity model
Conclusion
Questions
13. Cloud Security Posture Management (CSPM)
Structure
Objectives
Overview of Cloud Security Posture Management (CSPM)
Definition
Key credentials of CSPM
Need for CSPM in the current landscape
Reason for misconfiguration in Cloud
How is CSPM solving the Cloud misconfiguration Issues?
Importance of CSPM
Use cases of CSPM
Working principle of CSPM
Finding and getting noticed
Management and remediation of misconfigurations
Threat detection in real time
Integration of DevSecOps
Key considerations while selecting CSPM for your business
Business consideration
Technical consideration
Operational consideration
Adoption Path
Collaboration between departments
Multi-cloud deployment scenario
Concerns while deploying CSPM with a multi-cloud environment
Potential solution
Leading vendors in this space
Check point’s CloudGuard
Orca Security
Prisma Cloud from Palo Alto Networks
Trend Micro (Cloud Conformity)
Zscaler
Best practices around CSPM
Conclusion
Questions
Section - IV: Cybersecurity Strategy Guidelines, Templates, and Recommendations
14. Implementation of Guidelines and Templates
Structure
Objectives
Current challenges you face in your cybersecurity landscape
Pillars of cybersecurity strategy
Develop a step-by-step strategy for cybersecurity
Gap analysis
The key consideration for executing the gap analysis exercise
Gap Analysis template
Defense in-depth approach
Cybersecurity strategy plan - template
Strategic goal development
Scope defining
Identify the requirements and develop objectives
Establish key performance indicators (KPI)
Real-time examples of KPI for cybersecurity domain
Identification of key stakeholders
Determining the resource requirement
Develop a communication strategy
Implement strategy
Review the progress
Conclusion
Questions
15. Best Practices and Recommendations
Structure
Objectives
Overview and need of the hour
Network security best practices
Data security best practices
Best practices for managing and securing service accounts
Recommended technologies for your maturity roadmap
Deep dive to zero trust
Zero trust and NIST 800-27
Zero trust principles
Adoption path of zero trust
Deep dive to SD-WAN
SD-WAN security
Quick wins with SD-WAN
Role of SD-WAN in cybersecurity strategy
Deep dive to Secure Service Edge (SSE)
Core functionalities of SSE
Benefits of SSE over the traditional setup
Selection criteria for SSE
Adoption of AI and ML
Influence of AI and ML in cybersecurity space
Use cases for ML
Digital Forensics and Incident Response (DFIR)
Importance of DFIR in cybersecurity
Best practices around DFIR
Key considerations while selecting an open-source technology stack
Satisfaction of a requirement
Skill set
Community
Support
Documentation
Security
Conclusion
Questions
IndexDonate to keep this site alive
To access the Link, solve the captcha.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.
