The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks
- Length: 382 pages
- Edition: 1
- Language: English
- Publisher: IT Governance Publishing
- Publication Date: 2020-12-10
- ISBN-10: 1787782603
- ISBN-13: 9781787782600
- Sales Rank: #5273645 (See Top 100 Books)
In the world as we know it, you can be attacked both physically and virtually. For today’s organisations, which rely so heavily on technology – particularly the Internet – to do business, the latter is the far more threatening of the two. The cyber threat landscape is complex and constantly changing. For every vulnerability fixed, another pops up, ripe for exploitation.
This book is a comprehensive cyber security implementation manual which gives practical guidance on the individual activities identified in the IT Governance Cyber Resilience Framework (CRF) that can help organisations become cyber resilient and combat the cyber threat landscape.
Suitable for senior directors (CEO, CISO, CIO), compliance managers, privacy managers, IT managers, security analysts and others, the book is divided into six parts:
Part 1: Introduction. The world of cyber security and the approach taken in this book.
Part 2: Threats and vulnerabilities. A discussion of a range of threats organisations face, organised by threat category, to help you understand what you are defending yourself against before you start thinking about your actual defences.
Part 3: The CRF processes. Detailed discussions of each of the 24 CRF processes, explaining a wide range of security areas by process category and offering guidance on how to implement each.
Part 4: Eight steps to implementing cyber security. Our eight-step approach to implementing the cyber security processes you need and maintaining them.
Part 5: Reference frameworks. An explanation of how standards and frameworks work, along with their benefits. It also presents ten framework options, introducing you to some of the best-known standards and giving you an idea of the range available.
Part 6: Conclusion and appendices. The appendices include a glossary of all the acronyms and abbreviations used in this book.
Whether you are just starting out on the road to cyber security or looking to enhance and improve your existing cyber resilience programme, it should be clear that cyber security is no longer optional in today’s information age; it is an essential component of business success.
Make sure you understand the threats and vulnerabilities your organisation faces and how the Cyber Resilience Framework can help you tackle them. Start your journey to cyber security now – buy this book today!
Cover Title Copyright Contents Part 1: Introduction Chapter 1: The threat landscape Chapter 2: Information and cyber security Chapter 3: Cyber resilience Chapter 4: Regulatory and contractual requirements 4.1 International data privacy laws 4.2 Cyber security requirements for critical infrastructure 4.3 Contractual requirements Chapter 5: Implementing cyber security 5.1 Making trade-offs 5.2 Three security pillars 5.3 The IT Governance Cyber Resilience Framework (CRF) 5.4 Structure of the book Part 2: Threats and vulnerabilities Chapter 6: The anatomy of threats Chapter 7: Technical threats 7.1 The attackers 7.2 Malware 7.3 Technical threat example: TalkTalk data breach Chapter 8: Human threats 8.1 Staff awareness 8.2 Social engineering 8.3 Remote working 8.4 Human threat example: WannaCry Chapter 9: Physical threats 9.1 Physical entry threats 9.2 Physical security and mobile devices 9.3 Environmental threats 9.4 Physical threat example: KVM attacks Chapter 10: Third-party threats 10.1 Supply chain threats 10.2 Third-party threat example: Target data breach Part 3: The CRF processes Chapter 11: An overview of the CRF processes Chapter 12: Manage and protect 12.1 Asset management 12.2 Information security policies 12.3 Physical and environmental security 12.4 Identity and access control 12.5 Malware protection 12.6 Configuration and patch management 12.7 Encryption 12.8 System security 12.9 Network and communications security 12.10 Security competence and training 12.11 Staff awareness training 12.12 Comprehensive risk management programme 12.13 Supply chain risk management Chapter 13: Identify and detect 13.1 Threat and vulnerability intelligence 13.2 Security monitoring Chapter 14: Respond and recover 14.1 Incident response management 14.2 ICT continuity management 14.3 Business continuity management Chapter 15: Govern and assure 15.1 Formal information security management programme 15.2 Continual improvement process 15.3 Board-level commitment and involvement 15.4 Governance structure and processes 15.5 Internal audit 15.6 External certification/validation Chapter 16: Maturity levels 16.1 Determining the level of maturity to aim for Part 4: Eight steps to implementing cyber security Chapter 17: Introducing the IT Governance eight-step approach Chapter 18: Step 1 – Start the project 18.1 Project mandate 18.2 Project team 18.3 Project leadership Chapter 19: Step 2 – Determine requirements and objectives 19.1 Project vs cyber security objectives Chapter 20: Step 3 – Determine the scope Chapter 21: Step 4 – Define current and ideal target states Using the CRF Gap analysis Chapter 22: Step 5 – Establish a continual improvement model Chapter 23: Step 6 – Conduct a risk assessment Chapter 24: Step 7 – Select and implement controls Chapter 25: Step 8 – Measure and review performance 25.1 Continual improvement 25.2 Management review Part 5: Reference frameworks Chapter 26: Why you should consider reference frameworks 26.1 Standard types 26.2 Certification benefits Chapter 27: Core 27.1 Cyber Essentials 27.2 CRF alignment Chapter 28: Baseline 28.1 NIST CSF 28.2 ISO 27001 28.3 CRF alignment Chapter 29: Extended 29.1 ISO 22301 – BCM 29.2 ISO 27017 – Cloud security 29.3 ISO 27035 – Information security incident management 29.4 ISO 27036 – Information security in the supply chain 29.5 ISO 27701 – Privacy management 29.6 CRF alignment Chapter 30: Embedded 30.1 COBIT® 30.2 ISO 27014 30.3 CRF alignment Part 6: Conclusion and appendices Chapter 31: Conclusion Appendix 1: IT and information asset checklist Appendix 2: Template outline project plan Appendix 3: Glossary of acronyms and abbreviations GRC International Group resources Publishing services GRC International Group cyber security services Cyber security training and staff awareness Professional services and consultancy Newsletter
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.