The Cybersecurity Playbook for Modern Enterprises: An end-to-end guide to preventing data breaches and cyber attacks
Learn how to build a cybersecurity program for a changing world with the help of proven best practices and emerging techniques
- Understand what happens in an attack and build the proper defenses to secure your organization
- Defend against hacking techniques such as social engineering, phishing, and many more
- Partner with your end user community by building effective security awareness training programs
Security is everyone’s responsibility and for any organization, the focus should be to educate their employees about the different types of security attacks and how to ensure that security is not compromised.
This cybersecurity book starts by defining the modern security and regulatory landscape, helping you understand the challenges related to human behavior and how attacks take place. You’ll then see how to build effective cybersecurity awareness and modern information security programs. Once you’ve learned about the challenges in securing a modern enterprise, the book will take you through solutions or alternative approaches to overcome those issues and explain the importance of technologies such as cloud access security brokers, identity and access management solutions, and endpoint security platforms. As you advance, you’ll discover how automation plays an important role in solving some key challenges and controlling long-term costs while building a maturing program. Toward the end, you’ll also find tips and tricks to keep yourself and your loved ones safe from an increasingly dangerous digital world.
By the end of this book, you’ll have gained a holistic understanding of cybersecurity and how it evolves to meet the challenges of today and tomorrow.
What you will learn
- Understand the macro-implications of cyber attacks
- Identify malicious users and prevent harm to your organization
- Find out how ransomware attacks take place
- Work with emerging techniques for improving security profiles
- Explore identity and access management and endpoint security
- Get to grips with building advanced automation models
- Build effective training programs to protect against hacking techniques
- Discover best practices to help you and your family stay safe online
Who this book is for
This book is for security practitioners, including analysts, engineers, and security leaders, who want to better understand cybersecurity challenges. It is also for beginners who want to get a holistic view of information security to prepare for a career in the cybersecurity field. Business leaders looking to learn about cyber threats and how they can protect their organizations from harm will find this book especially useful. Whether you’re a beginner or a seasoned cybersecurity professional, this book has something new for everyone.
The Cybersecurity Playbook for Modern Enterprises: An end-to-end guide to preventing data breaches and cyber attacks 1 Protecting People, Information, and Systems – A Growing Problem Why cybercrime is here to stay – a profitable business model The macro-economic cost of cybercrime The global cost of identity theft Intellectual property and Western economies Micro-level impacts and responses to cybercrime The role of governments and regulation Industry regulation The growing need for data privacy regulation Data sovereignty regulations Workers’ councils The foundational elements of security People Information Systems The cybersecurity talent shortage Summary Check your understanding Further reading 2 The Human Side of Cybersecurity People exploiting people Social engineering techniques Stealing credentials Malicious software The three types of insider threats Well-meaning insiders Compromised accounts Malicious insiders Summary Check your understanding Further reading 3 Anatomy of an Attack Understanding the risk from targeted attacks Organized crime State-sponsored actors and military operations Hacktivists and terrorists Insider threats Risk treatment planning Stages of an attack Extortion Gaining access to target systems Installing malicious software Spreading the infection Notifying the victim and making demands Stealing information Identifying what to steal Gaining access to information Aggregating information Exfiltrating information Generating economic benefit System disruption or destruction Attacks on critical infrastructure Revenge attacks Cyber weapons of war Attackers for hire Dark web forums Malware as a Service Summary Check your understanding Further reading 4 Protecting People, Information, and Systems with Timeless Best Practices The most important threat vector Email attacks by the numbers Types of email-based attacks Time-honored best practices that could stop most breaches Concept of Least Privilege Need to Know Role-Based Access Control Identity Management Vulnerability management and patching Capabilities necessary in the remote world Factors of authentication Why your password is meaningless Multifactor authentication Network segmentation Allowed applications The role of human behavior Behavior analysis for authentication Behavior analysis for anomaly detection Adaptive security in human behavior The everything, everywhere world Summary Check your understanding Further reading 5 Protecting against Common Attacks by Partnering with End Users A framework for effective training Frequency Content Scope Making your people your partners Making people active participants Simulations are better than presentations Educating about data Training people to protect against common hacking techniques Social engineering awareness Phishing training and prevention Technologies supporting people Tabletop exercises Summary Check your understanding Further reading 6 Information Security for a Changing World Frames of reference Military connection Security triumvirates Challenges with the traditional information security model Protecting information Challenges of information protection Protecting information is a critical capability Mapping data flows Cross-functional collaboration Securing networks and workloads – past, present, and future Securing networks Securing cloud workloads Securing identities and granting access Verifying identities Granting access Permissions accumulation Human behavior Securing endpoints Summary Check your understanding Further reading 7 Difficulty Securing the Modern Enterprise (with Solutions!) Cybersecurity talent shortage Not enough people! Services can help! Automation Too much technology with too little process Console whiplash Siloed programs Lack of business involvement What are we trying to accomplish? Cyber risk is business risk Risk treatment planning Looking for material risk factors Lack of continuing education The pace of change Updating certain skills Applying timeless concepts Summary Check your understanding Further reading 8 Harnessing Automation Opportunities Defining automation opportunities A brief introduction to finance Mapping a task by its cost basis Documenting manual processes Automating processes Gathering data and applying context Ethics in AI Testing the systems Confusion matrix Hybrid implementations How attackers can leverage automation Summary Check your understanding Further reading 9 Cybersecurity at Home Protecting children and teaching them about online safety The permanence of social media The truth behind the façade The danger lurking online Password managers Multifactor authentication Password complexity and why it matters Stop publishing your information! Scraping Summary Check your understanding Further reading
How to download source code?
1. Go to:
2. In the Find a repository… box, search the book title:
The Cybersecurity Playbook for Modern Enterprises: An end-to-end guide to preventing data breaches and cyber attacks, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.