The Cybersecurity Playbook for Modern Enterprises: An end-to-end guide to preventing data breaches and cyber attacks
- Length: 280 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2022-03-31
- ISBN-10: 1803248637
- ISBN-13: 9781803248639
- Sales Rank: #0 (See Top 100 Books)
Learn how to build a cybersecurity program for a changing world with the help of proven best practices and emerging techniques
Key Features
- Understand what happens in an attack and build the proper defenses to secure your organization
- Defend against hacking techniques such as social engineering, phishing, and many more
- Partner with your end user community by building effective security awareness training programs
Book Description
Security is everyone’s responsibility and for any organization, the focus should be to educate their employees about the different types of security attacks and how to ensure that security is not compromised.
This cybersecurity book starts by defining the modern security and regulatory landscape, helping you understand the challenges related to human behavior and how attacks take place. You’ll then see how to build effective cybersecurity awareness and modern information security programs. Once you’ve learned about the challenges in securing a modern enterprise, the book will take you through solutions or alternative approaches to overcome those issues and explain the importance of technologies such as cloud access security brokers, identity and access management solutions, and endpoint security platforms. As you advance, you’ll discover how automation plays an important role in solving some key challenges and controlling long-term costs while building a maturing program. Toward the end, you’ll also find tips and tricks to keep yourself and your loved ones safe from an increasingly dangerous digital world.
By the end of this book, you’ll have gained a holistic understanding of cybersecurity and how it evolves to meet the challenges of today and tomorrow.
What you will learn
- Understand the macro-implications of cyber attacks
- Identify malicious users and prevent harm to your organization
- Find out how ransomware attacks take place
- Work with emerging techniques for improving security profiles
- Explore identity and access management and endpoint security
- Get to grips with building advanced automation models
- Build effective training programs to protect against hacking techniques
- Discover best practices to help you and your family stay safe online
Who this book is for
This book is for security practitioners, including analysts, engineers, and security leaders, who want to better understand cybersecurity challenges. It is also for beginners who want to get a holistic view of information security to prepare for a career in the cybersecurity field. Business leaders looking to learn about cyber threats and how they can protect their organizations from harm will find this book especially useful. Whether you’re a beginner or a seasoned cybersecurity professional, this book has something new for everyone.
The Cybersecurity Playbook for Modern Enterprises: An end-to-end guide to preventing data breaches and cyber attacks
1 Protecting People, Information, and Systems – A Growing Problem
Why cybercrime is here to stay – a profitable business model
The macro-economic cost of cybercrime
The global cost of identity theft
Intellectual property and Western economies
Micro-level impacts and responses to cybercrime
The role of governments and regulation
Industry regulation
The growing need for data privacy regulation
Data sovereignty regulations
Workers’ councils
The foundational elements of security
People
Information
Systems
The cybersecurity talent shortage
Summary
Check your understanding
Further reading
2 The Human Side of Cybersecurity
People exploiting people
Social engineering techniques
Stealing credentials
Malicious software
The three types of insider threats
Well-meaning insiders
Compromised accounts
Malicious insiders
Summary
Check your understanding
Further reading
3 Anatomy of an Attack
Understanding the risk from targeted attacks
Organized crime
State-sponsored actors and military operations
Hacktivists and terrorists
Insider threats
Risk treatment planning
Stages of an attack
Extortion
Gaining access to target systems
Installing malicious software
Spreading the infection
Notifying the victim and making demands
Stealing information
Identifying what to steal
Gaining access to information
Aggregating information
Exfiltrating information
Generating economic benefit
System disruption or destruction
Attacks on critical infrastructure
Revenge attacks
Cyber weapons of war
Attackers for hire
Dark web forums
Malware as a Service
Summary
Check your understanding
Further reading
4 Protecting People, Information, and Systems with Timeless Best Practices
The most important threat vector
Email attacks by the numbers
Types of email-based attacks
Time-honored best practices that could stop most breaches
Concept of Least Privilege
Need to Know
Role-Based Access Control
Identity Management
Vulnerability management and patching
Capabilities necessary in the remote world
Factors of authentication
Why your password is meaningless
Multifactor authentication
Network segmentation
Allowed applications
The role of human behavior
Behavior analysis for authentication
Behavior analysis for anomaly detection
Adaptive security in human behavior
The everything, everywhere world
Summary
Check your understanding
Further reading
5 Protecting against Common Attacks by Partnering with End Users
A framework for effective training
Frequency
Content
Scope
Making your people your partners
Making people active participants
Simulations are better than presentations
Educating about data
Training people to protect against common hacking techniques
Social engineering awareness
Phishing training and prevention
Technologies supporting people
Tabletop exercises
Summary
Check your understanding
Further reading
6 Information Security for a Changing World
Frames of reference
Military connection
Security triumvirates
Challenges with the traditional information security model
Protecting information
Challenges of information protection
Protecting information is a critical capability
Mapping data flows
Cross-functional collaboration
Securing networks and workloads – past, present, and future
Securing networks
Securing cloud workloads
Securing identities and granting access
Verifying identities
Granting access
Permissions accumulation
Human behavior
Securing endpoints
Summary
Check your understanding
Further reading
7 Difficulty Securing the Modern Enterprise (with Solutions!)
Cybersecurity talent shortage
Not enough people!
Services can help!
Automation
Too much technology with too little process
Console whiplash
Siloed programs
Lack of business involvement
What are we trying to accomplish?
Cyber risk is business risk
Risk treatment planning
Looking for material risk factors
Lack of continuing education
The pace of change
Updating certain skills
Applying timeless concepts
Summary
Check your understanding
Further reading
8 Harnessing Automation Opportunities
Defining automation opportunities
A brief introduction to finance
Mapping a task by its cost basis
Documenting manual processes
Automating processes
Gathering data and applying context
Ethics in AI
Testing the systems
Confusion matrix
Hybrid implementations
How attackers can leverage automation
Summary
Check your understanding
Further reading
9 Cybersecurity at Home
Protecting children and teaching them about online safety
The permanence of social media
The truth behind the façade
The danger lurking online
Password managers
Multifactor authentication
Password complexity and why it matters
Stop publishing your information!
Scraping
Summary
Check your understanding
Further readingHow to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: The Cybersecurity Playbook for Modern Enterprises: An end-to-end guide to preventing data breaches and cyber attacks, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.
