Information Security Handbook: Enhance your proficiency in information security program development [2 ed.]
9781837632701
Information Security Handbook is a practical guide that’ll empower you to take effective actions in securing your organi
114
3
6MB
English
Pages 370
Year 2023
Report DMCA / Copyright
DOWNLOAD EPUB FILE
Table of contents :
Information Security Handbook
Contributors
About the author
About the reviewers
Preface
Who this book is for
What this book covers
To get the most out of this book
Conventions used
Get in touch
Reviews
Share Your Thoughts
Download a free PDF copy of this book
1
Information and Data Security Fundamentals
Introduction
Information security challenges
Evolution of cybercrime
The modern role of information security
Information technology security engineering
Information assurance
The CIA triad
Organizational information security assessment
Risk management
Information security standards
Information security policies
Information security training
Summary
2
Defining the Threat Landscape
Understanding the organizational context
Threats
Phishing attacks
Ransomware
Malware
Distributed denial-of-service attacks
Insider threats
Advanced Persistent Threats
Social engineering attacks
Supply chain attacks
Hackers and hacking
White hat/ethical hacker
Black hat hacker
Gray hat hacker
Blue hat hacker
Script kiddie
Hacktivist
Nation-state attacker
Penetration testing
Cybercrime
Exploits
Hacker techniques
Closing information system vulnerabilities
Vulnerability management
Summary
3
Laying a Foundation for Information and Data Security
Developing a comprehensive information security program
Leveraging existing frameworks instead of building from scratch
Essential factors for information security program success
Aligning information security with the organization’s mission
Optimizing information security measures for your organization
Enhancing security through comprehensive awareness and training programs
Building information security into the SDLC/SELC process
Understanding and enhancing your information security program maturity
Information security policies
Information security program policy
Enterprise information security policies
Information security system-specific policy
Planning policy
Access controls policy
Awareness and training policy
Auditing and accountability policy
Configuration management policy
Contingency planning policy
Identification and authentication policy
Incident response policy
Maintenance policy
Media protection policy
Personnel security policy
Physical and environmental protection policy
Risk assessment policy
Assessment, authorization, and monitoring policy
System and communications protection policy
System and information integrity policy
Systems and services acquisitions policy
Personally identifiable information policy
Supply chain risk management policy
Summary
4
Information Security Risk Management
What is information security risk?
Understanding the ownership and management of information security risk
Identifying and protecting your organization’s
valuable data
Conducting a quick risk assessment
Risk management is an organizational-wide activity
The life cycle of risk management in information security
Information classification and its importance in information security
Steps in the data classification process
Determining information assets
Finding information in the environment
Organizing information into categories
Valuing information
Establishing impact
Security control selection
Security control implementation
Assessing implemented security controls
Authorizing information systems to operate
Monitoring information system security controls
Calculating risk – a comprehensive look at qualitative and quantitative risk assessments
Qualitative risk analysis – subjective evaluation of threats
Quantitative risk analysis – objective measurements and calculations
Identifying threats and choosing the right approach
Identifying your organization’s vulnerabilities
Pairing threats with vulnerabilities
Estimating likelihood
Estimating impact
Conducting the risk assessment
Exploring management approaches to risk
Quantitative analysis
Summary
5
Developing Your Information and Data Security Plan
Determining your information security program objectives
Foundational information security activities to consider
Successful information security program elements
Rightsizing your information security program
Compliance requirements
Is your organization centralized or decentralized?
Business risk appetite
Organizational maturity
Principles to guarantee the success of your information security program
Business alignment
Communication strategies
Information security program plan elements
Developing an information security program strategy
Establishing key initiatives
Defining roles and responsibilities
Establishing enforcement areas
Summary
6
Continuous Testing and Monitoring
Types of technical testing
SDLC considerations for testing
Project initiation
Requirements analysis
System design
System implementation
System testing
Operations and maintenance
Disposition
SDLC summary
Continuous monitoring
Information security assessment automation
Effectively reporting information security metrics
Alerting to information security weaknesses
Vulnerability assessment
Vulnerability scanning process
Vulnerability resolution
Penetration testing
Phases of a penetration test
Difference between vulnerability assessments and penetration testing
Summary
7
Business Continuity/Disaster Recovery Planning
Introduction to BCDR
Integrating BC planning and DR planning
Scope of a BCDR plan
Focus areas for BCDR planning
Designing a BCDR plan
Requirements and context gathering – BIA
Inputs to the BIA
Outputs from the BIA
Sample BIA form
Defining technical DR mechanisms
Identifying and documenting required resources
Conducting a gap analysis
Developing DR mechanisms
Developing your plan
Testing the BCDR plan
Summary
8
Incident Response Planning
What is an IRP?
Do I need an IRP?
Components of an IRP
Preparation of an IRP
Understanding what is important
Prioritization
Determining what normal network activity looks like
Observe, orient, decide, and act
Incident response procedure development
Identification – detection and analysis
Identification – incident response tools
Observational technical tools
Orientation tools
Decision tools
Remediation – containment/recovery/mitigation
Remediation – incident response tools
Act (response) tools
Post-incident activity
Remediation – root cause analysis
Lessons-learned sessions
IRP testing
Summary
9
Developing a Security Operations Center
What is a SOC?
What are the responsibilities of the SOC?
Management of SOC tools
SOC toolset design
Using already implemented toolsets
SOC roles
Log/information aggregation
Log/information analysis
Processes and procedures
Identification – detection and analysis
Remediation – containment/eradication/recovery
SOC tools
Benefits of a SOC – in-house and MSSP
Summary
10
Developing an Information Security Architecture Program
What is information security architecture?
Information security architecture and SDLC/SELC
Initiation phase
Requirement analysis phase
Design phase
Implementation phase
Testing phase
Operations and maintenance phase
Disposition phase
Conducting an initial information security analysis
Purpose and description of the information system
Determining compliance requirements
Documenting key information system and project roles
Defining the expected user types
Documenting interface requirements
Documenting external information systems access
Conducting a business impact assessment (BIA)
Conducting information categorization
Developing a security architecture advisement program
Information security architecture process
Example information security architecture process
Architecture special considerations
Summary
11
Cloud Security Considerations
Importance of cloud computing
Cloud computing characteristics
Cloud computing service models
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
Cloud computing deployment models
Public cloud
Private cloud
Community cloud
Hybrid cloud
Cloud computing management models
Managed service providers
Cloud service providers
Special considerations for cloud computing
Cloud computing data security
Identification, authentication, and authorization in the cloud
Monitoring and logging considerations
Security automation considerations
Secure application development considerations
Summary
12
Zero Trust Architecture in Information Security
Zero Trust and its principles
The history of Zero Trust
Importance of Zero Trust in cybersecurity
Shifting from traditional perimeter-based security
The pillars of Zero Trust
Identity pillar
Devices
Networks
Applications and Workloads
Data
Summary
13
Third-Party and Supply Chain Security
Understanding C-SCRM and its importance
The challenges in managing supply chain cybersecurity risks
The risks associated with supply chains
The consequences of supply chain risks
Methods to identify supply chain risks
Assessing the severity and likelihood of C-SCRM risks
Strategies to mitigate supply chain risks
Developing C-SCRM policies and plans
Integrating C-SCRM into security program and business activities
Stakeholders that support the integration
Monitoring and reviewing C-SCRM practices
Summary
Index
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book