Building an effective cybersecurity program.

Cover
Title page
Copyright
Dedication
Acknowledgments
Preface
Why a Second Edition?
Foreword
Contents
Introduction
Chapter 1: Designing a Cybersecurity Program
Chapter 1 Roadmap
1.1 Cybersecurity Program Design Methodology
1.1.1 Need for a Design to Attract the Best Personnel
1.1.2 A Recommended Design Approach: ADDIOI Model™
1.1.3 The Six Phases of the ADDIOI Model™
1.2 Defining Architectures, Frameworks, and Models
1.2.1 Program Design Guide
1.3 Design Principles
1.4 Intersection of Privacy and Cybersecurity
1.5 Good Practice vs. Best Practice
1.6 Adjust Your Design Perspective
1.7 Architectural Views
1.8 Cybersecurity Program Blueprint
1.9 Program Structure
1.9.1 Office of the CISO
1.9.2 Security Engineering
1.9.3 Security Operations
1.9.4 Cyber Threat Intelligence
1.9.5 Cyber Incident Response
1.9.6 Physical Security
1.9.7 Recovery Operations
1.10 Cybersecurity Program Frameworks and Models
1.10.1 HITRUST® CSF®
1.10.2 Information Security Forum (ISF) Framework
1.10.3 ISO/IEC 27001/27002 Information Security Management System (ISMS)
1.10.4 NIST Cybersecurity Framework
1.11 Cybersecurity Program Technologies
1.11.1 Application security
1.11.2 Authentication
1.11.3 Cloud security
1.11.4 Container security
1.11.5 Data Loss Prevention (DLP)
1.11.6 Digital forensics
1.11.7 Distributed Denial of Service (DDoS) Mitigation
1.11.8 Deception technology
1.11.9 Domain Name Services (DNS) Attack Security
1.11.10 Encryption
1.11.11 Endpoint Protection Platform (EPP)
1.11.12 Firewalls (FW)
1.11.13 Identity and Access Management (IDAM)
1.11.14 Internet of Things (IoT) Security
1.11.15 Intrusion Protection Systems (IPS)
1.11.16 Network Access Control (NAC)
1.11.17 Privileged Account Management (PAM)
1.11.18 Security Information and Event Management (SIEM)
1.11.19 Security Orchestration, Automation and Response (SOAR)
1.11.20 Threat Intelligence Platform (TIP)
1.11.21 User and Entity Behavior Analysis (UEBA)
1.11.22 Virtualization security
1.11.23 Vulnerability management
1.11.24 Web filtering
1.11.25 Whitelisting
1.12 Security Training Program
1.12.1 Awareness Training
1.12.2 Phishing Attack Training
1.12.3 Ransomware Attack Simulations
1.13 Maturing Cybersecurity Programs
1.13.1 Security Ratings
1.14 Cybersecurity Program Design Checklist
Chapter 2: Establishing a Foundation of Governance
Chapter 2 Roadmap
2.1 Governance Overview
2.2 Cybersecurity Governance Playbook
2.3 Selecting a Governance Framework
2.3.1 COBIT® 5: Framework for Information Technology Governance and Control
2.3.2 COSO 2013 Internal Control – Integrated Framework
2.3.3 Information Governance Reference Model (IGRM)
2.3.4 ARMA – Information Coalition – Information Governance Model
2.3.5 OCEG GRC Capability Model™ 3.0 (Red Book)
2.4 Governance Oversight Board
2.5 Cybersecurity Policy Model
2.5.1 Cybersecurity Policy Management
2.5.2 Cybersecurity Policy Management Software
2.6 Governance, Risk, and Compliance (GRC) Software
2.7 Key Cybersecurity Program Management Disciplines
2.8 Security Talent Development
2.8.1 Training
2.8.2 Certifications
2.9 Creating a Culture of Cybersecurity
2.10 Cybersecurity Insurance
2.11 Governance Foundation Checklist
Chapter 3: Building a Cyber Threat, Vulnerability Detection, and Intelligence Capability
Chapter 3 Roadmap
3.1 Cyber Threats and Vulnerabilities
3.1.1 Threats, Vulnerability, and Intelligence Model
3.2 Cyber Threats
3.2.1 Lesson from the Honeybees
3.2.2 Cyber Threat Categories
3.2.3 Threat Taxonomies
3.2.4 Cyber Threat Actors
3.2.5 Cyber Threat-Hunting
3.2.6 Cyber Threat-Modeling
3.2.7 Cyber Threat Detection Solutions
3.2.8 Cyber Threat Metrics
3.2.9 Cybersecurity Threat Maps
3.3 Adversary Profile
3.4 Vulnerability Management
3.4.1 Vulnerability Scanning
3.4.2 Patch Management
3.5 Security Testing
3.5.1 Penetration Testing
3.5.2 Red Teams
3.5.3 Blue Teams
3.5.4 Purple Teams
3.5.5 Bug Bounties
3.5.6 War Gaming
3.5.7 Tabletop Exercises (TTX)
3.6 Attack Surface
3.6.1 Attack Surface Mapping
3.6.2 Shadow IT Attack Surface
3.6.3 Attack Surface Classification
3.6.4 Attack Surface Management (ASM)
3.7 Cyber Threat Intelligence
3.7.1 Cyber Threat Intelligence Services
3.7.2 Cyber Threat Intelligence Program Use Cases
3.8 Cyber Kill Chain
3.9 Threat Frameworks
3.10 Assumption of Breach
3.11 Cyber Threat, Vulnerability Detection, and Intelligence Checklist
Chapter 4: Building a Cyber Risk Management Capability
Chapter 4 Roadmap
4.1 Cyber Risk
4.1.1 Cyber Risk Landscape
4.1.2 Risk Types
4.1.3 Cyber Risk Appetite
4.1.4 Risk Tolerance
4.1.5 Risk Threshold
4.1.6 Risk Acceptance
4.1.7 Inherent Risk
4.1.8 Residual Risk
4.1.9 Annualized Loss Expectancy (ALE)
4.1.10 Return on Investment (ROI)
4.2 Cyber Risk Assessments
4.2.1 Business Impact Assessment (BIA)
4.2.2 Calculating Risk
4.2.3 Risk Registry
4.3 Cyber Risk Standards
4.4 Cyber Risk Management Lifecycle
4.5 Cyber Risk Treatment
4.6 Risk Monitoring
4.7 Risk Reporting
4.8 Risk Management Frameworks
4.9 Risk Maturity Models
4.10 Third-Party Risk Management (TPRM)
4.10.1 TPRM Program Structure
4.10.2 Third-Party Attestation Services
4.11 Cyber Black Swans
4.12 Cyber Risk Cassandras
4.13 Cyber Risk Management Checklist
Chapter 5: Implementing a Defense-in-Depth Strategy
Chapter 5 Roadmap
5.1 Defense-in-Depth
5.1.1 Industry Perception
5.1.2 Defense-in-Depth Models
5.1.3 Origin of Contemporary Defense-in-Depth Models
5.1.4 Defense-in-Depth Layer Categorization
5.1.5 Defense-in-Depth Criticism
5.1.6 Defensive Layers
5.2 Improving the Effectiveness of Defense-in-Depth
5.2.1 Governance, Risk and, Compliance (GRC) Domain
5.2.2 Threat and Vulnerability Management (TVM) Domain
5.2.3 Application, Database, and Software Protection (ADS) Domain
5.2.4 Security Operations (SecOps) Domain
5.2.5 Device and Data Protection (DDP) Domain
5.2.6 Cloud Service and Infrastructure Protection (CIP) Domain
5.3 Zero Trust
5.4 Defense-in-Depth Model Schema
5.5 Open Source Software Protection
5.6 Defense-in-Depth Checklist
Chapter 6: Applying Service Management to Cybersecurity Programs
Chapter 6 Roadmap
6.1 Information Technology Service Management (ITSM)
6.1.1 Brief History of ITSM and ITIL
6.2 Cybersecurity Service Management
6.2.1 Cybersecurity Service Management Approach
6.3 Service Management Catalog
6.4 Cybersecurity Program Personnel
6.4.1 Applying the RACI-V Model to Cybersecurity Program Staffing
6.4.2 Applying the Kanban Method to Cybersecurity Program Staff Workflow
6.4.3 Bimodal IT Environments
6.5 Cybersecurity Operations Center (C-SOC)
6.6 Incident Management
6.6.1 Incident Response Management Products
6.7 Security Automation and Orchestration (SAO)
6.8 DevSecOps
6.8.1 Rugged DevOps
6.8.2 DevSecOps Factory Model™
6.9 Software-Defined Security (SDSec)
6.10 Emerging Cybersecurity Technologies
6.10.1 Artificial Intelligence
6.10.2 Augmented Reality (AR)
6.10.3 Blockchain
6.10.4 Machine Learning (ML)
6.11 Cybersecurity Program Operationalization Checklist
Chapter 7: Cybersecurity Program Design Toolkit
7.1 Overview
7.2 Gap Assessment
7.3 Security Stories
7.4 SWOT Matrix
7.5 RACI-V Diagram
7.6 Organization Chart
7.7 Cybersecurity Software Inventory
7.8 Data Classification Schema
7.9 Compliance Requirements
7.10 SIPOC Diagram
7.11 Service Design Package (SDP)
7.12 Metrics
7.13 Risk/Issue Log
7.14 In/Out Matrix
7.15 Notice of Decision (NoD)
7.16 Kanban Board
7.17 Requirements Traceability Matrix (RTM)
7.18 Design Requirements Manual (DRM)
Appendix A: Useful Checklists and Information
Index
Credits
About the Author