𝔖 Scriptorium
✦   LIBER   ✦
📁

Enterprise-Grade IT Security for Small and Medium Businesses: Building Security Systems, in Plain English

✍ Scribed by Denny Cherry

Publisher
Apress
Year
2022
Tongue
English
Leaves
153
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

Understand the IT security features that are needed to secure the IT infrastructure of a small to medium-size business. This book will give IT managers and executives a solid understanding of the different technology solutions that their business relies upon–or should be employing–in order to make reasoned decisions regarding the implementation of those features. Coverage includes multi-factor authentication, firewalls, zero-trust environments, network segmentation, remote access solutions, and the people aspects of security that are often overlooked and represent an organization’s biggest vulnerability.
Chapters on the various technologies such as multi-factor authentication and zero-trust environments explain in plain English the values and benefits that each technology provides. Clear technical explanations are accompanied by business case explanations that explain the “why” of each technology and when each technology should be implemented. You will come away equipped to have business-driven discussions with your IT staff that allow for a productive balancing of the need for security with the need to do business and drive profits.

You Will Learn

  • The importance of multi-factor authentication
  • The limits of what multi-factor authentication can protect
  • How firewalls are used to protect your company from attackers
  • What zero-trust environments are and what they mean
  • Whether zero-trust networks are what is needed to secure your own environment
  • The security benefits from implementing a network segmentation policy
  • The best ways to access files and resources from remote locations outside the office

Who This Book Is For
Managers and executives at small to medium-size businesses who want to understand the core aspects of IT security on which their businessrelies, business leaders who want to be able to follow along with and engage in discussions with IT professionals about security features, and leaders who are tasked with making decisions on which IT security features to implement


✦ Table of Contents

Contents
About the Author
About the Technical Reviewer
Introduction
Part I: The Infrastructure
Chapter 1: Why IT Security Matters
Why We Need IT Security
Types of Attacks on Companies
SQL Injection
Credential Hijacking
Internal Attacks
IT Security Is Expensive: Is It Worth the Cost?
Defense in Depth
Specific Security Compliance Standards
FedRamp
SOC
SOC 1
SOC 2
SOC 3
ISO/IEC 27001
Microsoft Operational Security Assurance Practices
NIST STIG
PCI DSS
Chapter 2: Network Design
What Is a Ringed Network?
Management of Inner Networks
Separating Customer-Facing Services from Internal Services
Isolation of Workloads
Separation of Duties
Chapter 3: Firewalls
What Do Firewalls Do?
SNAT
DNAT
Does My Company Need a Firewall?
The Office
The Colocation Facility
Firewalls and the Cloud
Microsoft Azure
Amazon Web Services (AWS)
Google Cloud Platform (GCP)
Non-Major Cloud Providers
Access to the Internet
Firewalls Aren’t Just for the Cloud
Use a Firewall
Chapter 4: Distributed Denial of Service
What Is a Denial-of-Service Attack?
What Is a Distributed Denial of Service Attack?
Why Are Distributed Denial of Service Attacks Done?
Distributed Denial of Service Attacks as a Service
What Do Distributed Denial of Service Appliance Services Do?
Microsoft Azure
Amazon AWS
Google GCP
What Are the Differences Between Firewalls and Distributed Denial of Service Appliances?
Firewalls and Distributed Denial of Service Applications in the Cloud
Do I Need a Distributed Denial of Service Appliance?
Chapter 5: Remote Connectivity
Virtual Private Network
Person-to-Site Virtual Private Network
Site-to-Site Virtual Private Network
Third-Party Desktop Sharing Services
Azure Virtual Desktop
Part II: The Computers
Chapter 6: Computer Operating System Security
Security Updates
*nix Security
Windows Security
Apple Security
Is Windows or Linux Better?
Minimizing the Attack Surface
Data Encryption
Chapter 7: Multi-Factor Authentication
Don’t Build Your Own Multi-Factor Authentication System
When Should MFA Be Used?
Text Messages versus Multi-Factor Authentication Applications
Bypassing Multi-Factor Authentication
Brute Forcing Past Multi-Factor Authentication
Giving the Help Desk Person Who Calls a Multi-Factor Authentication Code
Protecting Multi-Factor Authentication
Requiring the Use of Company Devices
Choose Platforms Carefully
Chapter 8: Zero-Trust Environments
What Can Be Secured Using a Zero-Trust Environment?
Just In Time Access
Conditional Access
Policy Conditions
User’s Risk Profile
Current Sign-in Risk
Device Operating System
Locations
Application Login Method
Device Metadata
Access Controls
Policy Status
Part III: The People
Chapter 9: The Weakest Security Link—People
Why Workers Are the Weakest Link
USB
Email
Personalized Attacks
Cell Phone Cameras
Text Messages
Administrative Rights on Computers
Why Workers Need Regular Security Training
Risks of Not Doing Regular Training
Least Privilege
Protecting Secrets
Chapter 10: Employee Training
Passwords
Phishing
Banking Information
Personal Information
Login Details
Spear Phishing
Cat Phishing
Fake Links
Fake Receipts
Inbound Email Security
Index

📜 SIMILAR VOLUMES

Enterprise-Grade IT Security for Small a
📁 Enterprise-Grade IT Security for Small and Medium Businesses: Building Security Systems, in Plain English
✍ Denny Cherry 📂 Library 📅 2022 🏛 Apress 🌐 English

Understand the IT security features that are needed to secure the IT infrastructure of a small to medium-size business. This book will give IT managers and executives a solid understanding of the different technology solutions that their business relies upon–or should be employing–in order to make r

Information Systems Security: in Small a
📁 Information Systems Security: in Small and Medium-Sized Enterprises: Emerging Cybersecurity Threats in Turbulent Times
✍ Kennedy Njenga 📂 Library 📅 2022 🏛 Nova Science Publishers 🌐 English

This book is the outcome of a review of literature on the possible concerns and issues Small and Medium-Sized Enterprises (SMEs) would face when adopting the fourth industrial revolution (4IR) technologies. From a review of the current and past literature, this book disseminates insightful ideas and

Integrated security systems design : a c
📁 Integrated security systems design : a complete reference for building enterprise-wide digital security systems
✍ Thomas L Norman 📂 Library 📅 2015 🏛 Elsevier Butterworth-Hein, Butterworth-Heinemann 🌐 English

<p><i>Integrated Security Systems Design,</i><i>2nd Edition,</i> is recognized as the industry-leading book on the subject of security systems design. It explains how to design a fully integrated security system that ties together numerous subsystems into one complete, highly coordinated, and highly

Impacts and Risk Assessment of Technolog
📁 Impacts and Risk Assessment of Technology for Internet Security: Enabled Information Small-Medium Enterprises (TEISMES)
✍ Charles A. Shoniregun (auth.) 📂 Library 📅 2005 🏛 Springer US 🌐 English

<p><P>The explosive popularity of the Internet as a business tool has created a new type of economy, which is called Technology-Enabled Information Economy (TEI). <STRONG>Impacts and Risk Assessment of Technology for Internet Security Enabled Information Small-Medium Enterprises (TEISMES)</STRONG> i

Business Intelligence and Analytics in S
📁 Business Intelligence and Analytics in Small and Medium Enterprises
✍ Pedro Novo Melo; Carolina Machado 📂 Library 📅 2020 🏛 CRC Press 🌐 English

Technological developments in recent years have been tremendous. This evolution is visible in companies through technological equipment, computerized procedures, and management practices associated with technologies. One of the management practices that is visible is related to business intelligence