𝔖 Scriptorium
✦   LIBER   ✦
πŸ“

Executive's Cybersecurity Program Handbook: A comprehensive guide to building and operationalizing a complete cybersecurity program

✍ Scribed by Jason Brown

Publisher
Packt Publishing
Tongue
English
Leaves
232
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

Develop strategic plans for building cybersecurity programs and prepare your organization for compliance investigations and audits

Key Features

  • Get started as a cybersecurity executive and design an infallible security program
  • Perform assessments and build a strong risk management framework
  • Promote the importance of security within the organization through awareness and training sessions

Book Description

Ransomware, phishing, and data breaches are major concerns affecting all organizations as a new cyber threat seems to emerge every day, making it paramount to protect the security of your organization and be prepared for potential cyberattacks. This book will ensure that you can build a reliable cybersecurity framework to keep your organization safe from cyberattacks.

This Executive's Cybersecurity Program Handbook explains the importance of executive buy-in, mission, and vision statement of the main pillars of security program (governance, defence, people and innovation). You'll explore the different types of cybersecurity frameworks, how they differ from one another, and how to pick the right framework to minimize cyber risk. As you advance, you'll perform an assessment against the NIST Cybersecurity Framework, which will help you evaluate threats to your organization by identifying both internal and external vulnerabilities. Toward the end, you'll learn the importance of standard cybersecurity policies, along with concepts of governance, risk, and compliance, and become well-equipped to build an effective incident response team.

By the end of this book, you'll have gained a thorough understanding of how to build your security program from scratch as well as the importance of implementing administrative and technical security controls.

What you will learn

  • Explore various cybersecurity frameworks such as NIST and ISO
  • Implement industry-standard cybersecurity policies and procedures effectively to minimize the risk of cyberattacks
  • Find out how to hire the right talent for building a sound cybersecurity team structure
  • Understand the difference between security awareness and training
  • Explore the zero-trust concept and various firewalls to secure your environment
  • Harden your operating system and server to enhance the security
  • Perform scans to detect vulnerabilities in software

Who this book is for

This book is for you if you are a newly appointed security team manager, director, or C-suite executive who is in the transition stage or new to the information security field and willing to empower yourself with the required knowledge. As a Cybersecurity professional, you can use this book to deepen your knowledge and understand your organization's overall security posture. Basic knowledge of information security or governance, risk, and compliance is required.

Table of Contents

  1. The First 90 Days
  2. Choosing the Right Cybersecurity Framework
  3. Cybersecurity Strategic Planning through the Assessment Process
  4. Establishing Governance through Policy
  5. The Security Team
  6. Risk Management
  7. Incident Response
  8. Security Awareness and Training
  9. Network Security
  10. Computer and Server Security
  11. Securing Software Development through DevSecOps
  12. Testing Your Security and Building Metrics

✦ Table of Contents

Cover
Title Page
Copyright and Credits
Dedication
Contributors
Table of Contents
Preface
Part 1 – Getting Your Program Off the Ground
Chapter 1: The First 90 Days
Getting executive buy-in
Budget or no budget?
Vision statements
Mission statements
Program charters
Purpose
Scope
Responsibilities
Those responsible for the charter
The pillars of your cybersecurity program
Summary
References
Chapter 2: Choosing the Right Cybersecurity Framework
What is a cybersecurity framework?
Types of cybersecurity frameworks
Examining security as a checkbox
Understanding continual improvement
Selecting the right framework
The framework used in this book
Summary
References
Chapter 3: Cybersecurity Strategic Planning through the Assessment Process
Developing your cybersecurity strategy
Who should perform the assessment?
Preparing for the assessment
Drafting an engagement letter
Project initiation and information gathering
Performing the assessment
Wrapping up the assessment
Administrative review of policy documents using the NIST CSF
A technical review using the CIS controls
Understanding the current and future state of your program
Developing goals
The exit interview
Summary
References
Part 2 – Administrative Cybersecurity Controls
Chapter 4: Establishing Governance through Policy
The importance of governance
The importance of policy documents
Exploring PSPs
Policies
Standards
Procedures
Policy workflow
Getting executive sign-off for policy documents
Creating new policies
Reviewing policies
Building a framework layout
Exploring policy objectives
Summary
References
Chapter 5: The Security Team
The need for more security professionals
Applying NIST NICE framework to your organization
Exploring cybersecurity roles
Cybersecurity analysts
Cybersecurity engineers
Cybersecurity architects
Cybersecurity compliance specialists
Head of security
Exploring cybersecurity architectural frameworks
SABSA
TOGAF
OSA
Staffing – insourcing versus outsourcing
Structuring the cybersecurity team
Summary
References
Chapter 6: Risk Management
Why do we need risk management?
Exploring IT risks
Human
Technology
Environmental
The NIST RMF
Tier 1 – organizational risk
Tier 2 – mission/business process
Tier 3 – information systems
Applying risk management to IT resources
Categorize
Select
Implement
Assess
Authorize
Monitor
Documenting in the SSP
What is a risk register?
Driving to a resolution
Summary
References
Chapter 7: Incident Response
NIST incident response methodology
Preparation
Detection and analysis
Containment, eradication, and recovery
Post-incident activity
Incident response playbooks
Train like we fight
Walk-through exercises
Tabletop exercises
Live action exercises
Summary
References
Chapter 8: Security Awareness and Training
Understanding security awareness, training, and education
Awareness
Training
Education
Setting up a security training program
Establishing the need for a security training program
Obtaining executive support
Developing metrics
Examining course objectives
Continuous improvement
Training for compliance
Summary
References
Part 3 – Technical Controls
Chapter 9: Network Security
The history of the internet
The OSI model
The first three OSI layers
IPv4 addressing and micro-segmentation
Traditional network security
Traffic inspection
Networks of today
Building trust into the network
Virtual private networking and remote access
Getting to know the β€œzero trust” concept
Understanding firewall functionality
Web application firewalls
DNS firewalls
Distributed denial of service
Summary
References
Chapter 10: Computer and Server Security
The history of operating systems
Exploring server hardening steps
Operating system patching
Least privilege
Removing unneeded services
Host-based security
Picking the right password
MFA
Secure software configurations
Changing system defaults
Remote management
Zero trust
Dangers of TOFU
The IoT
Understanding encryption
Digital signatures
Protecting the private key
Summary
References
Chapter 11: Securing Software Development through DevSecOps
Why introduce cybersecurity early?
A new style in project management
The six principles of DevSecOps
Planning
Building
Testing
Deploying
Operating
Code reviews
Static application security testing
Dynamic application security testing
Software composition analysis
Open source licensing
Copyright licenses
Copyleft licenses
Permissive licenses
Gitflow branching
Secure coding checklists
NIST
SEI
OWASP
Embedded secrets
Summary
References
Chapter 12: Testing Your Security and Building Metrics
Understanding your requirements
Business requirements
Regulatory requirements
Continuous evaluation of your security program
Maintaining corporate security
Maintaining third-party security
Why CARE about metrics?
Vulnerability metrics
Incident reporting – red team versus blue team
Reporting to the executive team and BoD
System security plans and the risk register
A risk heat map
Balanced scorecard
Summary
References
Index
Other Books You May Enjoy
About Packt

πŸ“œ SIMILAR VOLUMES

Executive's Cybersecurity Program Handbo
πŸ“ Executive's Cybersecurity Program Handbook: A comprehensive guide to building and operationalizing a complete cybersecurity program
✍ Jason Brown πŸ“‚ Library πŸ“… 2023 πŸ› Packt Publishing 🌐 English

<p><span>Develop strategic plans for building cybersecurity programs and prepare your organization for compliance investigations and audits</span></p><h4><span>Key Features</span></h4><ul><li><span><span>Get started as a cybersecurity executive and design an infallible security program</span></span>

Executive's Cybersecurity Program Handbo
πŸ“ Executive's Cybersecurity Program Handbook: A comprehensive guide to building and operationalizing a complete cybersecurity program
✍ Jason Brown πŸ“‚ Library πŸ› Packt Publishing 🌐 English

<p><span>Develop strategic plans for building cybersecurity programs and prepare your organization for compliance investigations and audits</span></p><h4><span>Key Features</span></h4><ul><li><span><span>Get started as a cybersecurity executive and design an infallible security program</span></span>

CyberSecurity Demystified: A compact ref
πŸ“ CyberSecurity Demystified: A compact reference guide to cybersecurity
✍ Peter Theobald πŸ“‚ Library 🌐 English

<span>Cybersecurity has become a complex field with a huge number of technologies, products and services. This book demystifies cybersecurity with an overview of the key concepts in easy-to-understand language. It will be helpful to non-technical business leaders, cybersecurity practitioners who wan

Enterprise cybersecurity study guide: ho
πŸ“ Enterprise cybersecurity study guide: how to build a successful cyberdefense program against advanced threats
✍ Aslam, Abdul;Donaldson, Scott E.;Siegel, Stanley G.;Williams, Chris K πŸ“‚ Library πŸ“… 2018 πŸ› Apress 🌐 English

Use the methodology in this study guide to design, manage, and operate a balanced enterprise cybersecurity program that is pragmatic and realistic in the face of resource constraints and other real-world limitations. This guide is an instructional companion to the book Enterprise Cybersecurity: How