Table of Contents
About the Authors
About the Technical Reviewers
Acknowledgments
Introduction
Please check our GitHub page
Chapter 1: The Cybersecurity Challenge
Types of Threats
Who Are These People?
How Do Cyberattacks Happen?
What Can We Do?
Summary
Chapter 2: International Security Standards
ISO 27001 and ISO 27002
Information Security Policies (Clause A.5)
Organization of Information Security (Clause A.6)
Human Resource Security (Clause A.7)
Before Hiring
Employees
Termination and reassignment
Asset Management (Clause A.8)
Access Control (Clause A.9)
Cryptography (Clause A.10)
Physical and Environmental Security (Clause A.11)
Operations Security (Clause A.12)
Communications Security (Clause A.13)
System Acquisition, Development, and Maintenance (Clause A.14)
Supplier Relationships (Clause A.15)
Incident Management (Clause A.16)
Business Continuity Management (Clause A.17)
Compliance (Clause A.18)
ISO 27002
PCI DSS
Goal 1: Build and Maintain a Secure Network
Goal 2: Protect Cardholder Data
Goal 3: Maintain a Vulnerability Management Program
Goal 4: Implement Strong Access Control Measures
Goal 5: Regularly Monitor and Test Networks
Goal 6: Maintain a Policy That Addresses Information Security
Prioritization
SWIFT: Customer Security Controls Framework
Summary
Chapter 3: Information Security Frameworks
NIST Frameworks
NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations
NIST SP 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems
NIST Cybersecurity Framework
COBIT 5 for Information Security
COBIT 5 Process Goals Applied to Information Security
Other Regulatory Frameworks
CIS Controls
Saudi Arabia Monetary Authority (SAMA) Cybersecurity Framework
Reserve Bank of India
FIFA World Cup Qatar 2022
Monetary Authority of Singapore
BDDK
Others
Summary
Chapter 4: IT Security Technical Controls
Off-Premises Unmanaged Devices
MDM: Mobile Device Management
MAM: Mobile Application Management
NAC: Network Access Control
Multi-Factor Authentication
RASP for Mobile Applications
Secure Connections
OSI Model
TCP/IP Model
IPsec, SSH, and TLS
IPsec
SSH
TLS
Clean Pipes
DDoS Mitigation
Managed Devices
Directory Service Integration
Centralized Endpoint Management
TPM: Trusted Platform Module
VPN Client
NAC: Network Access Control
Data Classification
UAM: User Activity Monitoring
Endpoint Protection
Phishing Reporting Tool
Host IPS or EDR
Desktop Firewall
Antivirus
Antispyware
Full-Disk Encryption
Application Control and Application Whitelisting
Perimeter Security
Firewalls
Intrusion Detection and Intrusion Protection Systems
Proxy and Content (URL) Filtering
DLP: Data Loss Prevention
Honeypot
WAF: Web Application Firewall
SSL VPN
DNS
Internal DNS Servers
External DNS Servers
Message Security
Directory Integration for External Applications
Sandbox
File Integrity
Encrypted Email
On-Premises Support Controls
Access Control
Secure VLAN Segmentation
Security Baselines
Redundancy
Load Balancing
Encryption
Multi-tier and Multi-layer
Multi-layering
Multi-tiering
TLS Decryption
Perimeter Static Routing
Heartbeat Interfaces
Disaster Recovery
Time Synchronization
Log Concentrator
Routing and Management Networks
Management Networks
Perimeter Routing Networks
Centralized Management
Physical Network Segmentation
Sinkhole
Public Key Infrastructure
Security Monitoring and Enforcement
Privileged Access Management
Security Information and Event Management
Database Activity Monitoring
Single Sign-on
Risk Register
Chapter 5: Corporate Information Security Processes and Services
Security Governance
Policies and Procedures
Cybersecurity and Risk Assessment
Penetration Testing
Red Teaming
Code Review and Testing
Compliance Scans
Vulnerability Scans
CVSS: Common Vulnerability Scoring System
CVE: Common Vulnerabilities and Exposures
CCE: Common Configuration Enumeration
CPE: Common Platform Enumeration
XCCDF: Extensible Configuration Checklist Description Format
OVAL: Open Vulnerability and Assessment Language
Vulnerability Scanning Procedures
Firewalls and Network Devices Assurance
Security Operations Center
Incident Response and Recovery
Preparation
Detection and Analysis
Containment, Eradication, and Recovery
Post-Incident Activity
Threat Hunting
Threat Intelligence
Security Engineering
Asset Management
Media Sanitation
Configuration and Patch Management
Security Architecture
Chapter 6: People
Security Awareness
Security Training
Chapter 7: Security Metrics
Governance and Oversight
Antivirus and Anti-Malware Metrics
Clean Pipes
Network Security
Internet Access: Proxy and Content Filtering
Security Awareness and Training
Firewall Management
Enterprise Mobility Management
Incident Management and Response
Vulnerability Management
Penetration Testing, Code Review, and Security Assessments
Change Management
Access Control
Other Metrics
Summary
Chapter 8: Case Studies
Target Data Breach
DynDNS Distributed Denial-of-Service Attack
� NHS WannaCry Ransomware
Chapter 9: Security Testing and Attack Simulation Tools
Penetration Testing Tools
Information Gathering and Intelligence
Sniffers
Vulnerability Scanning
Web Application Vulnerability Scanning
SQL Injection
Network Tools
Breach and Attack Simulation
System Information Tools
Password Cracking
Session Hijacking
Steganography
Windows Log Tools
Wireless Network Tools
Bluetooth Attacks
Website Mirroring
Intrusion Detection
Mobile Devices
Social Engineering
IoT (Internet of Things)
User Awareness: eLearning
Forensics and Incident Response
HoneyPots
Summary
Appendix 1: IT Security Technical Controls, Processes, and Services Matrix
Appendix 2: Information Security Certifications
Appendix 3: Knowledge, Skills and Abilities (KSAs)
Appendix 4: Resource Library
Index