امنیت سایبری در اتاق هیئت مدیره: راهنمای مدیر برای تسلط بر اصول امنیت سایبری
Boardroom Cybersecurity: A Director's Guide to Mastering Cybersecurity Fundamentals
معرفی کتاب «امنیت سایبری در اتاق هیئت مدیره: راهنمای مدیر برای تسلط بر اصول امنیت سایبری» (با عنوان لاتین Boardroom Cybersecurity: A Director's Guide to Mastering Cybersecurity Fundamentals) نوشتهٔ Dan Weis، منتشرشده توسط نشر Apress L. P. در سال 2024. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
About the Author and why this book Preface Introduction How to Use This Book References Chapter 1: The Evolving Threat Landscape: Understanding Cyber Threats in the Digital Age 1.1 Traditional Threats with a Modern Twist 1.2 The Rise of New Threats 1.3 Key Questions for Your Organization 1.4 Key Takeaways References Chapter 2: Understanding the Who and Why 2.1 The Typical Methods Employed by Cybercriminal Gangs 2.2 Key Questions for Your Organization 2.3 Key Takeaways References Chapter 3: Director Responsibilities and Obligations 3.1 Australian Privacy Principles (APP 11) [12] 3.2 Real-World Example – Telstra APP Breach 3.3 Notifiable Data Breaches Scheme [13] 3.3.1 A Note on PHI vs. PII in the Context of the NDBS 3.4 The Corporations Act 2001 (Cth) [14] 3.5 Real-World Example – Corporation Act Failure 3.6 International Obligations for Cybersecurity and PII for Australian Organizations Operating Globally 3.7 Key Questions for Your Organization 3.8 Key Takeaways References Chapter 4: Common Cyber Governance Principles and Standards 4.1 AICD Cyber Security Governance Principles 4.2 ASIC Cybersecurity Requirements 4.3 APRA Prudential Standard – CPS 231/234 4.4 ASIC Cybersecurity Requirements vs. AICD Cyber Security Governance Principles vs. APRA Requirements for Cybersecurity 4.5 How They Work Together 4.6 Real-World Example – Sunshine Coast Health Network 4.7 Key Questions for Your Organization 4.8 Key Takeaways Chapter 5: Cybersecurity Frameworks 5.1 ACSC Essential Eight 5.2 NIST Cybersecurity Framework 5.3 CIS Controls 5.4 So, What Are the Differences Between These Three Frameworks, and Why Would I Choose One Over Another? 5.5 Cloud Controls Matrix (CCM) 5.6 Australian Energy Sector Cyber Security Framework (AESCSF) 5.7 Control Objectives for Information Technology (COBIT) 5.8 Australian Government Protective Security Policy Framework (PSPF) 5.9 Real-World Example – EnergyAustralia 5.10 Prioritizing Framework Adoption 5.11 Key Questions for Your Organization 5.12 Key Takeaways References Chapter 6: How They Work Together 6.1 First Layer – Cyber Governance and Principles 6.2 Second Layer – Cyber Frameworks 6.3 Third Layer – Controls/Processes 6.4 Fourth Layer – Compliance 6.5 Real-World Example – Qantas 6.6 MITRE ATT&CK 6.7 The Role of Threat Intelligence 6.8 Real-World Example – Threat Intelligence 6.9 Key Questions for Your Organization 6.10 Key Takeaways Chapter 7: Understanding Cyber Risk and Cyber Resilience 7.1 Oversight and Direction 7.1.1 Cyber Risk Appetite 7.1.2 Define Roles and Responsibilities 7.1.3 Board Training/Education 7.1.4 Reporting 7.1.5 Third-Party Guidance/Oversight 7.1.6 Understanding and Development of a Cybersecurity Strategy Best Practices for Developing a Cybersecurity Strategy 7.1.7 Key Questions for Your Organization 7.2 People 7.2.1 Attack Vectors Targeting People 7.2.2 Real-World Example – Attacks Against People 7.2.3 Mitigating People Risk 7.2.4 Mitigating Risks Associated with Hybrid Working Budget-Conscious Organizations and Zero Trust 7.2.5 Real-World Example – Hybrid Working Attack 7.2.6 Key Questions for Your Organization 7.3 Process and IT Functions 7.3.1 Attack Vectors Targeting Process and IT Functions 7.3.2 Lack of Internal IT Processes and Procedures 7.3.3 Underresourced Teams 7.3.4 Real-World Example – Helpful IT People That Are Underresourced and Missing IT Processes 7.3.5 Lack of Supply Chain Vetting 7.3.6 Real-World Example: Supply Chain Attack – Masquerading 7.3.7 How Do I Vet My Suppliers or Potential Suppliers? 7.3.8 Data 7.3.9 Governance of Data 7.3.10 Real-World Example – Data 7.3.11 Mitigating Risk Associated with Process and IT Functions Business Processes and Procedures IT Processes Systems Maintenance and Housekeeping Vulnerability Management and Patching Backups Housekeeping Practices That Increase Risk Data Governance and Missing Cleanup Practices Resources 7.3.12 Key Questions for Your Organization 7.4 Technology 7.4.1 Attack Vectors Targeting Technology 7.4.2 Mitigating Technology Risks 7.4.3 Multi-factor Authentication (MFA) 7.4.4 Passwords Passkeys 7.4.5 Password Manager 7.4.6 Endpoint Protection 7.4.7 Next-Gen Firewalls (NGFW) 7.4.8 Application Whitelisting 7.4.9 Email Filtering 7.4.10 USB Controls 7.4.11 Cloud Security Controls Microsoft 365 (M365)/Azure G-Suite (Google) 7.4.12 Real-World Example – Technology 7.4.13 Mitigating Risk Associated with Technology 7.4.14 Key Questions for Your Organization 7.5 Response and Visibility 7.5.1 In-House Security Teams and SOCs 7.5.2 What the Heck Is a SIEM? 7.5.3 The Role of Outsourced/External Security Providers 7.5.4 Threat Intelligence 7.5.5 Defining an Incident Response Plan 7.5.6 Testing of the Plan and Refinement 7.5.7 Real-World Example – Incident Response Plan Challenges 7.5.8 Resources and Funding 7.5.9 Cyber Insurance 7.5.10 Key Questions for Your Organization 7.6 Assurance and Compliance 7.6.1 Penetration Testing Types of Penetration Testing What Should I Be Testing? How Often Should I Be Performing Testing? What Should I Be Looking for in Choosing a Penetration Testing Firm? Experience and Certifications Testing Methodology Reputation and Reference Clients Approach Deliverables Costs Comparing Quotes 7.6.2 Vulnerability Scanning and Vulnerability Assessments (VA) Pentest vs. Vulnerability Assessment 7.6.3 Security Audits and Compliance Security Audits Compliance Audits 7.7 Key Questions for Your Organization 7.8 Key Takeaways References Chapter 8: We’ve Had an Incident 8.1 To Pay or Not to Pay a Ransom or Extortion 8.2 Understanding the Roles of Australian Agencies 8.3 The Executive and Board’s Responsibilities During a Breach/Significant Event 8.4 Real-World Example – Hollywood Presbyterian Medical Center 8.5 Key Questions for Your Organization 8.6 Key Takeaways Chapter 9: Understanding Penetration Testing Reports and Compliance Audits 9.1 Penetration Testing Reports 9.1.1 Understanding Scopes 9.1.2 Understanding Authentication 9.1.3 Understanding Severities 9.1.4 Putting It Together 9.1.5 How Fast Should We Fix Findings? Additional Factors to Consider Best Practices 9.1.6 Understanding Exploits and Exploitation 9.1.7 Benchmarking Benchmarking Pentests Effective Benchmarking 9.1.8 Mapping Pentest Results to Risk Reduction Director Duties 9.2 ISO 27001 Audit and Report Breakdown 9.2.1 Tips for Reading and Understanding an ISO 27001 Report 9.2.2 Benchmarking ISO 27001 Audit Results 9.2.3 Mapping ISO Audit Results to Risk Reduction Director Duties 9.3 Real-World Example – Certified Yet Compromised: The TalkTalk Incident 9.4 Key Questions for Your Organization 9.5 Key Takeaways References Appendix A Additional Resources A.1 AICD Resources A.2 ACSC Resources A.3 Other Cyber Security and Risk Resources Appendix B Glossary Other Glossaries Other Technology Glossaries Index df-614-4Gj1+3L._SL1253_.jpg
دانلود کتاب امنیت سایبری در اتاق هیئت مدیره: راهنمای مدیر برای تسلط بر اصول امنیت سایبری