وبلاگ بلیان

Effective Cybersecurity : A Guide to Using Best Practices and Standards

جلد کتاب Effective Cybersecurity : A Guide to Using Best Practices and Standards

معرفی کتاب «Effective Cybersecurity : A Guide to Using Best Practices and Standards» نوشتهٔ William Stallings، منتشرشده توسط نشر Addison-Wesley Professional در سال 2018. این کتاب در 6 صفحه، فرمت pdf، زبان انگلیسی ارائه شده است. «Effective Cybersecurity : A Guide to Using Best Practices and Standards» در دستهٔ برنامه‌نویسی قرار دارد.

The Practical, Comprehensive Guide to Applying Cybersecurity Best Practices and Standards in Real Environments In Effective Cybersecurity , William Stallings introduces the technology, operational procedures, and management practices needed for successful cybersecurity. Stallings makes extensive use of standards and best practices documents that are often used to guide or mandate cybersecurity implementation. Going beyond these, he offers in-depth tutorials on the “how” of implementation, integrated into a unified framework and realistic plan of action. Each chapter contains a clear technical overview, as well as a detailed discussion of action items and appropriate policies. Stallings offers many pedagogical features designed to help readers master the material: clear learning objectives, keyword lists, review questions, and QR codes linking to relevant standards documents and web resources. Effective Cybersecurity aligns with the comprehensive Information Security Forum document “The Standard of Good Practice for Information Security,” extending ISF’s work with extensive insights from ISO, NIST, COBIT, other official standards and guidelines, and modern professional, academic, and industry literature. • Understand the cybersecurity discipline and the role of standards and best practices • Define security governance, assess risks, and manage strategy and tactics • Safeguard information and privacy, and ensure GDPR compliance • Harden systems across the system development life cycle (SDLC) • Protect servers, virtualized systems, and storage • Secure networks and electronic communications, from email to VoIP • Apply the most appropriate methods for user authentication • Mitigate security risks in supply chains and cloud environments This knowledge is indispensable to every cybersecurity professional. Stallings presents it systematically and coherently, making it practical and actionable. About This E-Book Title Page Copyright Page Dedication Page Contents at a Glance Table of Contents Preface Background Organization of the Book Supporting Websites Acknowledgments About the Author and Contributors Technical Editors Chapter 1 Best Practices, Standards, and a Plan of Action 1.1 Defining Cyberspace and Cybersecurity 1.2 The Value of Standards and Best Practices Documents 1.3 The Standard of Good Practice for Information Security 1.4 The ISO/IEC 27000 Suite of Information Security Standards 1.5 Mapping the ISO 27000 Series to the ISF SGP 1.6 NIST Cybersecurity Framework and Security Documents 1.7 The CIS Critical Security Controls for Effective Cyber Defense 1.8 COBIT 5 for Information Security 1.9 Payment Card Industry Data Security Standard (PCI DSS) 1.10 ITU-T Security Documents 1.11 Effective Cybersecurity 1.12 Key Terms and Review Questions 1.13 References PART I Planning for Cybersecurity Chapter 2 Security Governance 2.1 Security Governance and Security Management 2.2 Security Governance Principles and Desired Outcomes 2.3 Security Governance Components 2.4 Security Governance Approach 2.5 Security Governance Evaluation 2.6 Security Governance Best Practices 2.7 Key Terms and Review Questions 2.8 References Chapter 3 Information Risk Assessment 3.1 Risk Assessment Concepts 3.2 Asset Identification 3.3 Threat Identification 3.4 Control Identification 3.5 Vulnerability Identification 3.6 Risk Assessment Approaches 3.7 Likelihood Assessment 3.8 Impact Assessment 3.9 Risk Determination 3.10 Risk Evaluation 3.11 Risk Treatment 3.12 Risk Assessment Best Practices 3.13 Key Terms and Review Questions 3.14 References Chapter 4 Security Management 4.1 The Security Management Function 4.2 Security Policy 4.3 Acceptable Use Policy 4.4 Security Management Best Practices 4.5 Key Terms and Review Questions 4.6 References PART II Managing the Cybersecurity Function Chapter 5 People Management 5.1 Human Resource Security 5.2 Security Awareness and Education 5.3 People Management Best Practices 5.4 Key Terms and Review Questions 5.5 References Chapter 6 Information Management 6.1 Information Classification and Handling 6.2 Privacy 6.3 Document and Records Management 6.4 Sensitive Physical Information 6.5 Information Management Best Practices 6.6 Key Terms and Review Questions 6.7 References Chapter 7 Physical Asset Management 7.1 Hardware Life Cycle Management 7.2 Office Equipment 7.3 Industrial Control Systems 7.4 Mobile Device Security 7.5 Physical Asset Management Best Practices 7.6 Key Terms and Review Questions 7.7 References Chapter 8 System Development 8.1 System Development Life Cycle 8.2 Incorporating Security into the SDLC 8.3 System Development Management 8.4 System Development Best Practices 8.5 Key Terms and Review Questions 8.6 References Chapter 9 Business Application Management 9.1 Application Management Concepts 9.2 Corporate Business Application Security 9.3 End User-Developed Applications (EUDAs) 9.4 Business Application Management Best Practices 9.5 Key Terms and Review Questions 9.6 References Chapter 10 System Access 10.1 System Access Concepts 10.2 User Authentication 10.3 Password-Based Authentication 10.4 Possession-Based Authentication 10.5 Biometric Authentication 10.6 Risk Assessment for User Authentication 10.7 Access Control 10.8 Customer Access 10.9 System Access Best Practices 10.10 Key Terms and Review Questions 10.11 References Chapter 11 System Management 11.1 Server Configuration 11.2 Virtual Servers 11.3 Network Storage Systems 11.4 Service Level Agreements 11.5 Performance and Capacity Management 11.6 Backup 11.7 Change Management 11.8 System Management Best Practices 11.9 Key Terms and Review Questions 11.10 References Chapter 12 Networks and Communications 12.1 Network Management Concepts 12.2 Firewalls 12.3 Virtual Private Networks and IP Security 12.4 Security Considerations for Network Management 12.5 Electronic Communications 12.6 Networks and Communications Best Practices 12.7 Key Terms and Review Questions 12.8 References Chapter 13 Supply Chain Management and Cloud Security 13.1 Supply Chain Management Concepts 13.2 Supply Chain Risk Management 13.3 Cloud Computing 13.4 Cloud Security 13.5 Supply Chain Best Practices 13.6 Key Terms and Review Questions 13.7 References Chapter 14 Technical Security Management 14.1 Security Architecture 14.2 Malware Protection Activities 14.3 Malware Protection Software 14.4 Identity and Access Management 14.5 Intrusion Detection 14.6 Data Loss Prevention 14.7 Digital Rights Management 14.8 Cryptographic Solutions 14.9 Cryptographic Key Management 14.10 Public Key Infrastructure 14.11 Technical Security Management Best Practices 14.12 Key Terms and Review Questions 14.13 References Chapter 15 Threat and Incident Management 15.1 Technical Vulnerability Management 15.2 Security Event Logging 15.3 Security Event Management 15.4 Threat Intelligence 15.5 Cyber Attack Protection 15.6 Security Incident Management Framework 15.7 Security Incident Management Process 15.8 Emergency Fixes 15.9 Forensic Investigations 15.10 Threat and Incident Management Best Practices 15.11 Key Terms and Review Questions 15.12 References Chapter 16 Local Environment Management 16.1 Local Environment Security 16.2 Physical Security 16.3 Local Environment Management Best Practices 16.4 Key Terms and Review Questions 16.5 References Chapter 17 Business Continuity 17.1 Business Continuity Concepts 17.2 Business Continuity Program 17.3 Business Continuity Readiness 17.4 Business Continuity Operations 17.5 Business Continuity Best Practices 17.6 Key Terms and Review Questions 17.7 References PART III Security Assessment Chapter 18 Security Monitoring and Improvement 18.1 Security Audit 18.2 Security Performance 18.3 Security Monitoring and Improvement Best Practices 18.4 Key Terms and Review Questions 18.5 References Appendix A References and Standards References List of NIST, ITU-T, and ISO Documents Referenced in the Book Appendix B Glossary Index Appendix C Answers to Review Questions William Stallings Effective Cybersecurity offers a comprehensive and unified explanation of the best practices and standards that represent proven, consensus techniques for implementing cybersecurity. Stallings draws on the immense work that has been collected in multiple key security documents, making this knowledge far more accessible than it has ever been before. Effective Cybersecurity is organized to align with the comprehensive Information Security Forum document The Standard of Good Practice for Information Security, but deepens, extends, and complements ISFs work with extensive insights from the ISO 27002 Code of Practice for Information Security Controls, the NIST Framework for Improving Critical Infrastructure Cybersecurity, COBIT 5 for Information Security, and a wide spectrum of standards and guidelines documents from ISO, ITU-T, NIST, Internet RFCs, other official sources, and the professional, academic, and industry literature. In a single expert source, current and aspiring cybersecurity practitioners will find comprehensive and usable practices for successfully implementing cybersecurity within any organization. Stallings Beyond requiring a basic understanding of cryptographic terminology and applications, this book is all technology areas are explained without requiring other reference material. Each chapter contains a clear technical overview, as well as a detailed discussion of action items and appropriate policies. Stallings, author of 13 TAA Computer Science Textbooks of the Year, offers many pedagogical features designed to help readers master the material. These clear learning objectives, keyword lists, and glossaries to QR codes linking to relevant standards documents and web resources. "In Effective Cybersecurity, William Stallings introduces the technology, operational procedures, and management practices needed for successful cybersecurity. Stallings makes extensive use of standards and best practices documents that are often used to guide or mandate cybersecurity implementation. Going beyond these, he offers in-depth tutorials on the 'how' of implementation, integrated into a unified framework and realistic plan of action. Effective Cybersecurity aligns with the comprehensive Information Security Forum document 'The Standard of Good Practice for Information Security,' extending ISF's work with extensive insights from ISO, NIST, COBIT, other official standards and guidelines, and modern professional, academic, and industry literature. This knowledge is indispensable to every cybersecurity professional. Stallings presents it systematically and coherently, making it practical and actionable"--Back cover
دانلود کتاب Effective Cybersecurity : A Guide to Using Best Practices and Standards