وبلاگ بلیان

Infosec Strategies and Best Practices: Gain proficiency in information security using expert-level strategies and best practices

معرفی کتاب «Infosec Strategies and Best Practices: Gain proficiency in information security using expert-level strategies and best practices» نوشتهٔ Joseph MacMillan، منتشرشده توسط نشر Packt Publishing در سال 2021. این کتاب در 5 صفحه، فرمت pdf، زبان انگلیسی ارائه شده است.

**Advance your career as an information security professional by turning theory into robust solutions to secure your organization** ## Key Features * Convert the theory of your security certifications into actionable changes to secure your organization * Discover how to structure policies and procedures in order to operationalize your organization's information security strategy * Learn how to achieve security goals in your organization and reduce software risk ## Book Description Information security and risk management best practices enable professionals to plan, implement, measure, and test their organization's systems and ensure that they're adequately protected against threats. The book starts by helping you to understand the core principles of information security, why risk management is important, and how you can drive information security governance. You'll then explore methods for implementing security controls to achieve the organization's information security goals. As you make progress, you'll get to grips with design principles that can be utilized along with methods to assess and mitigate architectural vulnerabilities. The book will also help you to discover best practices for designing secure network architectures and controlling and managing third-party identity services. Finally, you will learn about designing and managing security testing processes, along with ways in which you can improve software security. By the end of this infosec book, you'll have learned how to make your organization less vulnerable to threats and reduce the likelihood and impact of exploitation. As a result, you will be able to make an impactful change in your organization toward a higher level of information security. ## What you will learn * Understand and operationalize risk management concepts and important security operations activities * Discover how to identify, classify, and maintain information and assets * Assess and mitigate vulnerabilities in information systems * Determine how security control testing will be undertaken * Incorporate security into the SDLC (software development life cycle) * Improve the security of developed software and mitigate the risks of using unsafe software ## Who this book is for If you are looking to begin your career in an information security role, then this book is for you. Anyone who is studying to achieve industry-standard certification such as the CISSP or CISM, but looking for a way to convert concepts (and the seemingly endless number of acronyms) from theory into practice and start making a difference in your day-to-day work will find this book useful. ## Table of Contents 1. InfoSec and Risk Management 2. Protecting the Security of Assets 3. Designing Secure Information Systems 4. Designing and Protecting Network Security 5. Controlling Access and Managing Identity 6. Designing and Managing Security Testing Processes 7. Owning Security Operations 8. Improving the Security of Software Cover Title Page Copyright and Credits Contributors Table of Contents Preface Section 1: Information Security Risk Management and Governance Chapter 1: InfoSec and Risk Management Basic InfoSec terminology Understanding why risk management is important Understanding assets Understanding vulnerabilities Performing a basic risk assessment Defining and calculating impact Defining and calculating likelihood Calculating risk Risk appetite, risk treatment, and risk acceptance Considering legal regulations, investigations, and compliance structures Compliance structures Understanding legal and regulatory requirements Responding to and undertaking investigations Further compliance optimization Proven methodologies in creating a strategy Creating InfoSec policies, procedures, and playbooks Establishing and maintaining a security awareness, education, and training program Managing third-party risk Continual improvement and reporting Summary Chapter 2: Protecting the Security of Assets Implementing an ISMS Responsibilities of top management Developing an ISMS Educating members of your organization Evaluating the effectiveness of the ISMS Improving the policy Identifying and classifying information assets Structuring information asset classifications Determining the roles for assets Methods of identifying and protecting information assets Retention policies Securing information assets Disposing of assets Data remnants Summary Section 2: Closing the Gap: How to Protect the Organization Chapter 3: Designing Secure Information Systems Understanding the risks your organization faces Threats, threat actors, and motivations Vulnerabilities System exploitation methods Best practices in assessing and mitigating vulnerabilities Hardware security Software security Network security Physical security Selecting appropriate controls/defense against the dark arts Best practices in designing secure information systems Secure design principles Well-known controls and their mitigations Considering alternative devices Summary Chapter 4: Designing and Protecting Network Security Designing secure network architectures Internet Protocol suite and the OSI model Network components and protocols Network devices and applications Attacks, defense, and detection Strategies for protecting network security Creating a policy Keep it simple Business continuity and disaster recovery Backup and restore procedures Insider threat mitigations/third-party threats Software and firmware updates Ensuring secure communication Cloud network security Education and awareness Security Operations Centre Chapter 5: Controlling Access and Managing Identity Access control models and concepts State machine model Information flow model Confidentiality models Integrity models Real-world access control models Selecting and implementing authentication and authorization mechanisms Authentication versus authorization Authentication and security Authorization Identity and access management (IAM) Leveraging identity services Controlling physical access to assets Physical access control Electronic access control Preventing exploitation Summary Section 3: Operationalizing Information Security Chapter 6: Designing and Managing Security Testing Processes Preparing for security assessments Defining your requirements Understanding the different types of security assessments Automated assessments and scanning Internal assessments Third-party assessments Best practices in performing security assessments Interpreting results from security assessments Summary Chapter 7: Owning Security Operations Effective strategies in provisioning resources and maintaining assets Provisioning resources Focusing on availability, disaster recovery, and business continuity Defining, implementing, and testing disaster recovery processes Managing business continuity design, planning, and testing Implementing and managing physical security Managing upgrades, patching, and applying security controls Education Change control Security improvement program Investigating events and responding to incidents Defining your incident response plans Performing security investigations Implementing and utilizing detective controls Using security monitoring to improve visibility Security monitoring best practices Establish requirements and define workflows Define specific rules and ensure their effectiveness Continuously improve your SIEM configuration and incident response policies Summary Chapter 8: Improving the Security of Software Exploring software security paradigms Buyer beware Legal documentation Understanding the secure development life cycle Compatibility with various software development methodologies Defining business and security requirements Designing secure software Testing plans for secure software Securing software development Testing the software Utilizing the OWASP Top 10 Proactive Controls Define security requirements Leverage security frameworks and libraries Secure database access Encode and escape data Validate all inputs Implement digital identity Enforce access controls Protect data everywhere Implement security logging and monitoring Handle all errors and exceptions Assessing software security Reducing the risk from software developed by a third-party vendor Improving the security of in-house software Summary Why subscribe? Other Books You May Enjoy About PACKT Index A comprehensive guide to securing your Linux system against cyberattacks and intrudersKey FeaturesDeliver a system that reduces the risk of being hackedExplore a variety of advanced Linux security techniques with the help of hands-on labsMaster the art of securing a Linux environment with this end-to-end practical guideBook DescriptionFrom creating networks and servers to automating the entire working environment, Linux has been extremely popular with system administrators for the last couple of decades. However, security has always been a major concern. With limited resources available in the Linux security domain, this book will be an invaluable guide in helping you get your Linux systems properly secured. Complete with in-depth explanations of essential concepts, practical examples, and self-assessment questions, this book begins by helping you set up a practice lab environment and takes you through the core functionalities of securing Linux. You'll practice various Linux hardening techniques and advance to setting up a locked-down Linux server. As you progress, you will also learn how to create user accounts with appropriate privilege levels, protect sensitive data by setting permissions and encryption, and configure a firewall. The book will help you set up mandatory access control, system auditing, security profiles, and kernel hardening, and finally cover best practices and troubleshooting techniques to secure your Linux environment efficiently. By the end of this Linux security book, you will be able to confidently set up a Linux server that will be much harder for malicious actors to compromise.What you will learnCreate locked-down user accounts with strong passwordsConfigure firewalls with iptables, UFW, nftables, and firewalldProtect your data with different encryption technologiesHarden the secure shell service to prevent security break-insUse mandatory access control to protect against system exploitsHarden kernel parameters and set up a kernel-level auditing systemApply OpenSCAP security profiles and set up intrusion detectionConfigure securely the GRUB 2 bootloader and BIOS/UEFIWho this book is forThis book is for Linux administrators, system administrators, and network engineers interested in securing moderate to complex Linux environments. Security consultants looking to enhance their Linux security skills will also find this book useful. Working experience with the Linux command line and package management is necessary to understand the concepts covered in this book. A comprehensive guide to securing your Linux system against cyberattacks and intruders Key Features Deliver a system that reduces the risk of being hacked Explore a variety of advanced Linux security techniques with the help of hands-on labs Master the art of securing a Linux environment with this end-to-end practical guide Book Description From creating networks and servers to automating the entire working environment, Linux has been extremely popular with system administrators for the last couple of decades. However, security has always been a major concern. With limited resources available in the Linux security domain, this book will be an invaluable guide in helping you get your Linux systems properly secured. Complete with in-depth explanations of essential concepts, practical examples, and self-assessment questions, this book begins by helping you set up a practice lab environment and takes you through the core functionalities of securing Linux. You'll practice various Linux hardening techniques and advance to setting up a locked-down Linux server. As you progress, you will also learn how to create user accounts with appropriate privilege levels, protect sensitive data by setting permissions and encryption, and configure a firewall. The book will help you set up mandatory access control, system auditing, security profiles, and kernel hardening, and finally cover best practices and troubleshooting techniques to secure your Linux environment efficiently. By the end of this Linux security book, you will be able to confidently set up a Linux server that will be much harder for malicious actors to compromise. What you will learn Create locked-down user accounts with strong passwords Configure firewalls with iptables, UFW, nftables, and firewalld Protect your data with different encryption technologies Harden the secure shell service to prevent security break-ins Use mandatory access control to protect against system exploits Harden kernel parameters and set up a kernel-level auditing system Apply OpenSCAP security profiles and set up intrusion detection Configure securely the GRUB 2 bootloader and BIOS/UEFI Who this book is for This book is for Linux administrators, system administrators, and network engineers interested in securing moderate to complex Linux environments. Security consultants looking to enhance their Linux security skills will also find this book useful. Working experience with the Linux command line and package management is.. Learn from Ian Neil, one of the world's top CompTIA Security+ trainers in the world, and enhance your analytical skills to pass the CompTIA Security+ SY0-501 exam Key Features Become a pro at answering questions from all six of the domains of the SY0-501 exam Learn about cryptography algorithms, security policies, and their real-world implementations Solve practice tests that complement the official CompTIA Security+ certification exam Book Description CompTIA Security+ is a core security certification that will validate your baseline skills for a career in cybersecurity. Passing this exam will not only help you identify security incidents but will also equip you to resolve them efficiently. This book builds on the popular CompTIA Security+ Certification Guide, which mirrors the SY0-501 exam pattern. This practice test-based guide covers all six domains of the Security+ SY0-501 exam: threats, attacks, and vulnerabilities; technologies and tools; architecture and design; identity and access management; cryptography and PKI; and risk management. You'll take six mock tests designed as per the official Security+ certification exam pattern, each covering significant aspects from an examination point of view. For each domain, the book provides a dedicated cheat sheet that includes important concepts covered in the test. You can even time your tests to simulate the actual exam. These tests will help you identify gaps in your knowledge and discover answers to tricky exam questions. By the end of this book, you'll have developed and enhanced the skills necessary to pass the official CompTIA Security+ exam. What you will learn Understand how prepared you are for the CompTIA Security+ certification Identify different types of security threats, attacks, and vulnerabilities Explore identity and access management in an enterprise environment Protect your business tools and platforms from cyberattacks Create and maintain a secure network Understand how you can protect your data Discover encryption techniques required to protect against various cyber threat scenarios Who this book is for If you are a security administrator, a system or network administrator, or anyone who wants to pass the CompTIA Security+ exam, this book is for you. This book is an ideal resource for students who want a career or degree in cybersecurity or are studying for the CISSP certification exam From creating networks and servers to automating the entire working environment, Linux has been extremely popular with system administrators for the last couple of decades. However, security has always been a major concern. With limited resources available in the Linux security domain, this book will be an invaluable guide in helping you get your Linux system properly secured. Complete with in-depth explanations of essential concepts, practical examples, and self-assessment questions, this book begins by helping you set up a practice lab environment and takes you through the core functionalities of securing Linux. You'll practice various Linux hardening techniques and advance to settint up a locked-down Linux server. As you progress, you will also learn how to create user accounts with appropriate privilege levels, protect sensitive data by setting permissions and encryption, and configure a firewall. The book will help you set up mandatory access control, system auditing, security profiles, and kernel hardening, and finally cover best practices and troubleshooting techniques to secure your Linux environment efficiently. By the end of this Linux security book, you will be able to confidently set up a Linux server that will be much harder for malicious actors to compromise Information security strategies and best practices help in filling the gap that exists between theory and reality. The book starts by showing you how to implement risk management and governance structures into your organization and goes on to cover the best methods for operationalizing your information security strategy. Hardening a Linux system can make it much more difficult for an attacker to exploit it. This book will enable system administrators and network engineers to protect their Linux systems, and the sensitive data on those systems.
دانلود کتاب Infosec Strategies and Best Practices: Gain proficiency in information security using expert-level strategies and best practices