Description
Book SynopsisTable of ContentsIntroduction Assessment Test xxi
Chapter 1 Today’s Information Security Manager 1
Information Security Objectives 2
Role of the Information Security Manager 3
Chief Information Security Officer 4
Lines of Authority 4
Organizing the Security Team 5
Roles and Responsibilities 7
Information Security Risks 8
The DAD Triad 8
Incident Impact 9
Building an Information Security Strategy 12
Threat Research 12
SWOT Analysis 13
Gap Analysis 13
Creating SMART Goals 16
Alignment with Business Strategy 16
Leadership Support 17
Internal and External Influences 17
Cybersecurity Responsibilities 18
Communication 19
Action Plans 19
Implementing Security Controls 20
Security Control Categories 21
Security Control Types 21
Data Protection 23
Summary 25
Exam Essentials 25
Review Questions 27
Chapter 2 Information Security Governance and Compliance 31
Governance 33
Corporate Governance 33
Governance, Risk, and Compliance Programs 35
Information Security Governance 35
Developing Business Cases 36
Third- Party Relationships 37
Understanding Policy Documents 38
Policies 38
Standards 40
Procedures 42
Guidelines 43
Exceptions and Compensating Controls 44
Developing Policies 45
Complying with Laws and Regulations 46
Adopting Standard Frameworks 47
Cobit 47
NIST Cybersecurity Framework 49
NIST Risk Management Framework 52
ISO Standards 53
Benchmarks and Secure Configuration Guides 54
Security Control Verification and Quality Control 56
Summary 57
Exam Essentials 57
Review Questions 59
Chapter 3 Information Risk Management 63
Analyzing Risk 65
Risk Identification 66
Risk Calculation 67
Risk Assessment 68
Risk Treatment and Response 72
Risk Mitigation 73
Risk Avoidance 74
Risk Transference 74
Risk Acceptance 75
Risk Analysis 75
Disaster Recovery Planning 78
Disaster Types 78
Business Impact Analysis 79
Privacy 79
Sensitive Information Inventory 80
Information Classification 80
Data Roles and Responsibilities 82
Information Lifecycle 83
Privacy- Enhancing Technologies 83
Privacy and Data Breach Notification 84
Summary 84
Exam Essentials 85
Review Questions 86
Chapter 4 Cybersecurity Threats 91
Chapter 5 Exploring Cybersecurity Threats 92
Classifying Cybersecurity Threats 92
Threat Actors 94
Threat Vectors 99
Threat Data and Intelligence 101
Open Source Intelligence 101
Proprietary and Closed Source Intelligence 104
Assessing Threat Intelligence 105
Threat Indicator Management and Exchange 107
Public and Private Information Sharing Centers 108
Conducting Your Own Research 108
Summary 109
Exam Essentials 109
Review Questions 111
Information Security Program Development and Management 115
Information Security Programs 117
Establishing a New Program 117
Maintaining an Existing Program 121
Security Awareness and Training 123
User Training 123
Role- Based Training 124
Ongoing Awareness Efforts 124
Managing the Information Security Team 125
Hiring Team Members 126
Developing the Security Team 126
Managing the Security Budget 127
Organizational Budgeting 127
Fiscal Years 127
Expense Types 128
Budget Monitoring 129
Integrating Security with Other Business Functions 130
Procurement 130
Accounting 133
Human Resources 133
Information Technology 135
Audit 138
Summary 139
Exam Essentials 139
Review Questions 141
Chapter 6 Security Assessment and Testing 145
Vulnerability Management 146
Identifying Scan Targets 146
Determining Scan Frequency 148
Configuring Vulnerability Scans 149
Scanner Maintenance 154
Vulnerability Scanning Tools 155
Reviewing and Interpreting Scan Reports 159
Validating Scan Results 160
Security Vulnerabilities 161
Patch Management 162
Legacy Platforms 163
Weak Configurations 164
Error Messages 164
Insecure Protocols 165
Weak Encryption 166
Penetration Testing 167
Adopting the Hacker Mindset 168
Reasons for Penetration Testing 169
Benefits of Penetration Testing 169
Penetration Test Types 170
Rules of Engagement 171
Reconnaissance 173
Running the Test 173
Cleaning Up 174
Training and Exercises 174
Summary 175
Exam Essentials 176
Review Questions 177
Chapter 7 Cybersecurity Technology 181
Endpoint Security 182
Malware Prevention 183
Endpoint Detection and Response 183
Data Loss Prevention 184
Change and Configuration Management 185
Patch Management 185
System Hardening 185
Network Security 186
Network Segmentation 186
Network Device Security 188
Network Security Tools 191
Cloud Computing Security 195
Benefits of the Cloud 196
Cloud Roles 198
Cloud Service Models 198
Cloud Deployment Models 202
Shared Responsibility Model 204
Cloud Standards and Guidelines 207
Cloud Security Issues 208
Cloud Security Controls 210
Cryptography 212
Goals of Cryptography 212
Symmetric Key Algorithms 214
Asymmetric Cryptography 215
Hash Functions 217
Digital Signatures 218
Digital Certificates 219
Certificate Generation and Destruction 220
Code Security 223
Software Development Life Cycle 223
Software Development Phases 224
Software Development Models 226
DevSecOps and DevOps 229
Code Review 230
Software Security Testing 232
Identity and Access Management 234
Identification, Authentication, and Authorization 234
Authentication Techniques 235
Authentication Errors 237
Single- Sign On and Federation 238
Provisioning and Deprovisioning 238
Account Monitoring 239
Summary 240
Exam Essentials 241
Review Questions 244
Chapter 8 Incident Response 249
Security Incidents 251
Phases of Incident Response 252
Preparation 253
Detection and Analysis 254
Containment, Eradication, and Recovery 255
Post- Incident Activity 267
Building the Incident Response Plan 269
Policy 269
Procedures and Playbooks 270
Documenting the Incident Response Plan 270
Creating an Incident Response Team 272
Incident Response Providers 273
CSIRT Scope of Control 273
Coordination and Information Sharing 273
Internal Communications 274
External Communications 274
Classifying Incidents 274
Threat Classification 275
Severity Classification 276
Conducting Investigations 279
Investigation Types 279
Evidence 282
Plan Training, Testing, and Evaluation 288
Summary 289
Exam Essentials 290
Review Questions 292
Chapter 9 Business Continuity and Disaster Recovery 297
Planning for Business Continuity 298
Project Scope and Planning 299
Organizational Review 300
BCP Team Selection 301
Resource Requirements 302
Legal and Regulatory Requirements 303
Business Impact Analysis 304
Identifying Priorities 305
Risk Identification 306
Likelihood Assessment 308
Impact Analysis 309
Resource Prioritization 310
Continuity Planning 310
Strategy Development 311
Provisions and Processes 311
Plan Approval and Implementation 313
Plan Approval 313
Plan Implementation 314
Training and Education 314
BCP Documentation 314
The Nature of Disaster 318
Natural Disasters 319
Human- Made Disasters 324
System Resilience, High Availability, and Fault Tolerance 327
Protecting Hard Drives 328
Protecting Servers 329
Protecting Power Sources 331
Recovery Strategy 331
Business Unit and Functional Priorities 332
Crisis Management 333
Emergency Communications 334
Workgroup Recovery 334
Alternate Processing Sites 334
Database Recovery 338
Recovery Plan Development 340
Emergency Response 341
Personnel and Communications 341
Assessment 342
Backups and Offsite Storage 342
Utilities 345
Logistics and Supplies 345
Training, Awareness, and Documentation 345
Testing and Maintenance 346
Read- Through Test 346
Structured Walk- Through 346
Simulation Test 347
Parallel Test 347
Full- Interruption Test 347
Lessons Learned 347
Maintenance 348
Summary 349
Exam Essentials 349
Review Questions 351
Appendix Answers to the Review Questions 357
Chapter 1: Today’s Information Security Manager 358
Chapter 2: Information Security Governance and Compliance 360
Chapter 3: Information Risk Management 362
Chapter 4: Cybersecurity Threats 363
Chapter 5: Information Security Program Development and Management 365
Chapter 6: Security Assessment and Testing 368
Chapter 7: Cybersecurity Technology 370
Chapter 8: Incident Response 372
Chapter 9: Business Continuity and Disaster Recovery 374
Index 377
