Book description
William Stallings’ Effective Cybersecurity offers a comprehensive and unified explanation of the best practices and standards that represent proven, consensus techniques for implementing cybersecurity. Stallings draws on the immense work that has been collected in multiple key security documents, making this knowledge far more accessible than it has ever been before. Effective Cybersecurity is organized to align with the comprehensive Information Security Forum document The Standard of Good Practice for Information Security, but deepens, extends, and complements ISF’s work with extensive insights from the ISO 27002 Code of Practice for Information Security Controls, the NIST Framework for Improving Critical Infrastructure Cybersecurity, COBIT 5 for Information Security, and a wide spectrum of standards and guidelines documents from ISO, ITU-T, NIST, Internet RFCs, other official sources, and the professional, academic, and industry literature.
In a single expert source, current and aspiring cybersecurity practitioners will find comprehensive and usable practices for successfully implementing cybersecurity within any organization. Stallings covers:
Security Planning: Developing approaches for managing and controlling the cybersecurity function; defining the requirements specific to a given IT environment; and developing policies and procedures for managing the security function
Security Management: Implementing the controls to satisfy the defined security requirements
Security Evaluation: Assuring that the security management function enables business continuity; monitoring, assessing, and improving the suite of cybersecurity controls.
Beyond requiring a basic understanding of cryptographic terminology and applications, this book is self-contained: all technology areas are explained without requiring other reference material. Each chapter contains a clear technical overview, as well as a detailed discussion of action items and appropriate policies. Stallings, author of 13 TAA Computer Science Textbooks of the Year, offers many pedagogical features designed to help readers master the material. These include: clear learning objectives, keyword lists, and glossaries to QR codes linking to relevant standards documents and web resources.
Table of contents
- Cover
- About This E-Book
- Title Page
- Copyright Page
- Dedication Page
- Contents at a Glance
- Table of Contents
- Preface
- Acknowledgments
- About the Author and Contributors
- Technical Editors
-
Chapter 1 Best Practices, Standards, and a Plan of Action
- 1.1 Defining Cyberspace and Cybersecurity
- 1.2 The Value of Standards and Best Practices Documents
- 1.3 The Standard of Good Practice for Information Security
- 1.4 The ISO/IEC 27000 Suite of Information Security Standards
- 1.5 Mapping the ISO 27000 Series to the ISF SGP
- 1.6 NIST Cybersecurity Framework and Security Documents
- 1.7 The CIS Critical Security Controls for Effective Cyber Defense
- 1.8 COBIT 5 for Information Security
- 1.9 Payment Card Industry Data Security Standard (PCI DSS)
- 1.10 ITU-T Security Documents
- 1.11 Effective Cybersecurity
- 1.12 Key Terms and Review Questions
- 1.13 References
-
PART I Planning for Cybersecurity
- Chapter 2 Security Governance
-
Chapter 3 Information Risk Assessment
- 3.1 Risk Assessment Concepts
- 3.2 Asset Identification
- 3.3 Threat Identification
- 3.4 Control Identification
- 3.5 Vulnerability Identification
- 3.6 Risk Assessment Approaches
- 3.7 Likelihood Assessment
- 3.8 Impact Assessment
- 3.9 Risk Determination
- 3.10 Risk Evaluation
- 3.11 Risk Treatment
- 3.12 Risk Assessment Best Practices
- 3.13 Key Terms and Review Questions
- 3.14 References
- Chapter 4 Security Management
-
PART II Managing the Cybersecurity Function
- Chapter 5 People Management
- Chapter 6 Information Management
- Chapter 7 Physical Asset Management
- Chapter 8 System Development
- Chapter 9 Business Application Management
-
Chapter 10 System Access
- 10.1 System Access Concepts
- 10.2 User Authentication
- 10.3 Password-Based Authentication
- 10.4 Possession-Based Authentication
- 10.5 Biometric Authentication
- 10.6 Risk Assessment for User Authentication
- 10.7 Access Control
- 10.8 Customer Access
- 10.9 System Access Best Practices
- 10.10 Key Terms and Review Questions
- 10.11 References
- Chapter 11 System Management
- Chapter 12 Networks and Communications
- Chapter 13 Supply Chain Management and Cloud Security
-
Chapter 14 Technical Security Management
- 14.1 Security Architecture
- 14.2 Malware Protection Activities
- 14.3 Malware Protection Software
- 14.4 Identity and Access Management
- 14.5 Intrusion Detection
- 14.6 Data Loss Prevention
- 14.7 Digital Rights Management
- 14.8 Cryptographic Solutions
- 14.9 Cryptographic Key Management
- 14.10 Public Key Infrastructure
- 14.11 Technical Security Management Best Practices
- 14.12 Key Terms and Review Questions
- 14.13 References
-
Chapter 15 Threat and Incident Management
- 15.1 Technical Vulnerability Management
- 15.2 Security Event Logging
- 15.3 Security Event Management
- 15.4 Threat Intelligence
- 15.5 Cyber Attack Protection
- 15.6 Security Incident Management Framework
- 15.7 Security Incident Management Process
- 15.8 Emergency Fixes
- 15.9 Forensic Investigations
- 15.10 Threat and Incident Management Best Practices
- 15.11 Key Terms and Review Questions
- 15.12 References
- Chapter 16 Local Environment Management
- Chapter 17 Business Continuity
- PART III Security Assessment
- Appendix A References and Standards
- Appendix B Glossary
- Index
- Appendix C Answers to Review Questions
Product information
- Title: Effective Cybersecurity: A Guide to Using Best Practices and Standards
- Author(s):
- Release date: August 2018
- Publisher(s): Addison-Wesley Professional
- ISBN: 9780134772929
You might also like
book
IT Security Controls: A Guide to Corporate Standards and Frameworks
Use this reference for IT security practitioners to get an overview of the major standards and …
book
Practical Vulnerability Management
Bugs: they’re everywhere. Software, firmware, hardware — they all have them. Bugs even live in the …
book
Implementing an Information Security Management System: Security Management Based on ISO 27001 Guidelines
Discover the simple steps to implementing information security standards using ISO 27001, the most popular information …
book
Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats
Enterprise Cybersecurity empowers organizations of all sizes to defend themselves with next-generation cybersecurity programs against the …