Effective Cybersecurity: A Guide to Using Best Practices and Standards

Effective Cybersecurity: A Guide to Using Best Practices and Standards

by William Stallings
Released August 2018
Publisher(s): Addison-Wesley Professional
ISBN: 9780134772929

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

William Stallings’ Effective Cybersecurity offers a comprehensive and unified explanation of the best practices and standards that represent proven, consensus techniques for implementing cybersecurity. Stallings draws on the immense work that has been collected in multiple key security documents, making this knowledge far more accessible than it has ever been before. Effective Cybersecurity is organized to align with the comprehensive Information Security Forum document The Standard of Good Practice for Information Security, but deepens, extends, and complements ISF’s work with extensive insights from the ISO 27002 Code of Practice for Information Security Controls, the NIST Framework for Improving Critical Infrastructure Cybersecurity, COBIT 5 for Information Security, and a wide spectrum of standards and guidelines documents from ISO, ITU-T, NIST, Internet RFCs, other official sources, and the professional, academic, and industry literature.

In a single expert source, current and aspiring cybersecurity practitioners will find comprehensive and usable practices for successfully implementing cybersecurity within any organization. Stallings covers:

  • Security Planning: Developing approaches for managing and controlling the cybersecurity function; defining the requirements specific to a given IT environment; and developing policies and procedures for managing the security function

  • Security Management: Implementing the controls to satisfy the defined security requirements

  • Security Evaluation: Assuring that the security management function enables business continuity; monitoring, assessing, and improving the suite of cybersecurity controls.

Beyond requiring a basic understanding of cryptographic terminology and applications, this book is self-contained: all technology areas are explained without requiring other reference material. Each chapter contains a clear technical overview, as well as a detailed discussion of action items and appropriate policies. Stallings, author of 13 TAA Computer Science Textbooks of the Year, offers many pedagogical features designed to help readers master the material. These include: clear learning objectives, keyword lists, and glossaries to QR codes linking to relevant standards documents and web resources.

Table of contents

  1. Cover
  2. About This E-Book
  3. Title Page
  4. Copyright Page
  5. Dedication Page
  6. Contents at a Glance
  7. Table of Contents
  8. Preface
    1. Background
    2. Organization of the Book
    3. Supporting Websites
  9. Acknowledgments
  10. About the Author and Contributors
  11. Technical Editors
  12. Chapter 1 Best Practices, Standards, and a Plan of Action
    1. 1.1 Defining Cyberspace and Cybersecurity
    2. 1.2 The Value of Standards and Best Practices Documents
    3. 1.3 The Standard of Good Practice for Information Security
    4. 1.4 The ISO/IEC 27000 Suite of Information Security Standards
    5. 1.5 Mapping the ISO 27000 Series to the ISF SGP
    6. 1.6 NIST Cybersecurity Framework and Security Documents
    7. 1.7 The CIS Critical Security Controls for Effective Cyber Defense
    8. 1.8 COBIT 5 for Information Security
    9. 1.9 Payment Card Industry Data Security Standard (PCI DSS)
    10. 1.10 ITU-T Security Documents
    11. 1.11 Effective Cybersecurity
    12. 1.12 Key Terms and Review Questions
    13. 1.13 References
  13. PART I Planning for Cybersecurity
    1. Chapter 2 Security Governance
      1. 2.1 Security Governance and Security Management
      2. 2.2 Security Governance Principles and Desired Outcomes
      3. 2.3 Security Governance Components
      4. 2.4 Security Governance Approach
      5. 2.5 Security Governance Evaluation
      6. 2.6 Security Governance Best Practices
      7. 2.7 Key Terms and Review Questions
      8. 2.8 References
    2. Chapter 3 Information Risk Assessment
      1. 3.1 Risk Assessment Concepts
      2. 3.2 Asset Identification
      3. 3.3 Threat Identification
      4. 3.4 Control Identification
      5. 3.5 Vulnerability Identification
      6. 3.6 Risk Assessment Approaches
      7. 3.7 Likelihood Assessment
      8. 3.8 Impact Assessment
      9. 3.9 Risk Determination
      10. 3.10 Risk Evaluation
      11. 3.11 Risk Treatment
      12. 3.12 Risk Assessment Best Practices
      13. 3.13 Key Terms and Review Questions
      14. 3.14 References
    3. Chapter 4 Security Management
      1. 4.1 The Security Management Function
      2. 4.2 Security Policy
      3. 4.3 Acceptable Use Policy
      4. 4.4 Security Management Best Practices
      5. 4.5 Key Terms and Review Questions
      6. 4.6 References
  14. PART II Managing the Cybersecurity Function
    1. Chapter 5 People Management
      1. 5.1 Human Resource Security
      2. 5.2 Security Awareness and Education
      3. 5.3 People Management Best Practices
      4. 5.4 Key Terms and Review Questions
      5. 5.5 References
    2. Chapter 6 Information Management
      1. 6.1 Information Classification and Handling
      2. 6.2 Privacy
      3. 6.3 Document and Records Management
      4. 6.4 Sensitive Physical Information
      5. 6.5 Information Management Best Practices
      6. 6.6 Key Terms and Review Questions
      7. 6.7 References
    3. Chapter 7 Physical Asset Management
      1. 7.1 Hardware Life Cycle Management
      2. 7.2 Office Equipment
      3. 7.3 Industrial Control Systems
      4. 7.4 Mobile Device Security
      5. 7.5 Physical Asset Management Best Practices
      6. 7.6 Key Terms and Review Questions
      7. 7.7 References
    4. Chapter 8 System Development
      1. 8.1 System Development Life Cycle
      2. 8.2 Incorporating Security into the SDLC
      3. 8.3 System Development Management
      4. 8.4 System Development Best Practices
      5. 8.5 Key Terms and Review Questions
      6. 8.6 References
    5. Chapter 9 Business Application Management
      1. 9.1 Application Management Concepts
      2. 9.2 Corporate Business Application Security
      3. 9.3 End User-Developed Applications (EUDAs)
      4. 9.4 Business Application Management Best Practices
      5. 9.5 Key Terms and Review Questions
      6. 9.6 References
    6. Chapter 10 System Access
      1. 10.1 System Access Concepts
      2. 10.2 User Authentication
      3. 10.3 Password-Based Authentication
      4. 10.4 Possession-Based Authentication
      5. 10.5 Biometric Authentication
      6. 10.6 Risk Assessment for User Authentication
      7. 10.7 Access Control
      8. 10.8 Customer Access
      9. 10.9 System Access Best Practices
      10. 10.10 Key Terms and Review Questions
      11. 10.11 References
    7. Chapter 11 System Management
      1. 11.1 Server Configuration
      2. 11.2 Virtual Servers
      3. 11.3 Network Storage Systems
      4. 11.4 Service Level Agreements
      5. 11.5 Performance and Capacity Management
      6. 11.6 Backup
      7. 11.7 Change Management
      8. 11.8 System Management Best Practices
      9. 11.9 Key Terms and Review Questions
      10. 11.10 References
    8. Chapter 12 Networks and Communications
      1. 12.1 Network Management Concepts
      2. 12.2 Firewalls
      3. 12.3 Virtual Private Networks and IP Security
      4. 12.4 Security Considerations for Network Management
      5. 12.5 Electronic Communications
      6. 12.6 Networks and Communications Best Practices
      7. 12.7 Key Terms and Review Questions
      8. 12.8 References
    9. Chapter 13 Supply Chain Management and Cloud Security
      1. 13.1 Supply Chain Management Concepts
      2. 13.2 Supply Chain Risk Management
      3. 13.3 Cloud Computing
      4. 13.4 Cloud Security
      5. 13.5 Supply Chain Best Practices
      6. 13.6 Key Terms and Review Questions
      7. 13.7 References
    10. Chapter 14 Technical Security Management
      1. 14.1 Security Architecture
      2. 14.2 Malware Protection Activities
      3. 14.3 Malware Protection Software
      4. 14.4 Identity and Access Management
      5. 14.5 Intrusion Detection
      6. 14.6 Data Loss Prevention
      7. 14.7 Digital Rights Management
      8. 14.8 Cryptographic Solutions
      9. 14.9 Cryptographic Key Management
      10. 14.10 Public Key Infrastructure
      11. 14.11 Technical Security Management Best Practices
      12. 14.12 Key Terms and Review Questions
      13. 14.13 References
    11. Chapter 15 Threat and Incident Management
      1. 15.1 Technical Vulnerability Management
      2. 15.2 Security Event Logging
      3. 15.3 Security Event Management
      4. 15.4 Threat Intelligence
      5. 15.5 Cyber Attack Protection
      6. 15.6 Security Incident Management Framework
      7. 15.7 Security Incident Management Process
      8. 15.8 Emergency Fixes
      9. 15.9 Forensic Investigations
      10. 15.10 Threat and Incident Management Best Practices
      11. 15.11 Key Terms and Review Questions
      12. 15.12 References
    12. Chapter 16 Local Environment Management
      1. 16.1 Local Environment Security
      2. 16.2 Physical Security
      3. 16.3 Local Environment Management Best Practices
      4. 16.4 Key Terms and Review Questions
      5. 16.5 References
    13. Chapter 17 Business Continuity
      1. 17.1 Business Continuity Concepts
      2. 17.2 Business Continuity Program
      3. 17.3 Business Continuity Readiness
      4. 17.4 Business Continuity Operations
      5. 17.5 Business Continuity Best Practices
      6. 17.6 Key Terms and Review Questions
      7. 17.7 References
  15. PART III Security Assessment
    1. Chapter 18 Security Monitoring and Improvement
      1. 18.1 Security Audit
      2. 18.2 Security Performance
      3. 18.3 Security Monitoring and Improvement Best Practices
      4. 18.4 Key Terms and Review Questions
      5. 18.5 References
  16. Appendix A References and Standards
    1. References
    2. List of NIST, ITU-T, and ISO Documents Referenced in the Book
  17. Appendix B Glossary
  18. Index
  19. Appendix C Answers to Review Questions

Product information

  • Title: Effective Cybersecurity: A Guide to Using Best Practices and Standards
  • Author(s): William Stallings
  • Release date: August 2018
  • Publisher(s): Addison-Wesley Professional
  • ISBN: 9780134772929