Жанры Авторы Контакты О сайте

Книжные новинки Популярные книги

Главная Авторы John Jackson Corporate Cybersecurity

Читать книгу Corporate Cybersecurity - John Jackson - Страница 1

Оглавление

Предыдущая Следующая

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 ...57

Оглавление

Corporate Cybersecurity

Купить и скачать книгу Вернуться на страницу книги Corporate Cybersecurity

Оглавление

Страница 1 Corporate Cybersecurity Identifying Risks and the Bug Bounty Program Страница 3 Contents List of Illustrations Guide Pages Foreword Acknowledgments Страница 10 1 The Evolution of Bug Bounty Programs 1.1 Making History 1.2 Conservative Blockers 1.3 Increased Threat Actor Activity 1.4 Security Researcher Scams 1.5 Applications Are a Small Consideration 1.6 Enormous Budgetary Requirements 1.7 Other Security Tooling as a Priority 1.8 Vulnerability Disclosure Programs vs. Bug Bounty Programs 1.8.1 Vulnerability Disclosure Programs 1.8.2 Bug Bounty Programs 1.9 Program Managers 1.10 The Law 1.11 Redefining Security Research 1.12 Taking Action 1.12.1 Get to Know Security Researchers 1.12.2 Fair and Just Resolution 1.12.3 Managing Disclosure 1.12.4 Corrections 1.12.5 Specific Community Involvement Страница 30 2 Assessing Current Vulnerability Management Processes 2.1 Who Runs a Bug Bounty Program? 2.2 Determining Security Posture 2.3 Management 2.3.1 Software Engineering Teams 2.3.2 Security Departments (Security Operations, Fraud Prevention, Governance/Risk/Compliance, Edge Controls, Vulnerability Management, Endpoint Detection, and Response) 2.3.3 Infrastructure Teams 2.3.4 Legal Department 2.3.5 Communications Team 2.4 Important Questions 2.5 Software Engineering 2.5.1 Which Processes Are in Place for Secure Coding? Do the Software Engineers Understand the Importance of Mitigating the Risks Associated with Vulnerable Code? 2.5.2 How Effective Are Current Communication Processes? Will Vulnerabilities Be Quickly Resolved If Brought to Their Attention? 2.5.3 Is the Breadth of Our Enterprise’s Web and Mobile Applications Immense? Which Processes Are Engineers Using for Development in the Software Development Lifecycle? 2.6 Security Departments 2.6.1 How Does Security Operations Manage Incidents? Will Employee Assistance Be Provided from the Security Operations Team If a Threat Actor Manages to Exploit an Application Vulnerability? Which Tools Do They Have in Place? 2.6.2 What Does the Fraud Prevention Team Do to Prevent Malicious Activities? How Many Occurrences Do They See of Issues such as Account Takeover, and Could They Potentially Create Application Vulnerabilities? 2.6.3 Are There Any Compliance Practices in Place and, If So, How Do They Affect the Vulnerability Management Process? What Does the Application Security Team Have to Do to Assist in Enterprise Compliance? 2.6.4 What Edge Tooling Is in Place to Prevent Attacks? Are Any of the Enterprise Applications at Risk of Being Exploited due to an IoT (Internet of Things) Device? 2.6.5 How Often Does Our Vulnerability Management Team Push for Updates? How Does the Vulnerability Management Team Ensure Servers in which Enterprise Applications Reside Are Secure? 2.7 Infrastructure Teams 2.7.1 What Are Infrastructure Teams Doing to Ensure Best Security Practices Are Enabled? How Long Will It Take the Infrastructure Team to Resolve a Serious Issue When a Server-side Web Application Is Exploited, or During a Subdomain Takeover Vulnerability? 2.7.2 Is There Effective Communication between Infrastructure, Vulnerability Management, Security Operations, and Endpoint Detection and Response? 2.8 Legal Department 2.8.1 How Well Refined is the Relationship between the Application Security Team and the Legal Department? 2.8.2 What Criteria Are/Will Be Set Out for the Escalation of Issues? 2.8.3 Does the Legal Department Understand the Necessity of Bug Bounty Program Management? 2.9 Communications Team 2.9.1 Has the Communications Team Dealt with Security Researchers Before? Is the Importance Understood? 2.9.2 Was the Communications Team Informed of Bug Bounty Program Expectations? 2.10 Engineers 2.11 Program Readiness {buyButton}

Подняться наверх

Популярные жанры Детективы Классика Искусство Психология Наука и образование Фантастика Фэнтези

Книжные новинки Популярные книги Жанры Авторы Контакты О сайте

© КнигаЛит.ру 2015 - 2025. Рейтинг книг, рецензии и отзывы о бумажных и электронных книгах, сравнение цен на книги в магазинах.

На нашем сайте вы можете скачать бесплатно и читать бесплатно онлайн фрагмент интересующего вас произведения, заказать и купить бумажную книгу с доставкой в книжных интернет-магазинах, или электронную книгу в одном из популярных форматов для чтения на ридере, мобильном устройстве и ПК. Подробнее о сайте.