8 Steps to Better Security

Оглавление

Kim Crawley. 8 Steps to Better Security

Table of Contents

Guide

Pages

8 Steps to Better Security. A Simple Cyber Resilience Guide for Business

Foreword

Introduction

Chapter 1 Step 1: Foster a Strong Security Culture

Kevin Mitnick, Human Hacker Extraordinaire

The Importance of a Strong Security Culture

Hackers Are the Bad Guys, Right?

What Is Security Culture?

How to Foster a Strong Security Culture

Security Leaders on Security Culture

What Makes a Good CISO?

The Biggest Mistakes Businesses Make When It Comes to Cybersecurity

The Psychological Phases of a Cybersecurity Professional

Chapter 2 Step 2: Build a Security Team

Why Step 2 Is Controversial

Security Operations Center (SOC) Specialists, Entry Level

How to Hire the Right Security Team…the Right Way

Security Team Tips from Security Leaders

The “Culture Fit”—Yuck!

Cybersecurity Budgets

Design Your Perfect Security Team

Chapter 3 Step 3: Regulatory Compliance

What Are Data Breaches, and Why Are They Bad?

The Scary Truth Found in Data Breach Research

An Introduction to Common Data Privacy Regulations

The General Data Protection Regulation

The California Consumer Privacy Act

The Health Insurance Portability and Accountability Act

The Gramm-Leach-Bliley Act

Payment Card Industry Data Security Standard

Governance, Risk Management, and Compliance

More About Risk Management

Threat Modeling

Chapter 4 Step 4: Frequent Security Testing

What Is Security Testing?

Security Testing Types

Security Audits

Vulnerability Assessments Versus Penetration Testing

Red Team Testing

Bug Bounty Programs

What's Security Maturity?

The Basics of Security Audits and Vulnerability Assessments

Log Early, Log Often

Prepare for Vulnerability Assessments and Security Audits

A Concise Guide to Penetration Testing

Penetration Testing Based on Network Knowledge

Penetration Testing Based on Network Aspects

Security Leaders on Security Maturity

Security Testing Is Crucial

Chapter 5 Step 5: Security Framework Application

What Is Incident Response?

Preparation

Identification or Analysis

Containment, Mitigation, or Eradication

Recovery

Post-incident

Your Computer Security Incident Response Team

Cybersecurity Frameworks

NIST Cybersecurity Framework

Identify

Protect

Detect

Respond

Recover

ISO 27000 Cybersecurity Frameworks

CIS Controls

COBIT Cybersecurity Framework

Security Frameworks and Cloud Security

Chapter 6 Step 6: Control Your Data Assets

The CIA Triad

Access Control

Patch Management

Physical Security and Your Data

Malware

Cryptography Basics

Bring Your Own Device and Working from Home

Data Loss Prevention

Managed Service Providers

The Dark Web and Your Data

Security Leaders on Cyber Defense

Control Your Data

Chapter 7 Step 7: Understand the Human Factor

Social Engineering

A Chat with Human Factor Security Expert Jenny Radcliffe

Phishing

What Can NFTs and ABA Teach Us About Social Engineering?

How to Prevent Social Engineering Attacks on Your Business

UI and UX Design

Internal Threats

Hacktivism

Note

Chapter 8 Step 8: Build Redundancy and Resilience

Understanding Data and Networks

Building Capacity and Scalability with the Power of the Cloud

Back It Up, Back It Up, Back It Up

RAID

What Ransomware Taught Business About Backups

Business Continuity

Disaster Recovery

Chapter 9 Afterword

Step 1

The Most Notorious Cyberattacker Was Actually a Con Man

A Strong Security Culture Requires All Hands on Deck

Hackers Are the Good Guys, Actually

What Is Security Culture?

What Makes a Good CISO?

The Psychological Phases of a Cybersecurity Professional

Recommended Readings

Step 2

Tackling the Cybersecurity Skills Gap Myth

Take “Culture Fit” Out of Your Vocabulary

Your Cybersecurity Budget

Recommended Readings

Step 3

Data Breaches

Data Privacy Regulations

Risk Management

Recommended Readings

Step 4

Security Audits

Vulnerability Assessments

Penetration Testing

Bug Bounty Programs

Recommended Reading

Step 5

Incident Response

Cybersecurity Frameworks

Recommended Reading

Step 6

The CIA Triad

Access Control

Patch Management

Physical Security

Malware

Cryptography

BYOD and Working from Home

Data Loss Prevention

Managed Service Providers

Recommended Reading

Step 7

Social Engineering

UI and UX Design

Internal Threats

Recommended Readings

Step 8

Cloud Networks

Data Backups

Business Continuity and Disaster Recovery

Recommended Readings

Keeping Your Business Cyber Secure

Index

About the Author

Acknowledgments

WILEY END USER LICENSE AGREEMENT

Отрывок из книги

Kim Crawley

.....

As with all the work you must do to keep your company secure, establishing and maintaining a strong security culture isn't a project you set then forget, as some infomercial spokespeople love to say about their As Seen on TV products. It's a constant, everyday process. It's something you build and maintain over the years. And if you neglect it, it will die. I love cybersecurity expert Bruce Schneier's ideas, so I'll quote him again as I often do in my writing:

Security is a process, not a product.

.....