Enterprise Cybersecurity Study Guide (eBook)
XLVI, 709 Seiten
Apress (Verlag)
978-1-4842-3258-3 (ISBN)
Use the methodology in this study guide to design, manage, and operate a balanced enterprise cybersecurity program that is pragmatic and realistic in the face of resource constraints and other real-world limitations. This guide is an instructional companion to the book Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats. The study guide will help you understand the book's ideas and put them to work. The guide can be used for self-study or in the classroom.
Enterprise cybersecurity is about implementing a cyberdefense program that will succeed in defending against real-world attacks. While we often know what should be done, the resources to do it often are not sufficient. The reality is that the Cybersecurity Conundrum-what the defenders request, what the frameworks specify, and what the budget allows versus what the attackers exploit-gets in the way of what needs to be done. Cyberattacks in the headlines affecting millions of people show that this conundrum fails more often than we would prefer.
Cybersecurity professionals want to implement more than what control frameworks specify, and more than what the budget allows. Ironically, another challenge is that even when defenders get everything that they want, clever attackers are extremely effective at finding and exploiting the gaps in those defenses, regardless of their comprehensiveness. Therefore, the cybersecurity challenge is to spend the available budget on the right protections, so that real-world attacks can be thwarted without breaking the bank.
People involved in or interested in successful enterprise cybersecurity can use this study guide to gain insight into a comprehensive framework for coordinating an entire enterprise cyberdefense program.
- Know the methodology of targeted attacks and why they succeed
- Master the cybersecurity risk management process
- Understand why cybersecurity capabilities are the foundation of effective cyberdefenses
- Organize a cybersecurity program's policy, people, budget, technology, and assessment
- Assess and score a cybersecurity program
- Report cybersecurity program status against compliance and regulatory frameworks
- Use the operational processes and supporting information systems of a successful cybersecurity program
- Create a data-driven and objectively managed cybersecurity program
- Discover how cybersecurity is evolving and will continue to evolve over the next decade
Who This Book Is For
Those involved in or interested in successful enterprise cybersecurity (e.g., business professionals, IT professionals, cybersecurity professionals, and students). This guide can be used in a self-study mode. The book can be used by students to facilitate note-taking in the classroom and by Instructors to develop classroom presentations based on the contents of the original book, Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats.
Scott Donaldson has professional experience in the defense, federal government, commercial, and university marketplaces. His expertise includes multi-hundred-million-dollar program management, systems development, information technology, business operations, business development, and technology cultural change. He has served in a wide variety of leadership roles, including Chief Technology Officer (CTO), IT Director, Chief Systems Engineer (CSE), Program Manager, Line Manager, and Business Development Capture Manager. Scott has co-authored three software engineering books: Successful Software Development: Making It Happen, 2nd Edition; Successful Software Development: Study Guide; and Cultivating Successful Software Development: A Practitioner's View. Scott also co-authored CTOs at Work (Apress) and Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats (Apress).
Dr. Stanley Siegel has progressive professional experience as a systems engineer, mathematician, and computer specialist. He started his career with the US Government in the Department of Commerce and then the Department of Defense. After his government service, he was with Grumman for 15 years and Science Applications International Corporation (SAIC) for over 20 years. He helped SAIC grow to an $11 billion leader in scientific, engineering, and technical solutions with hundreds of millions of dollars in new business. Dr. Siegel has co-authored four software engineering books, including the seminal software engineering textbook Software Configuration Management: An Investment in Product Integrity. He has contributed to a number of books, including the Encyclopedia of Software Engineering, Software Project Management Success Factors (Reducing the Likelihood of Software Failures); and the Handbook of Software Quality Assurance, Software Configuration Management-A Practical Look, 3rd Edition.
Chris Williams has been involved in the cybersecurity field since 1994 in a combination of US military and commercial positions. He has been with Leidos (formerly SAIC) since 2003 focusing on enterprise cybersecurity and compliance, and before that EDS (now HP) and Booz Allen Hamilton. He is a veteran of the US Army, having served five years with the 82nd Airborne Division and 35th Signal Brigade. He has worked on cybersecurity projects with the US Army, Defense Information Systems Agency, Department of State, Defense Intelligence Agency, and numerous other commercial and government organizations designing integrated solutions to protect against modern threats. Chris co-authored Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats (Apress).
Abdul Aslam has over 20 years of experience in devising risk acceptance and compliance frameworks, application security, security operations, and information protection. He is Director of Cyber Security Compliance and Risk Management for Leidos where he is in charge of delivering secure, scalable, security solutions, policy governance, and strategic technology support. He has worked on numerous IT projects with a proven record of pioneering innovative systems analysis processes and secure application designs that improve availability, integrity, confidentiality, reliability, effectiveness, and efficiency of technology services. Abdul co-authored Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats (Apress) and has presented on cybersecurity at International Information Systems Security Certification Consortium (ISC)2 and the Information Systems Security Association (ISSA).
Use the methodology in this study guide to design, manage, and operate a balanced enterprise cybersecurity program that is pragmatic and realistic in the face of resource constraints and other real-world limitations. This guide is an instructional companion to the book Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats. The study guide will help you understand the book's ideas and put them to work. The guide can be used for self-study or in the classroom.Enterprise cybersecurity is about implementing a cyberdefense program that will succeed in defending against real-world attacks. While we often know what should be done, the resources to do it often are not sufficient. The reality is that the Cybersecurity Conundrum-what the defenders request, what the frameworks specify, and what the budget allows versus what the attackers exploit-gets in the way of what needs to be done. Cyberattacks in the headlines affecting millions of people show that this conundrum fails more often than we would prefer.Cybersecurity professionals want to implement more than what control frameworks specify, and more than what the budget allows. Ironically, another challenge is that even when defenders get everything that they want, clever attackers are extremely effective at finding and exploiting the gaps in those defenses, regardless of their comprehensiveness. Therefore, the cybersecurity challenge is to spend the available budget on the right protections, so that real-world attacks can be thwarted without breaking the bank.People involved in or interested in successful enterprise cybersecurity can use this study guide to gain insight into a comprehensive framework for coordinating an entire enterprise cyberdefense program.What You'll Learn Know the methodology of targeted attacks and why they succeed Master the cybersecurity risk management process Understand why cybersecurity capabilities are the foundation of effective cyberdefenses Organize a cybersecurity program's policy, people, budget, technology, and assessment Assess and score a cybersecurity program Report cybersecurity program status against compliance and regulatory frameworks Use the operational processes and supporting information systems of a successful cybersecurity program Create a data-driven and objectively managed cybersecurity program Discover how cybersecurity is evolving and will continue to evolve over the next decade Who This Book Is For Those involved in or interested in successful enterprise cybersecurity (e.g., business professionals, IT professionals, cybersecurity professionals, and students). This guide can be used in a self-study mode. The book can be used by students to facilitate note-taking in the classroom and by Instructors to develop classroom presentations based on the contents of the original book, Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats.
Scott Donaldson has professional experience in the defense, federal government, commercial, and university marketplaces. His expertise includes multi-hundred-million-dollar program management, systems development, information technology, business operations, business development, and technology cultural change. He has served in a wide variety of leadership roles, including Chief Technology Officer (CTO), IT Director, Chief Systems Engineer (CSE), Program Manager, Line Manager, and Business Development Capture Manager. Scott has co-authored three software engineering books: Successful Software Development: Making It Happen, 2nd Edition; Successful Software Development: Study Guide; and Cultivating Successful Software Development: A Practitioner’s View. Scott also co-authored CTOs at Work (Apress) and Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats (Apress). Dr. Stanley Siegel has progressive professional experience as a systems engineer, mathematician, and computer specialist. He started his career with the US Government in the Department of Commerce and then the Department of Defense. After his government service, he was with Grumman for 15 years and Science Applications International Corporation (SAIC) for over 20 years. He helped SAIC grow to an $11 billion leader in scientific, engineering, and technical solutions with hundreds of millions of dollars in new business. Dr. Siegel has co-authored four software engineering books, including the seminal software engineering textbook Software Configuration Management: An Investment in Product Integrity. He has contributed to a number of books, including the Encyclopedia of Software Engineering, Software Project Management Success Factors (Reducing the Likelihood of Software Failures); and the Handbook of Software Quality Assurance, Software Configuration Management—A Practical Look, 3rd Edition. Chris Williams has been involved in the cybersecurity field since 1994 in a combination of US military and commercial positions. He has been with Leidos (formerly SAIC) since 2003 focusing on enterprise cybersecurity and compliance, and before that EDS (now HP) and Booz Allen Hamilton. He is a veteran of the US Army, having served five years with the 82nd Airborne Division and 35th Signal Brigade. He has worked on cybersecurity projects with the US Army, Defense Information Systems Agency, Department of State, Defense Intelligence Agency, and numerous other commercial and government organizations designing integrated solutions to protect against modern threats. Chris co-authored Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats (Apress). Abdul Aslam has over 20 years of experience in devising risk acceptance and compliance frameworks, application security, security operations, and information protection. He is Director of Cyber Security Compliance and Risk Management for Leidos where he is in charge of delivering secure, scalable, security solutions, policy governance, and strategic technology support. He has worked on numerous IT projects with a proven record of pioneering innovative systems analysis processes and secure application designs that improve availability, integrity, confidentiality, reliability, effectiveness, and efficiency of technology services. Abdul co-authored Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats (Apress) and has presented on cybersecurity at International Information Systems Security Certification Consortium (ISC)2 and the Information Systems Security Association (ISSA).
Preface.-Introduction.-Part I: The Cybersecurity Challenge.- Chapter 1: Defining the Cybersecurity Challenge.- Chapter 2: Meeting the Cybersecurity Challenge.- Part II: A New Enterprise Cybersecurity Architecture.- Chapter 3: Enterprise Cybersecurity Architecture.- Chapter 4: Implementing Enterprise Cybersecurity.- Chapter 5: Operating Enterprise Cybersecurity.- Chapter 6: Enterprise Cybersecurity and the Cloud.- Chapter 7: Enterprise Cybersecurity for Mobile and BYOD.- Part III: The Art of Cyber Defense.- Chapter 8: Building an Effective Defense.- Chapter 9: Responding to Incidents.- Chapter 10: Managing a Cybersecurity Crisis.- Part IV: Enterprise Cyber Defense Assessment.- Chapter 11: Assessing Enterprise Cybersecurity.- Chapter 12: Measuring a Cybersecurity Program.- Chapter 13: Mapping Against Cybersecurity Frameworks.- Part V: Enterprise Cybersecurity Program.- Chapter 14: Managing an Enterprise Cybersecurity Program.- Chapter 15: Looking to the Future.- Part VI: Appendices.- Appendix A: Sample Cybersecurity Policy.- Appendix B: Cybersecurity Operational Processes.- Appendix C: Object Measurement.- Appendix D: Cybersecurity Sample Assessment.- Appendix E: Cybersecurity Capability Value Scales.-
| Erscheint lt. Verlag | 22.3.2018 |
|---|---|
| Zusatzinfo | XLVI, 709 p. 564 illus., 425 illus. in color. |
| Verlagsort | Berkeley |
| Sprache | englisch |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Schlagworte | Cyberdefense • cybersecurity • Cybersecurity architecture • Cybersecurity capabilities • Cybersecurity controls • Cybersecurity framework • Cybersecurity functional areas • Cybersecurity measurement • Cybersecurity operations • cybersecurity policy • Cybersecurity program • Cybersecurity program assessments • Cybersecurity program audits • Cybersecurity responsibilities • Enterprise security posture • Infosec • security |
| ISBN-10 | 1-4842-3258-5 / 1484232585 |
| ISBN-13 | 978-1-4842-3258-3 / 9781484232583 |
| Haben Sie eine Frage zum Produkt? |
PDF (Wasserzeichen)Größe: 55,8 MB
DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasserzeichen und ist damit für Sie personalisiert. Bei einer missbräuchlichen Weitergabe des eBooks an Dritte ist eine Rückverfolgung an die Quelle möglich.
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
