| Description |
1 online resource (168 p.) |
| Contents |
Intro -- Cybersecurity Risk Management -- Contents -- Academic Foreword -- Acknowledgments -- Preface -- Overview of the NIST Framework -- Background on the Framework -- Framework Based on Risk Management -- The Framework Core -- Framework Implementation Tiers -- Framework Profile -- Other Aspects of the Framework Document -- Recent Developments At Nist -- CHAPTER 1 Cybersecurity Risk Planning and Management -- Introduction -- I. What Is Cybersecurity Risk Management? -- A. Risk Management Is a Process -- II. Asset Management |
|
A. Inventory Every Physical Device and System You Have and Keep the Inventory Updated -- B. Inventory Every Software Platform and Application You Use and Keep the Inventory Updated -- C. Prioritize Every Device, Software Platform, and Application Based on Importance -- D. Establish Personnel Security Requirements Including Third-Party Stakeholders -- III. Governance -- A. Make Sure You Educate Management about Risks -- IV. Risk Assessment and Management -- A. Know Where You're Vulnerable -- B. Identify the Threats You Face, Both Internally and Externally |
|
C. Focus on the Vulnerabilities and Threats That Are Most Likely AND Pose the Highest Risk to Assets -- D. Develop Plans for Dealing with the Highest Risks -- Summary -- Chapter Quiz -- Essential Reading on Cybersecurity Risk Management -- CHAPTER 2 User and Network Infrastructure Planning and Management -- I. Introduction -- II. Infrastructure Planning and Management Is All about Protection, Where the Rubber Meets the Road -- A. Identity Management, Authentication, and Access Control |
|
1. Always Be Aware of Who Has Access to Which System, for Which Period of Time, and from Where the Access Is Granted -- 2. Establish, Maintain, and Audit an Active Control List and Process for Who Can Physically Gain Access to Systems -- 3. Establish Policies, Procedures, and Controls for Who Has Remote Access to Systems -- 4. Make Sure That Users Have the Least Authority Possible to Perform Their Jobs and Ensure That at Least Two Individuals Are Responsible for a Task |
|
5. Implement Network Security Controls on All Internal Communications, Denying Communications among Various Segments Where Necessary -- A Word about Firewalls -- 6. Associate Activities with a Real Person or a Single Specific Entity -- 7. Use Single- or Multi-Factor Authentication Based on the Risk Involved in the Interaction -- III. Awareness and Training -- A. Make Sure That Privileged Users and Security Personnel Understand Their Roles and Responsibilities -- IV. Data Security -- A. Protect the Integrity of Active and Archived Databases |
| Summary |
The book offers readers easy-to-understand overviews of cybersecurity risk management principles, user, and network infrastructure planning, as well as the tools and techniques for detecting cyberattacks. The book also provides a roadmap to the development of a continuity of operations plan in the event of a cyberattack. -- Edited summary from book |
| Notes |
Description based upon print version of record |
|
B. Protect the Confidentiality and Integrity of Corporate Data Once It Leaves Internal Networks |
| Subject |
Computer security.
|
|
Business enterprises -- Computer networks -- Security measures.
|
|
Business enterprises -- Computer networks -- Security measures
|
|
Computer security
|
| Form |
Electronic book
|
| Author |
Haugli, Brian
|
| ISBN |
9781119816300 |
|
1119816300 |
|
