| Description |
1 online resource : illustrations |
| Series |
The expert's voice in cybersecurity |
|
Expert's voice in cybersecurity.
|
| Contents |
Machine generated contents note: ch. 1 Defining the Cybersecurity Challenge -- Cyberattacks of Today -- Sony Pictures Entertainment Breach of 2014 -- Advanced Persistent Threats -- Waves of Malware -- Types of Cyberattackers -- Commodity Threats -- Hacktivists -- Organized Crime -- Espionage -- Cyberwar -- Types of Cyberattacks -- Confidentiality: Steal Data -- Integrity: Modify Data (Steal Money) -- Availability: Deny Access -- Steps of a Cyberintrusion -- Attack Trees and Attack Graphs -- Lockheed Martin Kill Chain -- Mandiant Attack Life Cycle -- Enterprise Cybersecurity Attack Sequence -- Why Cyberintrusions Succeed -- Explosion in Connectivity -- Consolidation of Enterprise IT -- Defeat of Preventive Controls -- Failure of Detective Controls -- Compliance over Capability -- Gap in Cybersecurity Effectiveness -- New Cybersecurity Mindset -- Effective Enterprise Cybersecurity Program -- ch. 2 Meeting the Cybersecurity Challenge -- Cybersecurity Frameworks -- Cybersecurity Process -- Cybersecurity Challenges -- Risk Management Process -- Considering Vulnerabilities, Threats, and Risks -- Risk Analysis and Mitigation -- Cybersecurity Controls -- Cybersecurity Capabilities -- Cybersecurity and Enterprise IT -- Emplacing Cyberdefenses -- How Cyberdefenses Interconnect -- Enterprise Cybersecurity Architecture -- ch. 3 Enterprise Cybersecurity Architecture -- Systems Administration -- Systems Administration: Goal and Objectives -- Systems Administration: Threat Vectors -- Systems Administration: Capabilities -- Network Security -- Network Security: Goal and Objectives -- Network Security: Threat Vectors -- Network Security: Capabilities -- Application Security -- Application Security: Goal and Objectives -- Application Security: Threat Vectors -- Application Security: Capabilities -- Endpoint, Server, and Device Security -- Endpoint, Server, and Device Security: Goal and Objectives -- Endpoint, Server, and Device Security: Threat Vectors -- Endpoint, Server, and Device Security: Capabilities -- Identity, Authentication, and Access Management -- Identity, Authentication, and Access Management: Goal and Objectives -- Identity, Authentication, and Access Management: Threat Vectors -- Identity, Authentication, and Access Management: Capabilities -- Data Protection and Cryptography -- Data Protection and Cryptography: Goal and Objectives -- Data Protection and Cryptography: Threat Vectors -- Data Protection and Cryptography: Capabilities -- Monitoring, Vulnerability, and Patch Management -- Monitoring, Vulnerability, and Patch Management: Goal and Objectives -- Monitoring, Vulnerability, and Patch Management: Threat Vectors -- Monitoring, Vulnerability, and Patch Management: Capabilities -- High Availability, Disaster Recovery, and Physical Protection -- High Availability, Disaster Recovery, and Physical Protection: Goal and Objectives -- High Availability, Disaster Recovery, and Physical Protection: Threat Vectors -- High Availability, Disaster Recovery, and Physical Protection: Capabilities -- Incident Response -- Incident Response: Goal and Objectives -- Incident Response: Threat Vectors -- Incident Response: Capabilities -- Asset Management and Supply Chain -- Asset Management and Supply Chain: Goal and Objectives -- Asset Management and Supply Chain: Threat Vectors -- Asset Management and Supply Chain: Capabilities -- Policy, Audit, E-Discovery, and Training -- Policy, Audit, E-Discovery, and Training: Goal and Objectives -- Policy, Audit, E-Discovery, and Training: Threat Vectors -- Policy, Audit, E-Discovery, and Training: Capabilities -- ch. 4 Implementing Enterprise Cybersecurity -- IT Organization -- IT System Life Cycle -- Defining Security Policies -- Defining Security Scopes -- Eight Types of Security Scopes -- Considerations in Selecting Security Scopes -- Identifying Security Scopes -- Security Scopes for the Typical Enterprise -- Considerations in Selecting Security Scopes -- Selecting Security Controls -- Selecting Security Capabilities -- Selecting Security Technologies -- Considering Security Effectiveness -- ch. 5 Operating Enterprise Cybersecurity -- Operational Responsibilities -- Business (CIO, customers) -- Security (Cybersecurity) -- (IT) Strategy/Architecture -- (IT) Engineering -- (IT) Operations -- High-Level IT and Cybersecurity Processes -- IT Operational Process -- Risk Management Process -- Vulnerability Management and Incident Response Process -- Auditing and Deficiency Tracking Process -- Operational Processes and Information Systems -- Cybersecurity Operational Processes -- Supporting Information Systems -- Functional Area Operational Objectives -- Systems Administration -- Network Security -- Application Security -- Endpoint, Server, and Device Security -- Identity, Authentication, and Access Management -- Data Protection and Cryptography -- Monitoring, Vulnerability, and Patch Management -- High Availability, Disaster Recovery, and Physical Protection -- Incident Response -- Asset Management and Supply Chain -- Policy, Audit, E-Discovery, and Training -- ch. 6 Enterprise Cybersecurity and the Cloud -- Introducing the Cloud -- Cloud Protection Challenges -- Developer Operations (DevOps) and Developer Security Operations (DevSecOps) -- Scopes and Account Management -- Authentication -- Data Protection and Key Management -- Logging, Monitoring, and Investigations -- Reliability and Disaster Recovery -- Scale and Reliability -- Contracts and Agreements -- Planning Enterprise Cybersecurity for the Cloud -- Systems Administration -- Network Security -- Application Security -- Endpoint, Server, and Device Security -- Identity, Authentication, and Access Management -- Data Protection and Cryptography -- Monitoring, Vulnerability, and Patch Management -- High Availability, Disaster Recovery, and Physical Protection -- Incident Response -- Asset Management and Supply Chain -- Policy, Audit, E-Discovery, and Training -- ch. 7 Enterprise Cybersecurity for Mobile and BYOD -- Introducing Mobile and BYOD -- Challenges with Mobile and BYOD -- Legal Agreements for Data Protection -- Personal Use and Personal Data -- Mobile Platform -- Sensors and Location Awareness -- Always-On and Always-Connected -- Multi-Factor Authentication -- Mobile Device Management -- Enterprise Cybersecurity for Mobile and BYOD -- Systems Administration -- Network Security -- Application Security -- Endpoint, Server, and Device Security -- Identity, Authentication, and Access Management -- Data Protection and Cryptography -- Monitoring, Vulnerability, and Patch Management -- High Availability, Disaster Recovery, and Physical Protection -- Incident Response -- Asset Management and Supply Chain -- Policy, Audit, E-Discovery, and Training -- ch. 8 Building an Effective Defense -- Attacks Are as Easy as 1, 2, 3! -- Enterprise Attack Sequence in Detail -- Attack Sequence Step 1 Establish Foothold -- Attack Sequence Step 2 Command and Control -- Attack Sequence Step 3 Escalate Privileges -- Attack Sequence Step 4 Move Laterally -- Attack Sequence Step 5 Complete the Mission -- Why Security Fails Against Advanced Attacks -- Failure of Endpoint Security -- "Inevitability of 'the Click" Challenge -- Systems Administration Hierarchy -- Escalating Attacks and Defenses -- Business Challenges to Security -- Tension between Security and Productivity -- Maximum Allowable Risk -- Security Effectiveness over Time -- Security Total Cost of Ownership -- Philosophy of Effective Defense -- Mazes Versus Minefields -- Disrupt, Detect, Delay, Defeat -- Cybercastles -- Nested Defenses -- Elements of an Effective Cyberdefense -- Network Segmentation -- Strong Authentication -- Detection -- Incident Response -- Resiliency -- ch |
|
9 Responding to Incidents -- Incident Response Process -- Incident Response Step 1 Identify the Incident -- Incident Response Step 2 Investigate the Incident -- Incident Response Step 3 Collect Evidence -- Incident Response Step 4 Report the Results -- Incident Response Step 5 Contain the Incident -- Incident Response Step 6 Repair Gaps or Malfunctions -- Incident Response Step 7 Remediate Compromised Accounts, Computers, and Networks -- Incident Response Step 8 Validate Remediation and Strengthen Security Controls -- Incident Response Step 9 Report the Conclusion of the Incident -- Incident Response Step 10 Resume Normal IT Operations -- Supporting the Incident Response Process -- ch. 10 Managing a Cybersecurity Crisis -- Devastating Cyberattacks and "Falling Off the Cliff" -- Snowballing Incident -- Falling Off the Cliff -- Reporting to Senior Enterprise Leadership -- Calling for Help -- Keeping Calm and Carrying On -- Playing Baseball in a Hailstorm -- Communications Overload -- Decision-Making under Stress -- Asks Versus Needs: Eliciting Accurate Requirements and Guidance -- Observe Orient Decide Act (00DA) Loop -- Establishing an Operational Tempo -- Operating in Crisis Mode -- Managing the Recovery Process -- Cyber Hand-to-Hand Combat -- "Throwing Money at Problems" -- Identifying Resources and Resource Constraints -- Building a Resource-Driven Project Plan -- Maximizing Parallelism in Execution -- Taking Care of People -- Recovering Cybersecurity and IT Capabilities -- Building the Bridge While You Cross It -- Preparing to Rebuild and Restore -- Closing Critical Cybersecurity Gaps -- Establishing Interim IT Capabilities -- Conducting Prioritized IT Recovery and Cybersecurity Improvements |
|
Note continued: Establishing Full Operating Capabilities for IT and Cybersecurity -- Cybersecurity Versus IT Restoration -- Maximum Allowable Risk -- Ending the Crisis -- Resolving the Crisis -- Declaring the Crisis Remediated and Over -- After Action Review and Lessons Learned -- Establishing a "New Normal" Culture -- Being Prepared for the Future -- ch. 11 Assessing Enterprise Cybersecurity -- Cybersecurity Auditing Methodology -- Challenge of Proving Negatives -- Cybersecurity Audit Objectives -- Cybersecurity Audit Plans -- Audit Evidence Collection -- Audit Artifacts -- Audit Results -- Deficiency Tracking -- Reporting and Records Retention -- Cybersecurity Audit Types -- "Audit First" Design Methodology -- Threat Analysis -- Audit Controls -- Forensic Controls -- Detective Controls -- Preventive Controls -- Letting Audits Drive Control Design -- Enterprise Cybersecurity Assessments -- Level 1 Assessment: Focus on Risk Mitigations -- Level 2 Assessment: Focus on Functional Areas -- Level 3 Assessment: Focus on Security Capabilities -- Level 4 Assessment: Focus on Controls, Technologies, and Processes -- Audit Deficiency Management -- ch. 12 Measuring a Cybersecurity Program -- Cybersecurity Measurement -- Cybersecurity Program Measurement -- OM Step 1 Define the Question(s) to Be Answered -- OM Step 2 Select Appropriate Objects to Measure -- OM Step 3 For Each Object, Define the Object Characteristics to Measure -- OM Step 4 For Each Characteristic, Create a Value Scale -- OM Step 5 Measure Each Characteristic Using the Value Scale -- OM Step 6 Calculate the Overall Cybersecurity Program Assessment Index Using Object Measurement -- Visualizing Cybersecurity Assessment Scores -- Cybersecurity Measurement Summary -- ch. 13 Mapping Against Cybersecurity Frameworks -- Looking at Control Frameworks -- Clearly Defining "Controls" -- Mapping Against External Frameworks -- Assessment Audit and Security Scopes -- IT Systems and Security Controls -- Balancing Prevention with Detection and Response -- Security Capabilities, Technologies, and Processes -- Validation Audit and Reporting -- One Audit, Many Results -- Audit Report Mapping -- Deficiency Tracking and Management -- ch. 14 Managing an Enterprise Cybersecurity Program -- Enterprise Cybersecurity Program Management -- Cybersecurity Program Step 1 Assess Assets, Threats, and Risks -- Cybersecurity Program Step 2 Identify Security Scopes -- Cybersecurity Program Step 3 Assess Risk Mitigations, Capabilities by Functional Area, and Security Operations -- Cybersecurity Program Step 4 Identify Target Security Levels -- Cybersecurity Program Step 5 Identify Deficient Areas -- Cybersecurity Program Step 6 Prioritize Remediation and Improvements -- Cybersecurity Program Step 7 Resource and Execute Improvements -- Cybersecurity Program Step 8 Collect Operational Metrics -- Cybersecurity Program Step 9 Return to Step 1 -- Assessing Security Status -- Cybersecurity Program Step 3 Assess Risk Mitigations, Capabilities, and Security Operations -- Cybersecurity Program Step 4 Identify Target Security Levels -- Cybersecurity Program Step 5 Identify Deficient Areas -- Cybersecurity Program Step 6 Prioritize Remediation and Improvements -- Analyzing Enterprise Cybersecurity Improvements -- Considering Types of Improvements -- Considering Threat Scenarios -- Examining Cybersecurity Assessment Scores across Multiple Scopes -- Considering Improvement Opportunities across Multiple Scopes -- Considering "Bang for the Buck" -- Prioritizing Improvement Projects -- Immediate: Executing -- This Year: Preparing -- Next Year: Resourcing -- Future: Prioritizing -- Updating Priority Lists -- Tracking Cybersecurity Project Results -- Visualizing Cybersecurity Program Assessment Scores -- Measuring Cybersecurity Program Assessment Scores over Time -- ch |
|
15 Looking to the Future -- Power of Enterprise Cybersecurity Architecture -- Evolution of Cyberattack and Defense -- Before the Internet -- Generation 1 Hardening the Host -- Generation 2 Protecting the Network -- Generation 3 Layered Defense and Active Response -- Generation 4 Automated Response -- Generation 5 Biological Defense -- Cybergenerations Moving Down Market -- Future Cybersecurity Evolution -- Evolving Enterprise Cybersecurity over Time -- Enterprise Cybersecurity Implementation Considerations -- Tailoring Cybersecurity Assessments -- Evolution of Enterprise Cybersecurity Capabilities -- Evolution of Enterprise Cybersecurity Functional Areas -- Final Thoughts -- Appendix A: Common Cyberattacks -- 1. Phishing/Spearphishing -- 2. Drive-By/Watering Hole/Malvertising -- 3. Code Injection/Webshell -- 4. Keylogging/Session Hijacking -- 5. Pass-the-Hash and Pass-the-Ticket -- 6. Credential Harvesting -- 7. Gate-Crashing -- 8. Malware/Botnet -- 9. Distributed Denial-of-Service (DDoS) -- 10. Identity Theft -- 11. Industrial Espionage -- 12. Pickpocket -- 13. Bank Heist -- 14. Ransomware -- 15. Webnapping -- 16. Hijacking -- 17. Decapitation -- 18. Sabotage -- 19. Sniper/Laser/Smart Bomb -- 20. Smokeout/Lockout -- 21. Infestation/Whack-a-Mole -- 22. Burndown -- 23. Meltdown -- 24. Defamation -- 25. Graffiti -- 26. Smokescreen/Diversion -- 27. Fizzle -- Appendix B: Cybersecurity Frameworks -- (ISC)2 Common Body of Knowledge (CBK) -- ISO 27001/27002 Version 2013 -- ISO 27001/27002 Version 2005 -- NIST SP800-53 Revisions 3 and 4 -- NIST Cybersecurity Framework (2014) -- DHS Cyber Resilience Review (CRR) -- Council on CyberSecurity Critical Security Controls -- Australian DSD Strategies to Mitigate Targeted Cyberintrusions -- PCI DSS Version 3.0 -- HIPAA Security Rule -- HITRUST Common Security Framework (CSF) -- NERC CIP Cyber Security Version 5 -- NERC CIP Cyber Security Version 3 -- Appendix C: Enterprise Cybersecurity Capabilities -- Systems Administration (SA) -- Network Security (NS) -- Application Security (AS) -- Endpoint, Server, and Device Security (ESDS) -- Identity, Authentication, and Access Management (IAAM) -- Data Protection and Cryptography (DPC) -- Monitoring, Vulnerability, and Patch Management (MVPM) -- High Availability, Disaster Recovery, and Physical Protection (HADRPP) -- Incident Response (IR) -- Asset Management and Supply Chain (AMSC) -- Policy, Audit, E-Discovery, and Training (PAET) -- References -- Appendix D: Sample Cybersecurity Policy -- Policy -- Appendix E: Cybersecurity Operational Processes -- Supporting Information Systems -- 1. Policies and Policy Exception Management -- 2. Project and Change Security Reviews -- 3. Risk Management -- 4. Control Management -- 5. Auditing and Deficiency Tracking -- 6. Asset Inventory and Audit -- 7. Change Control -- 8. Configuration Management Database Re-certification -- 9. Supplier Reviews and Risk Assessments -- 10. Cyberintrusion Response -- 11. All-Hazards Emergency Preparedness Exercises -- 12. Vulnerability Scanning, Tracking, and Management -- 13. Patch Management and Deployment -- 14. Security Monitoring -- 15. Password and Key Management -- 16. Account and Access Periodic Re-certification -- 17. Privileged Account Activity Audit -- Appendix F: Object Measurement -- OM Index Equation -- OM Steps -- OM Value Scales -- Expert Judgment OM Example -- Observed Data OM Example -- OM Measurement Map -- Other Cybersecurity-Related Measurements -- Appendix G: Cybersecurity Capability Value Scales -- Systems Administration (SA) -- Network Security (NS) -- Application Security (AS) -- Endpoint, Server, and Device Security (ESDS) -- Identity, Authentication, and Access Management (IAAM) -- Data Protection and Cryptography (DPC) -- Monitoring, Vulnerability, and Patch Management (MVPM) -- High Availability, Disaster Recovery, and Physical Protection (HADRPP) -- Incident Response (IR) -- Asset Management and Supply Chain (AMSC) -- Policy, Audit, E-Discovery, and Training (PAET) -- Appendix H: Cybersecurity Sample Assessment -- Sample Assessment Scope and Methodology -- Level 1 Assessment: Focus on Risk Mitigations -- Level 2 Assessment: Focus on Functional Areas -- Level 3 Assessment: Focus on Capabilities -- Appendix I: Network Segmentation -- Legacy Network -- Protecting the Security Infrastructure -- Watertight Compartments -- Systems Administration -- Applications -- Web Traffic -- Network Segmentation Summary |
| Summary |
Enterprise Cybersecurity empowers organizations of all sizes to defend themselves with next-generation cybersecurity programs against the escalating threat of modern targeted cyberattacks. This book presents a comprehensive framework for managing all aspects of an enterprise cybersecurity program. It enables an enterprise to architect, design, implement, and operate a coherent cybersecurity program that is seamlessly coordinated with policy, programmatics, IT life cycle, and assessment. Fail-safe cyberdefense is a pipe dream. Given sufficient time, an intelligent attacker can eventually defeat defensive measures protecting an enterprise?s computer systems and IT networks. To prevail, an enterprise cybersecurity program must manage risk by detecting attacks early enough and delaying them long enough that the defenders have time to respond effectively. Enterprise Cybersecurity shows players at all levels of responsibility how to unify their organization?s people, budgets, technologies, and processes into a cost-efficient cybersecurity program capable of countering advanced cyberattacks and containing damage in the event of a breach. The authors of Enterprise Cybersecurity explain at both strategic and tactical levels how to accomplish the mission of leading, designing, deploying, operating, managing, and supporting cybersecurity capabilities in an enterprise environment. The authors are recognized experts and thought leaders in this rapidly evolving field, drawing on decades of collective experience in cybersecurity and IT. In capacities ranging from executive strategist to systems architect to cybercombatant, Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, and Abdul Aslam have fought on the front lines of cybersecurity against advanced persistent threats to government, military, and business entities |
| Analysis |
computerwetenschappen |
|
computer sciences |
|
gegevensbeheer |
|
data management |
|
Information and Communication Technology (General) |
|
Informatie- en communicatietechnologie (algemeen) |
| Bibliography |
Includes bibliographical references and index |
| Notes |
English |
|
Online resource; title from PDF title page (EBSCO, viewed May 28, 2015) |
| Subject |
Internet -- Security measures
|
|
Computer security
|
|
computer science.
|
|
data processing.
|
|
Data encryption.
|
|
Computer security.
|
|
COMPUTERS -- Security -- General.
|
|
Computer security
|
|
Internet -- Security measures
|
| Genre/Form |
dissertations.
|
|
Academic theses
|
|
Academic theses.
|
|
Thèses et écrits académiques.
|
| Form |
Electronic book
|
| Author |
Siegel, Stanley G., author.
|
|
Williams, Chris K., author
|
|
Aslam, Abdul, author
|
| ISBN |
9781430260837 |
|
1430260831 |
|
1430260823 |
|
9781430260820 |
|
