A CISO guide to cyber resilience: a how-to guide for every CISO to build a resilient security program
Gespeichert in:
| Hauptverfasser: | , |
|---|---|
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Birmingham
Packt Publishing, Limited
2024
|
| Ausgabe: | 1st edition |
| Schlagworte: | |
| Online-Zugang: | DE-2070s DE-706 Volltext |
| Beschreibung: | Description based on publisher supplied metadata and other sources |
| Beschreibung: | 1 Online-Ressource (239 Seiten) |
| ISBN: | 9781835461037 |
Internformat
MARC
| LEADER | 00000nmm a2200000zc 4500 | ||
|---|---|---|---|
| 001 | BV049876556 | ||
| 003 | DE-604 | ||
| 005 | 20241106 | ||
| 007 | cr|uuu---uuuuu | ||
| 008 | 240919s2024 |||| o||u| ||||||eng d | ||
| 020 | |a 9781835461037 |9 978-1-83546-103-7 | ||
| 035 | |a (ZDB-30-PQE)EBC31255741 | ||
| 035 | |a (ZDB-30-PAD)EBC31255741 | ||
| 035 | |a (ZDB-89-EBL)EBL31255741 | ||
| 035 | |a (ZDB-221-PCR)9781835461037 | ||
| 035 | |a (OCoLC)1429664108 | ||
| 035 | |a (DE-599)BVBBV049876556 | ||
| 040 | |a DE-604 |b ger |e rda | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-2070s |a DE-706 | ||
| 082 | 0 | |a 658.478 | |
| 100 | 1 | |a Baker, Debra |e Verfasser |4 aut | |
| 245 | 1 | 0 | |a A CISO guide to cyber resilience |b a how-to guide for every CISO to build a resilient security program |
| 250 | |a 1st edition | ||
| 264 | 1 | |a Birmingham |b Packt Publishing, Limited |c 2024 | |
| 264 | 4 | |c © 2024 | |
| 300 | |a 1 Online-Ressource (239 Seiten) | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b c |2 rdamedia | ||
| 338 | |b cr |2 rdacarrier | ||
| 500 | |a Description based on publisher supplied metadata and other sources | ||
| 505 | 8 | |a Cover -- Title Page -- Copyright and Credits -- Foreword -- Contributors -- Table of Contents -- Preface -- Part 1: Attack on BigCo -- Chapter 1: The Attack on BigCo -- BigCo - the attack -- BigCo - cross-team co-ordination -- BigCo - recovery -- BigCo - the anatomy of an attack -- Summary -- Part 2: Security Resilience: Getting the Basics Down -- Chapter 2: Identity and Access Management -- Two-factor authentication and why you need it -- Something you know -- Something you are -- Something you have -- Password complexity and NIST 800-63-3B -- Application security -- Password manager -- Quick reference -- Summary -- Chapter 3: Security Policies -- Where are your policies, and are they being used? -- Compliance begins with laws and regulations -- Nortel hack -- Importance of Due diligence -- Summary -- Chapter 4: Security and Risk Management -- What is risk management? -- Identifying risks -- Risk assessment -- Monitoring your controls -- Key performance indicators (KPIs) -- Quick reference -- Summary -- Chapter 5: Securing Your Endpoints -- Antivirus/anti-malware -- Virtual private network (VPN) -- What is phishing? -- Moving to remote work -- LastPass hack -- Testing your home firewall -- Network access control (NAC) and Zero Trust -- Application firewall -- Mirai botnet -- Securing your browser -- Turning on your application firewall -- Okta hack -- Quick reference for endpoint security -- Summary -- Chapter 6: Data Safeguarding -- Offline backups -- Testing your backups -- Cryptographic hashing -- Availability in the cloud -- Business continuity -- Recovery time objective (RTO) -- Recovery point objective (RPO) -- Maximum tolerable downtime (MTD) -- Succession planning -- AWS DDOS attack -- Disaster recovery -- Redundancy in architecture -- Disaster recovery roles and responsibilities -- Testing disaster recovery -- Summary | |
| 505 | 8 | |a Chapter 7: Security Awareness Culture -- Security awareness training is foundational -- Security is everyone's responsibility -- Materiality assessment -- Disclosure requirements -- Governance and management -- Third-party involvement -- Security awareness training is mandatory and tracked -- Chapter 8: Vulnerability Management -- What are software vulnerabilities? -- Common Vulnerabilities and Exposures -- What is the NIST definition of software vulnerabilities? -- CVSS -- Common Weakness Enumeration -- Known Exploited Vulnerabilities -- CVE, CWE, and KEV -- What we're up against -- Prioritizing your remediations -- CISA's KEV Catalog -- CVSS metric - Attack Vector -- CVSS metric - Attack Complexity -- CVSS metric - Privileges Required -- CVE priority -- Starting with vulnerability scans -- Making it fun -- In the cloud -- Securing your code -- IaC -- SAST -- DAST -- IAST -- Software composition analysis -- OWASP -- Summary -- Chapter 9: Asset Inventory -- Asset inventory -- Identifying your assets -- What is the NIST definition of asset inventory? -- Automating your asset inventory -- Change management -- NIST security-focused change management -- Phase 1 - Planning -- Phase 2 - Identifying and implementing configurations -- Phase 3 - Controlling configuration changes -- Phase 4 - Monitoring -- Mobile device management (MDM) -- Knowing your network -- Quick reference for asset management -- Summary -- Chapter 10: Data Protection -- Encrypt your data! -- Introduction to encryption -- History of encryption -- Encryption basics -- Encrypted data means there is no breach! -- What is PII? It depends... -- NIST's definition of PII -- Third-party risk management -- SolarWinds attack -- Vendor management policy -- Vendor management contract clauses -- Critical vendors -- Train your staff -- Vendor risk rating -- Data loss protection | |
| 505 | 8 | |a Insider threats - the hidden danger -- Quick reference for data protection -- Summary -- Part 3: Security Resilience: Taking Your Security Program to the Next Level -- Chapter 11: Taking Your Endpoint Security to the Next Level -- Endpoint detection and response (EDR) - Focusing on the "R" -- Managed detection and response (MDR) -- Extended detection and response (XDR) -- SOAR -- Cloud security posture management (CSPM)/Cloud-native application protection program (CNAPP) -- What is CSPM/CNAPP? -- Zero trust vs. software-defined perimeter -- How a typical TLS session works -- What is mutual authentication? -- DNS protection -- What do DNS protections provide? -- Quick reference for zero trust -- Summary -- Chapter 12: Secure Configuration Baseline -- Security baseline -- What compliance does your company have to meet? -- System and Organizational Controls (SOC) 2 -- International Standard Organization (ISO) 27001 -- North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) -- Cybersecurity Maturity Model Certification (CMMC) -- NIST 800-171 vs. CMMC -- SOC 1 -- Sarbanes-Oxley Act (SOX) -- Payment Card Industry Data Security Standard (PCI-DSS) -- Health Insurance Portability and Accountability Act (HIPAA) -- Health Information Technology for Economic and Clinical Health (HITECH) -- HITRUST -- NIST 800-53 - One framework to rule them all -- Creating your security baseline -- Quick reference for creating a security baseline -- Summary -- Chapter 13: Classify Your Data and Assets -- Start with your data -- Shared Responsibility Model -- Classifying your assets -- Monitoring -- Subnetting -- Segmentation -- Sony hack -- Quick reference for securing critical assets -- Summary -- Chapter 14: Cyber Resilience in the Age of Artificial Intelligence (AI) -- ChatGPT -- Securing ChatGPT -- What can go wrong with ChatGPT? | |
| 505 | 8 | |a Artificial intelligence (AI) -- Machine learning (ML) -- Natural language processing (NLP) -- Deep learning (DL) -- Generative AI (Gen AI) -- What is responsible AI? -- EU AI Act -- Secure AI framework (SAIF) -- AI and cybersecurity - The good, the bad, and the ugly -- The good -- The bad -- The ugly -- AI bias -- Systematic bias -- Statistical bias -- Human bias -- NIST AI RMF -- Summary -- Index -- Other Books You May Enjoy | |
| 650 | 4 | |a Business enterprises-Computer networks-Security measures | |
| 650 | 4 | |a Computer security | |
| 700 | 1 | |a Rothrock, Ray |e Verfasser |4 aut | |
| 776 | 0 | 8 | |i Erscheint auch als |n Druck-Ausgabe |a Baker, Debra |t A CISO Guide to Cyber Resilience |d Birmingham : Packt Publishing, Limited,c2024 |z 9781835466926 |
| 856 | 4 | 0 | |u https://portal.igpublish.com/iglibrary/search/PACKT0007157.html |x Verlag |z URL des Erstveröffentlichers |3 Volltext |
| 912 | |a ZDB-30-PQE |a ZDB-221-PCR | ||
| 943 | 1 | |a oai:aleph.bib-bvb.de:BVB01-035216006 | |
| 966 | e | |u https://ebookcentral.proquest.com/lib/hwr/detail.action?docID=31255741 |l DE-2070s |p ZDB-30-PQE |q HWR_PDA_PQE |x Aggregator |3 Volltext | |
| 966 | e | |u https://portal.igpublish.com/iglibrary/search/PACKT0007157.html |l DE-706 |p ZDB-221-PCR |x Verlag |3 Volltext | |
Datensatz im Suchindex
| _version_ | 1814963055817129984 |
|---|---|
| adam_text | |
| any_adam_object | |
| author | Baker, Debra Rothrock, Ray |
| author_facet | Baker, Debra Rothrock, Ray |
| author_role | aut aut |
| author_sort | Baker, Debra |
| author_variant | d b db r r rr |
| building | Verbundindex |
| bvnumber | BV049876556 |
| collection | ZDB-30-PQE ZDB-221-PCR |
| contents | Cover -- Title Page -- Copyright and Credits -- Foreword -- Contributors -- Table of Contents -- Preface -- Part 1: Attack on BigCo -- Chapter 1: The Attack on BigCo -- BigCo - the attack -- BigCo - cross-team co-ordination -- BigCo - recovery -- BigCo - the anatomy of an attack -- Summary -- Part 2: Security Resilience: Getting the Basics Down -- Chapter 2: Identity and Access Management -- Two-factor authentication and why you need it -- Something you know -- Something you are -- Something you have -- Password complexity and NIST 800-63-3B -- Application security -- Password manager -- Quick reference -- Summary -- Chapter 3: Security Policies -- Where are your policies, and are they being used? -- Compliance begins with laws and regulations -- Nortel hack -- Importance of Due diligence -- Summary -- Chapter 4: Security and Risk Management -- What is risk management? -- Identifying risks -- Risk assessment -- Monitoring your controls -- Key performance indicators (KPIs) -- Quick reference -- Summary -- Chapter 5: Securing Your Endpoints -- Antivirus/anti-malware -- Virtual private network (VPN) -- What is phishing? -- Moving to remote work -- LastPass hack -- Testing your home firewall -- Network access control (NAC) and Zero Trust -- Application firewall -- Mirai botnet -- Securing your browser -- Turning on your application firewall -- Okta hack -- Quick reference for endpoint security -- Summary -- Chapter 6: Data Safeguarding -- Offline backups -- Testing your backups -- Cryptographic hashing -- Availability in the cloud -- Business continuity -- Recovery time objective (RTO) -- Recovery point objective (RPO) -- Maximum tolerable downtime (MTD) -- Succession planning -- AWS DDOS attack -- Disaster recovery -- Redundancy in architecture -- Disaster recovery roles and responsibilities -- Testing disaster recovery -- Summary Chapter 7: Security Awareness Culture -- Security awareness training is foundational -- Security is everyone's responsibility -- Materiality assessment -- Disclosure requirements -- Governance and management -- Third-party involvement -- Security awareness training is mandatory and tracked -- Chapter 8: Vulnerability Management -- What are software vulnerabilities? -- Common Vulnerabilities and Exposures -- What is the NIST definition of software vulnerabilities? -- CVSS -- Common Weakness Enumeration -- Known Exploited Vulnerabilities -- CVE, CWE, and KEV -- What we're up against -- Prioritizing your remediations -- CISA's KEV Catalog -- CVSS metric - Attack Vector -- CVSS metric - Attack Complexity -- CVSS metric - Privileges Required -- CVE priority -- Starting with vulnerability scans -- Making it fun -- In the cloud -- Securing your code -- IaC -- SAST -- DAST -- IAST -- Software composition analysis -- OWASP -- Summary -- Chapter 9: Asset Inventory -- Asset inventory -- Identifying your assets -- What is the NIST definition of asset inventory? -- Automating your asset inventory -- Change management -- NIST security-focused change management -- Phase 1 - Planning -- Phase 2 - Identifying and implementing configurations -- Phase 3 - Controlling configuration changes -- Phase 4 - Monitoring -- Mobile device management (MDM) -- Knowing your network -- Quick reference for asset management -- Summary -- Chapter 10: Data Protection -- Encrypt your data! -- Introduction to encryption -- History of encryption -- Encryption basics -- Encrypted data means there is no breach! -- What is PII? It depends... -- NIST's definition of PII -- Third-party risk management -- SolarWinds attack -- Vendor management policy -- Vendor management contract clauses -- Critical vendors -- Train your staff -- Vendor risk rating -- Data loss protection Insider threats - the hidden danger -- Quick reference for data protection -- Summary -- Part 3: Security Resilience: Taking Your Security Program to the Next Level -- Chapter 11: Taking Your Endpoint Security to the Next Level -- Endpoint detection and response (EDR) - Focusing on the "R" -- Managed detection and response (MDR) -- Extended detection and response (XDR) -- SOAR -- Cloud security posture management (CSPM)/Cloud-native application protection program (CNAPP) -- What is CSPM/CNAPP? -- Zero trust vs. software-defined perimeter -- How a typical TLS session works -- What is mutual authentication? -- DNS protection -- What do DNS protections provide? -- Quick reference for zero trust -- Summary -- Chapter 12: Secure Configuration Baseline -- Security baseline -- What compliance does your company have to meet? -- System and Organizational Controls (SOC) 2 -- International Standard Organization (ISO) 27001 -- North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) -- Cybersecurity Maturity Model Certification (CMMC) -- NIST 800-171 vs. CMMC -- SOC 1 -- Sarbanes-Oxley Act (SOX) -- Payment Card Industry Data Security Standard (PCI-DSS) -- Health Insurance Portability and Accountability Act (HIPAA) -- Health Information Technology for Economic and Clinical Health (HITECH) -- HITRUST -- NIST 800-53 - One framework to rule them all -- Creating your security baseline -- Quick reference for creating a security baseline -- Summary -- Chapter 13: Classify Your Data and Assets -- Start with your data -- Shared Responsibility Model -- Classifying your assets -- Monitoring -- Subnetting -- Segmentation -- Sony hack -- Quick reference for securing critical assets -- Summary -- Chapter 14: Cyber Resilience in the Age of Artificial Intelligence (AI) -- ChatGPT -- Securing ChatGPT -- What can go wrong with ChatGPT? Artificial intelligence (AI) -- Machine learning (ML) -- Natural language processing (NLP) -- Deep learning (DL) -- Generative AI (Gen AI) -- What is responsible AI? -- EU AI Act -- Secure AI framework (SAIF) -- AI and cybersecurity - The good, the bad, and the ugly -- The good -- The bad -- The ugly -- AI bias -- Systematic bias -- Statistical bias -- Human bias -- NIST AI RMF -- Summary -- Index -- Other Books You May Enjoy |
| ctrlnum | (ZDB-30-PQE)EBC31255741 (ZDB-30-PAD)EBC31255741 (ZDB-89-EBL)EBL31255741 (ZDB-221-PCR)9781835461037 (OCoLC)1429664108 (DE-599)BVBBV049876556 |
| dewey-full | 658.478 |
| dewey-hundreds | 600 - Technology (Applied sciences) |
| dewey-ones | 658 - General management |
| dewey-raw | 658.478 |
| dewey-search | 658.478 |
| dewey-sort | 3658.478 |
| dewey-tens | 650 - Management and auxiliary services |
| discipline | Wirtschaftswissenschaften |
| edition | 1st edition |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>00000nmm a2200000zc 4500</leader><controlfield tag="001">BV049876556</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20241106</controlfield><controlfield tag="007">cr|uuu---uuuuu</controlfield><controlfield tag="008">240919s2024 |||| o||u| ||||||eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781835461037</subfield><subfield code="9">978-1-83546-103-7</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-30-PQE)EBC31255741</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-30-PAD)EBC31255741</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-89-EBL)EBL31255741</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-221-PCR)9781835461037</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1429664108</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV049876556</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-2070s</subfield><subfield code="a">DE-706</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">658.478</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Baker, Debra</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">A CISO guide to cyber resilience</subfield><subfield code="b">a how-to guide for every CISO to build a resilient security program</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">1st edition</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Birmingham</subfield><subfield code="b">Packt Publishing, Limited</subfield><subfield code="c">2024</subfield></datafield><datafield tag="264" ind1=" " ind2="4"><subfield code="c">© 2024</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource (239 Seiten)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Description based on publisher supplied metadata and other sources</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Cover -- Title Page -- Copyright and Credits -- Foreword -- Contributors -- Table of Contents -- Preface -- Part 1: Attack on BigCo -- Chapter 1: The Attack on BigCo -- BigCo - the attack -- BigCo - cross-team co-ordination -- BigCo - recovery -- BigCo - the anatomy of an attack -- Summary -- Part 2: Security Resilience: Getting the Basics Down -- Chapter 2: Identity and Access Management -- Two-factor authentication and why you need it -- Something you know -- Something you are -- Something you have -- Password complexity and NIST 800-63-3B -- Application security -- Password manager -- Quick reference -- Summary -- Chapter 3: Security Policies -- Where are your policies, and are they being used? -- Compliance begins with laws and regulations -- Nortel hack -- Importance of Due diligence -- Summary -- Chapter 4: Security and Risk Management -- What is risk management? -- Identifying risks -- Risk assessment -- Monitoring your controls -- Key performance indicators (KPIs) -- Quick reference -- Summary -- Chapter 5: Securing Your Endpoints -- Antivirus/anti-malware -- Virtual private network (VPN) -- What is phishing? -- Moving to remote work -- LastPass hack -- Testing your home firewall -- Network access control (NAC) and Zero Trust -- Application firewall -- Mirai botnet -- Securing your browser -- Turning on your application firewall -- Okta hack -- Quick reference for endpoint security -- Summary -- Chapter 6: Data Safeguarding -- Offline backups -- Testing your backups -- Cryptographic hashing -- Availability in the cloud -- Business continuity -- Recovery time objective (RTO) -- Recovery point objective (RPO) -- Maximum tolerable downtime (MTD) -- Succession planning -- AWS DDOS attack -- Disaster recovery -- Redundancy in architecture -- Disaster recovery roles and responsibilities -- Testing disaster recovery -- Summary</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Chapter 7: Security Awareness Culture -- Security awareness training is foundational -- Security is everyone's responsibility -- Materiality assessment -- Disclosure requirements -- Governance and management -- Third-party involvement -- Security awareness training is mandatory and tracked -- Chapter 8: Vulnerability Management -- What are software vulnerabilities? -- Common Vulnerabilities and Exposures -- What is the NIST definition of software vulnerabilities? -- CVSS -- Common Weakness Enumeration -- Known Exploited Vulnerabilities -- CVE, CWE, and KEV -- What we're up against -- Prioritizing your remediations -- CISA's KEV Catalog -- CVSS metric - Attack Vector -- CVSS metric - Attack Complexity -- CVSS metric - Privileges Required -- CVE priority -- Starting with vulnerability scans -- Making it fun -- In the cloud -- Securing your code -- IaC -- SAST -- DAST -- IAST -- Software composition analysis -- OWASP -- Summary -- Chapter 9: Asset Inventory -- Asset inventory -- Identifying your assets -- What is the NIST definition of asset inventory? -- Automating your asset inventory -- Change management -- NIST security-focused change management -- Phase 1 - Planning -- Phase 2 - Identifying and implementing configurations -- Phase 3 - Controlling configuration changes -- Phase 4 - Monitoring -- Mobile device management (MDM) -- Knowing your network -- Quick reference for asset management -- Summary -- Chapter 10: Data Protection -- Encrypt your data! -- Introduction to encryption -- History of encryption -- Encryption basics -- Encrypted data means there is no breach! -- What is PII? It depends... -- NIST's definition of PII -- Third-party risk management -- SolarWinds attack -- Vendor management policy -- Vendor management contract clauses -- Critical vendors -- Train your staff -- Vendor risk rating -- Data loss protection</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Insider threats - the hidden danger -- Quick reference for data protection -- Summary -- Part 3: Security Resilience: Taking Your Security Program to the Next Level -- Chapter 11: Taking Your Endpoint Security to the Next Level -- Endpoint detection and response (EDR) - Focusing on the "R" -- Managed detection and response (MDR) -- Extended detection and response (XDR) -- SOAR -- Cloud security posture management (CSPM)/Cloud-native application protection program (CNAPP) -- What is CSPM/CNAPP? -- Zero trust vs. software-defined perimeter -- How a typical TLS session works -- What is mutual authentication? -- DNS protection -- What do DNS protections provide? -- Quick reference for zero trust -- Summary -- Chapter 12: Secure Configuration Baseline -- Security baseline -- What compliance does your company have to meet? -- System and Organizational Controls (SOC) 2 -- International Standard Organization (ISO) 27001 -- North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) -- Cybersecurity Maturity Model Certification (CMMC) -- NIST 800-171 vs. CMMC -- SOC 1 -- Sarbanes-Oxley Act (SOX) -- Payment Card Industry Data Security Standard (PCI-DSS) -- Health Insurance Portability and Accountability Act (HIPAA) -- Health Information Technology for Economic and Clinical Health (HITECH) -- HITRUST -- NIST 800-53 - One framework to rule them all -- Creating your security baseline -- Quick reference for creating a security baseline -- Summary -- Chapter 13: Classify Your Data and Assets -- Start with your data -- Shared Responsibility Model -- Classifying your assets -- Monitoring -- Subnetting -- Segmentation -- Sony hack -- Quick reference for securing critical assets -- Summary -- Chapter 14: Cyber Resilience in the Age of Artificial Intelligence (AI) -- ChatGPT -- Securing ChatGPT -- What can go wrong with ChatGPT?</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Artificial intelligence (AI) -- Machine learning (ML) -- Natural language processing (NLP) -- Deep learning (DL) -- Generative AI (Gen AI) -- What is responsible AI? -- EU AI Act -- Secure AI framework (SAIF) -- AI and cybersecurity - The good, the bad, and the ugly -- The good -- The bad -- The ugly -- AI bias -- Systematic bias -- Statistical bias -- Human bias -- NIST AI RMF -- Summary -- Index -- Other Books You May Enjoy</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Business enterprises-Computer networks-Security measures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Rothrock, Ray</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Druck-Ausgabe</subfield><subfield code="a">Baker, Debra</subfield><subfield code="t">A CISO Guide to Cyber Resilience</subfield><subfield code="d">Birmingham : Packt Publishing, Limited,c2024</subfield><subfield code="z">9781835466926</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://portal.igpublish.com/iglibrary/search/PACKT0007157.html</subfield><subfield code="x">Verlag</subfield><subfield code="z">URL des Erstveröffentlichers</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-PQE</subfield><subfield code="a">ZDB-221-PCR</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-035216006</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">https://ebookcentral.proquest.com/lib/hwr/detail.action?docID=31255741</subfield><subfield code="l">DE-2070s</subfield><subfield code="p">ZDB-30-PQE</subfield><subfield code="q">HWR_PDA_PQE</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">https://portal.igpublish.com/iglibrary/search/PACKT0007157.html</subfield><subfield code="l">DE-706</subfield><subfield code="p">ZDB-221-PCR</subfield><subfield code="x">Verlag</subfield><subfield code="3">Volltext</subfield></datafield></record></collection> |
| id | DE-604.BV049876556 |
| illustrated | Not Illustrated |
| indexdate | 2024-11-06T09:00:51Z |
| institution | BVB |
| isbn | 9781835461037 |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-035216006 |
| oclc_num | 1429664108 |
| open_access_boolean | |
| owner | DE-2070s DE-706 |
| owner_facet | DE-2070s DE-706 |
| physical | 1 Online-Ressource (239 Seiten) |
| psigel | ZDB-30-PQE ZDB-221-PCR ZDB-30-PQE HWR_PDA_PQE |
| publishDate | 2024 |
| publishDateSearch | 2024 |
| publishDateSort | 2024 |
| publisher | Packt Publishing, Limited |
| record_format | marc |
| spelling | Baker, Debra Verfasser aut A CISO guide to cyber resilience a how-to guide for every CISO to build a resilient security program 1st edition Birmingham Packt Publishing, Limited 2024 © 2024 1 Online-Ressource (239 Seiten) txt rdacontent c rdamedia cr rdacarrier Description based on publisher supplied metadata and other sources Cover -- Title Page -- Copyright and Credits -- Foreword -- Contributors -- Table of Contents -- Preface -- Part 1: Attack on BigCo -- Chapter 1: The Attack on BigCo -- BigCo - the attack -- BigCo - cross-team co-ordination -- BigCo - recovery -- BigCo - the anatomy of an attack -- Summary -- Part 2: Security Resilience: Getting the Basics Down -- Chapter 2: Identity and Access Management -- Two-factor authentication and why you need it -- Something you know -- Something you are -- Something you have -- Password complexity and NIST 800-63-3B -- Application security -- Password manager -- Quick reference -- Summary -- Chapter 3: Security Policies -- Where are your policies, and are they being used? -- Compliance begins with laws and regulations -- Nortel hack -- Importance of Due diligence -- Summary -- Chapter 4: Security and Risk Management -- What is risk management? -- Identifying risks -- Risk assessment -- Monitoring your controls -- Key performance indicators (KPIs) -- Quick reference -- Summary -- Chapter 5: Securing Your Endpoints -- Antivirus/anti-malware -- Virtual private network (VPN) -- What is phishing? -- Moving to remote work -- LastPass hack -- Testing your home firewall -- Network access control (NAC) and Zero Trust -- Application firewall -- Mirai botnet -- Securing your browser -- Turning on your application firewall -- Okta hack -- Quick reference for endpoint security -- Summary -- Chapter 6: Data Safeguarding -- Offline backups -- Testing your backups -- Cryptographic hashing -- Availability in the cloud -- Business continuity -- Recovery time objective (RTO) -- Recovery point objective (RPO) -- Maximum tolerable downtime (MTD) -- Succession planning -- AWS DDOS attack -- Disaster recovery -- Redundancy in architecture -- Disaster recovery roles and responsibilities -- Testing disaster recovery -- Summary Chapter 7: Security Awareness Culture -- Security awareness training is foundational -- Security is everyone's responsibility -- Materiality assessment -- Disclosure requirements -- Governance and management -- Third-party involvement -- Security awareness training is mandatory and tracked -- Chapter 8: Vulnerability Management -- What are software vulnerabilities? -- Common Vulnerabilities and Exposures -- What is the NIST definition of software vulnerabilities? -- CVSS -- Common Weakness Enumeration -- Known Exploited Vulnerabilities -- CVE, CWE, and KEV -- What we're up against -- Prioritizing your remediations -- CISA's KEV Catalog -- CVSS metric - Attack Vector -- CVSS metric - Attack Complexity -- CVSS metric - Privileges Required -- CVE priority -- Starting with vulnerability scans -- Making it fun -- In the cloud -- Securing your code -- IaC -- SAST -- DAST -- IAST -- Software composition analysis -- OWASP -- Summary -- Chapter 9: Asset Inventory -- Asset inventory -- Identifying your assets -- What is the NIST definition of asset inventory? -- Automating your asset inventory -- Change management -- NIST security-focused change management -- Phase 1 - Planning -- Phase 2 - Identifying and implementing configurations -- Phase 3 - Controlling configuration changes -- Phase 4 - Monitoring -- Mobile device management (MDM) -- Knowing your network -- Quick reference for asset management -- Summary -- Chapter 10: Data Protection -- Encrypt your data! -- Introduction to encryption -- History of encryption -- Encryption basics -- Encrypted data means there is no breach! -- What is PII? It depends... -- NIST's definition of PII -- Third-party risk management -- SolarWinds attack -- Vendor management policy -- Vendor management contract clauses -- Critical vendors -- Train your staff -- Vendor risk rating -- Data loss protection Insider threats - the hidden danger -- Quick reference for data protection -- Summary -- Part 3: Security Resilience: Taking Your Security Program to the Next Level -- Chapter 11: Taking Your Endpoint Security to the Next Level -- Endpoint detection and response (EDR) - Focusing on the "R" -- Managed detection and response (MDR) -- Extended detection and response (XDR) -- SOAR -- Cloud security posture management (CSPM)/Cloud-native application protection program (CNAPP) -- What is CSPM/CNAPP? -- Zero trust vs. software-defined perimeter -- How a typical TLS session works -- What is mutual authentication? -- DNS protection -- What do DNS protections provide? -- Quick reference for zero trust -- Summary -- Chapter 12: Secure Configuration Baseline -- Security baseline -- What compliance does your company have to meet? -- System and Organizational Controls (SOC) 2 -- International Standard Organization (ISO) 27001 -- North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) -- Cybersecurity Maturity Model Certification (CMMC) -- NIST 800-171 vs. CMMC -- SOC 1 -- Sarbanes-Oxley Act (SOX) -- Payment Card Industry Data Security Standard (PCI-DSS) -- Health Insurance Portability and Accountability Act (HIPAA) -- Health Information Technology for Economic and Clinical Health (HITECH) -- HITRUST -- NIST 800-53 - One framework to rule them all -- Creating your security baseline -- Quick reference for creating a security baseline -- Summary -- Chapter 13: Classify Your Data and Assets -- Start with your data -- Shared Responsibility Model -- Classifying your assets -- Monitoring -- Subnetting -- Segmentation -- Sony hack -- Quick reference for securing critical assets -- Summary -- Chapter 14: Cyber Resilience in the Age of Artificial Intelligence (AI) -- ChatGPT -- Securing ChatGPT -- What can go wrong with ChatGPT? Artificial intelligence (AI) -- Machine learning (ML) -- Natural language processing (NLP) -- Deep learning (DL) -- Generative AI (Gen AI) -- What is responsible AI? -- EU AI Act -- Secure AI framework (SAIF) -- AI and cybersecurity - The good, the bad, and the ugly -- The good -- The bad -- The ugly -- AI bias -- Systematic bias -- Statistical bias -- Human bias -- NIST AI RMF -- Summary -- Index -- Other Books You May Enjoy Business enterprises-Computer networks-Security measures Computer security Rothrock, Ray Verfasser aut Erscheint auch als Druck-Ausgabe Baker, Debra A CISO Guide to Cyber Resilience Birmingham : Packt Publishing, Limited,c2024 9781835466926 https://portal.igpublish.com/iglibrary/search/PACKT0007157.html Verlag URL des Erstveröffentlichers Volltext |
| spellingShingle | Baker, Debra Rothrock, Ray A CISO guide to cyber resilience a how-to guide for every CISO to build a resilient security program Cover -- Title Page -- Copyright and Credits -- Foreword -- Contributors -- Table of Contents -- Preface -- Part 1: Attack on BigCo -- Chapter 1: The Attack on BigCo -- BigCo - the attack -- BigCo - cross-team co-ordination -- BigCo - recovery -- BigCo - the anatomy of an attack -- Summary -- Part 2: Security Resilience: Getting the Basics Down -- Chapter 2: Identity and Access Management -- Two-factor authentication and why you need it -- Something you know -- Something you are -- Something you have -- Password complexity and NIST 800-63-3B -- Application security -- Password manager -- Quick reference -- Summary -- Chapter 3: Security Policies -- Where are your policies, and are they being used? -- Compliance begins with laws and regulations -- Nortel hack -- Importance of Due diligence -- Summary -- Chapter 4: Security and Risk Management -- What is risk management? -- Identifying risks -- Risk assessment -- Monitoring your controls -- Key performance indicators (KPIs) -- Quick reference -- Summary -- Chapter 5: Securing Your Endpoints -- Antivirus/anti-malware -- Virtual private network (VPN) -- What is phishing? -- Moving to remote work -- LastPass hack -- Testing your home firewall -- Network access control (NAC) and Zero Trust -- Application firewall -- Mirai botnet -- Securing your browser -- Turning on your application firewall -- Okta hack -- Quick reference for endpoint security -- Summary -- Chapter 6: Data Safeguarding -- Offline backups -- Testing your backups -- Cryptographic hashing -- Availability in the cloud -- Business continuity -- Recovery time objective (RTO) -- Recovery point objective (RPO) -- Maximum tolerable downtime (MTD) -- Succession planning -- AWS DDOS attack -- Disaster recovery -- Redundancy in architecture -- Disaster recovery roles and responsibilities -- Testing disaster recovery -- Summary Chapter 7: Security Awareness Culture -- Security awareness training is foundational -- Security is everyone's responsibility -- Materiality assessment -- Disclosure requirements -- Governance and management -- Third-party involvement -- Security awareness training is mandatory and tracked -- Chapter 8: Vulnerability Management -- What are software vulnerabilities? -- Common Vulnerabilities and Exposures -- What is the NIST definition of software vulnerabilities? -- CVSS -- Common Weakness Enumeration -- Known Exploited Vulnerabilities -- CVE, CWE, and KEV -- What we're up against -- Prioritizing your remediations -- CISA's KEV Catalog -- CVSS metric - Attack Vector -- CVSS metric - Attack Complexity -- CVSS metric - Privileges Required -- CVE priority -- Starting with vulnerability scans -- Making it fun -- In the cloud -- Securing your code -- IaC -- SAST -- DAST -- IAST -- Software composition analysis -- OWASP -- Summary -- Chapter 9: Asset Inventory -- Asset inventory -- Identifying your assets -- What is the NIST definition of asset inventory? -- Automating your asset inventory -- Change management -- NIST security-focused change management -- Phase 1 - Planning -- Phase 2 - Identifying and implementing configurations -- Phase 3 - Controlling configuration changes -- Phase 4 - Monitoring -- Mobile device management (MDM) -- Knowing your network -- Quick reference for asset management -- Summary -- Chapter 10: Data Protection -- Encrypt your data! -- Introduction to encryption -- History of encryption -- Encryption basics -- Encrypted data means there is no breach! -- What is PII? It depends... -- NIST's definition of PII -- Third-party risk management -- SolarWinds attack -- Vendor management policy -- Vendor management contract clauses -- Critical vendors -- Train your staff -- Vendor risk rating -- Data loss protection Insider threats - the hidden danger -- Quick reference for data protection -- Summary -- Part 3: Security Resilience: Taking Your Security Program to the Next Level -- Chapter 11: Taking Your Endpoint Security to the Next Level -- Endpoint detection and response (EDR) - Focusing on the "R" -- Managed detection and response (MDR) -- Extended detection and response (XDR) -- SOAR -- Cloud security posture management (CSPM)/Cloud-native application protection program (CNAPP) -- What is CSPM/CNAPP? -- Zero trust vs. software-defined perimeter -- How a typical TLS session works -- What is mutual authentication? -- DNS protection -- What do DNS protections provide? -- Quick reference for zero trust -- Summary -- Chapter 12: Secure Configuration Baseline -- Security baseline -- What compliance does your company have to meet? -- System and Organizational Controls (SOC) 2 -- International Standard Organization (ISO) 27001 -- North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) -- Cybersecurity Maturity Model Certification (CMMC) -- NIST 800-171 vs. CMMC -- SOC 1 -- Sarbanes-Oxley Act (SOX) -- Payment Card Industry Data Security Standard (PCI-DSS) -- Health Insurance Portability and Accountability Act (HIPAA) -- Health Information Technology for Economic and Clinical Health (HITECH) -- HITRUST -- NIST 800-53 - One framework to rule them all -- Creating your security baseline -- Quick reference for creating a security baseline -- Summary -- Chapter 13: Classify Your Data and Assets -- Start with your data -- Shared Responsibility Model -- Classifying your assets -- Monitoring -- Subnetting -- Segmentation -- Sony hack -- Quick reference for securing critical assets -- Summary -- Chapter 14: Cyber Resilience in the Age of Artificial Intelligence (AI) -- ChatGPT -- Securing ChatGPT -- What can go wrong with ChatGPT? Artificial intelligence (AI) -- Machine learning (ML) -- Natural language processing (NLP) -- Deep learning (DL) -- Generative AI (Gen AI) -- What is responsible AI? -- EU AI Act -- Secure AI framework (SAIF) -- AI and cybersecurity - The good, the bad, and the ugly -- The good -- The bad -- The ugly -- AI bias -- Systematic bias -- Statistical bias -- Human bias -- NIST AI RMF -- Summary -- Index -- Other Books You May Enjoy Business enterprises-Computer networks-Security measures Computer security |
| title | A CISO guide to cyber resilience a how-to guide for every CISO to build a resilient security program |
| title_auth | A CISO guide to cyber resilience a how-to guide for every CISO to build a resilient security program |
| title_exact_search | A CISO guide to cyber resilience a how-to guide for every CISO to build a resilient security program |
| title_full | A CISO guide to cyber resilience a how-to guide for every CISO to build a resilient security program |
| title_fullStr | A CISO guide to cyber resilience a how-to guide for every CISO to build a resilient security program |
| title_full_unstemmed | A CISO guide to cyber resilience a how-to guide for every CISO to build a resilient security program |
| title_short | A CISO guide to cyber resilience |
| title_sort | a ciso guide to cyber resilience a how to guide for every ciso to build a resilient security program |
| title_sub | a how-to guide for every CISO to build a resilient security program |
| topic | Business enterprises-Computer networks-Security measures Computer security |
| topic_facet | Business enterprises-Computer networks-Security measures Computer security |
| url | https://portal.igpublish.com/iglibrary/search/PACKT0007157.html |
| work_keys_str_mv | AT bakerdebra acisoguidetocyberresilienceahowtoguideforeverycisotobuildaresilientsecurityprogram AT rothrockray acisoguidetocyberresilienceahowtoguideforeverycisotobuildaresilientsecurityprogram |