Book Image

Information Security Handbook

By : Darren Death
Book Image

Information Security Handbook

By: Darren Death

Overview of this book

Having an information security mechanism is one of the most crucial factors for any organization. Important assets of organization demand a proper risk management and threat model for security, and so information security concepts are gaining a lot of traction. This book starts with the concept of information security and shows you why it’s important. It then moves on to modules such as threat modeling, risk management, and mitigation. It also covers the concepts of incident response systems, information rights management, and more. Moving on, it guides you to build your own information security framework as the best fit for your organization. Toward the end, you’ll discover some best practices that can be implemented to make your security framework strong. By the end of this book, you will be well-versed with all the factors involved in information security, which will help you build a security framework that is a perfect fit your organization’s requirements.

Related Content you might be interested in

Current Title:

Small book image
Information Security Handbook
Darren Death
Dec, 2017 | 330 pages
Small book image
Mastering Information Security Compliance Management
Adarsh Nair | Greeshma M R
Aug, 2023 | 236 pages
Small book image
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
Shobhit Mehta
Sep, 2023 | 316 pages
Small book image
Cybersecurity Leadership Demystified
Erdal Ozkaya
Jan, 2022 | 274 pages
Table of Contents (19 chapters)
Title Page
Title Page
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
Information and Data Security Fundamentals
Information and Data Security Fundamentals
Information security challenges
Evolution of cybercrime
The modern role of information security
Organizational information security assessment
Risk management
Information security standards
Policies
Training
Summary
2
Defining the Threat Landscape
Defining the Threat Landscape
What is important to your organization and who wants it?
Hackers and hacking
Closing information system vulnerabilities
Vulnerability management
Summary
3
Preparing for Information and Data Security
Preparing for Information and Data Security
Establishing an information security program
Information security policies
Recommended operational policies
Summary
4
Information Security Risk Management
Information Security Risk Management
What is risk?
Who owns organizational risk?
Where is your valuable data?
Performing a quick risk assessment
Risk management is an organization-wide activity
Security control selection
Security control implementation
Assessing implemented security controls
Authorizing information systems to operate
Monitoring information system security controls
Calculating risk
Summary
5
Developing Your Information and Data Security Plan
Developing Your Information and Data Security Plan
Determine your information security program objectives
Elements for a successful information security program
Helping to guarantee success
Key information security program plan elements
Defining enforcement authority
Pulling it all together
Summary
6
Continuous Testing and Monitoring
Continuous Testing and Monitoring
Types of technical testing
SDLC considerations for testing
Continuous monitoring
Vulnerability assessment
Penetration testing
Difference between vulnerability assessment and penetration testing
Examples of successful attacks in the news
Summary
7
Business Continuity/Disaster Recovery Planning
Business Continuity/Disaster Recovery Planning
Scope of BCDR plan
Designing the BCDR plan
Requirements and context gathering – business impact assessment
Define technical disasters recovery mechanisms
Develop your plan
Test the BCDR plan
Summary
8
Incident Response Planning
Incident Response Planning
Do I need an incident response plan?
Components of an incident response plan
Preparing the incident response plan
Identification – detection and analysis
Identification – incident response tools
Remediation – containment/recovery/mitigation
Remediation - incident response tools
Post incident activity
Summary
9
Developing a Security Operations Center
Developing a Security Operations Center
Responsibilities of the SOC
Management of security operations center tools
Security operation center toolset design
Security operations center roles
Processes and procedures
Security operations center tools
Summary
10
Developing an Information Security Architecture Program
Developing an Information Security Architecture Program
Information security architecture and SDLC/SELC
Conducting an initial information security analysis
Developing a security architecture advisement program
Summary
11
Cloud Security Consideration
Cloud Security Consideration
Cloud computing characteristics
Cloud computing service models
Cloud computing deployment models
Cloud computing management models
Cloud computing special consideration
Summary
12
Information and Data Security Best Practices
Information and Data Security Best Practices
Information security best practices
Application security
Network security
Summary

Chapter 1. Information and Data Security Fundamentals

Computers have been instrumental to human progress for more than half a century. As these devices have become more sophisticated they have come under increasing attack from those looking to disrupt organizations using these systems. From the first boot sector virus to advanced, highly-complex, nation-state threats, the ability for an adversary to negatively impact an organization has never been greater. While the attacker has become more sophisticated, our ability to prepare for and defend against the attacker has also become very sophisticated. Throughout this book, I will discuss what it takes to establish an information security program that helps to ensure an organization is properly defended.

The first chapter will provide the reader with an overview of key concepts that will be examined throughout this book. The reader will learn the history, key concepts, components of information, and data security. Additionally, the reader will understand how these concepts should balance with business needs.

The topics covered in this chapter include the following:

  • Information security challenges
  • The evolution of cybercrime
  • The modern role of information security:
    • IT security engineering
    • Information assurance
    • The CIA triad
  • Organizational information security assessments
  • Risk management
  • Information security standards
  • Policies
  • Training
Previous Section
End of Section 1
Next Section