Book Image

Information Security Handbook

By : Darren Death
Book Image

Information Security Handbook

By: Darren Death

Overview of this book

Having an information security mechanism is one of the most crucial factors for any organization. Important assets of organization demand a proper risk management and threat model for security, and so information security concepts are gaining a lot of traction. This book starts with the concept of information security and shows you why it’s important. It then moves on to modules such as threat modeling, risk management, and mitigation. It also covers the concepts of incident response systems, information rights management, and more. Moving on, it guides you to build your own information security framework as the best fit for your organization. Toward the end, you’ll discover some best practices that can be implemented to make your security framework strong. By the end of this book, you will be well-versed with all the factors involved in information security, which will help you build a security framework that is a perfect fit your organization’s requirements.

Related Content you might be interested in

Current Title:

Small book image
Information Security Handbook
Darren Death
Dec, 2017 | 330 pages
Small book image
Mastering Information Security Compliance Management
Adarsh Nair | Greeshma M R
Aug, 2023 | 236 pages
Small book image
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
Shobhit Mehta
Sep, 2023 | 316 pages
Small book image
Cybersecurity Leadership Demystified
Erdal Ozkaya
Jan, 2022 | 274 pages
Table of Contents (19 chapters)
Title Page
Title Page
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
Information and Data Security Fundamentals
Information and Data Security Fundamentals
Information security challenges
Evolution of cybercrime
The modern role of information security
Organizational information security assessment
Risk management
Information security standards
Policies
Training
Summary
2
Defining the Threat Landscape
Defining the Threat Landscape
What is important to your organization and who wants it?
Hackers and hacking
Closing information system vulnerabilities
Vulnerability management
Summary
3
Preparing for Information and Data Security
Preparing for Information and Data Security
Establishing an information security program
Information security policies
Recommended operational policies
Summary
4
Information Security Risk Management
Information Security Risk Management
What is risk?
Who owns organizational risk?
Where is your valuable data?
Performing a quick risk assessment
Risk management is an organization-wide activity
Security control selection
Security control implementation
Assessing implemented security controls
Authorizing information systems to operate
Monitoring information system security controls
Calculating risk
Summary
5
Developing Your Information and Data Security Plan
Developing Your Information and Data Security Plan
Determine your information security program objectives
Elements for a successful information security program
Helping to guarantee success
Key information security program plan elements
Defining enforcement authority
Pulling it all together
Summary
6
Continuous Testing and Monitoring
Continuous Testing and Monitoring
Types of technical testing
SDLC considerations for testing
Continuous monitoring
Vulnerability assessment
Penetration testing
Difference between vulnerability assessment and penetration testing
Examples of successful attacks in the news
Summary
7
Business Continuity/Disaster Recovery Planning
Business Continuity/Disaster Recovery Planning
Scope of BCDR plan
Designing the BCDR plan
Requirements and context gathering – business impact assessment
Define technical disasters recovery mechanisms
Develop your plan
Test the BCDR plan
Summary
8
Incident Response Planning
Incident Response Planning
Do I need an incident response plan?
Components of an incident response plan
Preparing the incident response plan
Identification – detection and analysis
Identification – incident response tools
Remediation – containment/recovery/mitigation
Remediation - incident response tools
Post incident activity
Summary
9
Developing a Security Operations Center
Developing a Security Operations Center
Responsibilities of the SOC
Management of security operations center tools
Security operation center toolset design
Security operations center roles
Processes and procedures
Security operations center tools
Summary
10
Developing an Information Security Architecture Program
Developing an Information Security Architecture Program
Information security architecture and SDLC/SELC
Conducting an initial information security analysis
Developing a security architecture advisement program
Summary
11
Cloud Security Consideration
Cloud Security Consideration
Cloud computing characteristics
Cloud computing service models
Cloud computing deployment models
Cloud computing management models
Cloud computing special consideration
Summary
12
Information and Data Security Best Practices
Information and Data Security Best Practices
Information security best practices
Application security
Network security
Summary

Types of technical testing

  • Vulnerability assessment: Vulnerability scanning serves to interrogate a specific information system or an entire network to discover weaknesses in their security posture.
  • Web application vulnerability assessment: A specific type of vulnerability assessment that is targeted at web-based applications versus servers and networks. This type of assessment attempts to find weaknesses in application code and logic.
  • Static code analysis: Static code analysis inspects the source code of an application and attempts to determine whether flaws exist that could be exploited by an attacker.
  • Penetration testing: Penetration testing takes the results of vulnerability assessments and validates that an identified weakness is an exploitable vulnerability.
Previous Section
End of Section 2
Next Section