Book Image

Information Security Handbook

By : Darren Death
Book Image

Information Security Handbook

By: Darren Death

Overview of this book

Having an information security mechanism is one of the most crucial factors for any organization. Important assets of organization demand a proper risk management and threat model for security, and so information security concepts are gaining a lot of traction. This book starts with the concept of information security and shows you why it’s important. It then moves on to modules such as threat modeling, risk management, and mitigation. It also covers the concepts of incident response systems, information rights management, and more. Moving on, it guides you to build your own information security framework as the best fit for your organization. Toward the end, you’ll discover some best practices that can be implemented to make your security framework strong. By the end of this book, you will be well-versed with all the factors involved in information security, which will help you build a security framework that is a perfect fit your organization’s requirements.

Related Content you might be interested in

Current Title:

Small book image
Information Security Handbook
Darren Death
Dec, 2017 | 330 pages
Small book image
Mastering Information Security Compliance Management
Adarsh Nair | Greeshma M R
Aug, 2023 | 236 pages
Small book image
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
Shobhit Mehta
Sep, 2023 | 316 pages
Small book image
Cybersecurity Leadership Demystified
Erdal Ozkaya
Jan, 2022 | 274 pages
Table of Contents (19 chapters)
Title Page
Title Page
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
Information and Data Security Fundamentals
Information and Data Security Fundamentals
Information security challenges
Evolution of cybercrime
The modern role of information security
Organizational information security assessment
Risk management
Information security standards
Policies
Training
Summary
2
Defining the Threat Landscape
Defining the Threat Landscape
What is important to your organization and who wants it?
Hackers and hacking
Closing information system vulnerabilities
Vulnerability management
Summary
3
Preparing for Information and Data Security
Preparing for Information and Data Security
Establishing an information security program
Information security policies
Recommended operational policies
Summary
4
Information Security Risk Management
Information Security Risk Management
What is risk?
Who owns organizational risk?
Where is your valuable data?
Performing a quick risk assessment
Risk management is an organization-wide activity
Security control selection
Security control implementation
Assessing implemented security controls
Authorizing information systems to operate
Monitoring information system security controls
Calculating risk
Summary
5
Developing Your Information and Data Security Plan
Developing Your Information and Data Security Plan
Determine your information security program objectives
Elements for a successful information security program
Helping to guarantee success
Key information security program plan elements
Defining enforcement authority
Pulling it all together
Summary
6
Continuous Testing and Monitoring
Continuous Testing and Monitoring
Types of technical testing
SDLC considerations for testing
Continuous monitoring
Vulnerability assessment
Penetration testing
Difference between vulnerability assessment and penetration testing
Examples of successful attacks in the news
Summary
7
Business Continuity/Disaster Recovery Planning
Business Continuity/Disaster Recovery Planning
Scope of BCDR plan
Designing the BCDR plan
Requirements and context gathering – business impact assessment
Define technical disasters recovery mechanisms
Develop your plan
Test the BCDR plan
Summary
8
Incident Response Planning
Incident Response Planning
Do I need an incident response plan?
Components of an incident response plan
Preparing the incident response plan
Identification – detection and analysis
Identification – incident response tools
Remediation – containment/recovery/mitigation
Remediation - incident response tools
Post incident activity
Summary
9
Developing a Security Operations Center
Developing a Security Operations Center
Responsibilities of the SOC
Management of security operations center tools
Security operation center toolset design
Security operations center roles
Processes and procedures
Security operations center tools
Summary
10
Developing an Information Security Architecture Program
Developing an Information Security Architecture Program
Information security architecture and SDLC/SELC
Conducting an initial information security analysis
Developing a security architecture advisement program
Summary
11
Cloud Security Consideration
Cloud Security Consideration
Cloud computing characteristics
Cloud computing service models
Cloud computing deployment models
Cloud computing management models
Cloud computing special consideration
Summary
12
Information and Data Security Best Practices
Information and Data Security Best Practices
Information security best practices
Application security
Network security
Summary

About the Author

Darren Death is an information security professional living in the DC Metropolitan Area. During his 17-year technology career, he has supported the private and public sector at the local, state, and national levels. Darren has worked for organizations such as the Department of Justice, Library of Congress, and the Federal Emergency Management Agency. Darren currently works for Artic Slope Regional Corporation as its chief information security officer. In this role, Darren is responsible for the ASRC Enterprise Information Security program, where he manages the Information Security program across the 3 billion dollar ASRC portfolio crossing many business sectors to include energy, financial services, hospitality, retail, construction, and federal government contracting.

Darren is very active in the information security community and can be heard at many conferences throughout the year speaking on many of the topics covered in this book. Infragard is an organization that is dedicated to sharing information and intelligence working to prevent hostile acts against the United States. In this role, he teaches students the building blocks that go into establishing a successful information security program.

I would like to thank my amazing wife and children for putting up with me and sacrificing the time that it took to write this book. I would also like to thank the many executives that have walked alongside me throughout my career. These executives include: Leif Henecke, CIO at ASRC Federal; Ann-Marie Massenberg, Chief of Staff at the Office of Financial Management at the US Department of Transportation; Jonathan Alboum, CIO at USDA; Steve Elky, Director of IT Strategic Planning at the Library of Congress; Douglas Ament, CIO at the US Copyright Office; Kyle Holtzman, Deputy Assistant Director of Service Portfolio Management at the U.S. Department of Justice; and Oscar Jordan, Master Sergeant United States Air Force. Without learning the valuable lessons that I learned from these professionals, I would not be where I am today. It is also because of these individuals that I strongly support and participate in mentoring opportunities for others who are staring in their IT careers and work to teach and spread what I have learned to others regarding IT and Information Security best practices.

Previous Section
Next Chapter