Book Image

Infosec Strategies and Best Practices

By : Joseph MacMillan
Book Image

Infosec Strategies and Best Practices

By: Joseph MacMillan

Overview of this book

Information security and risk management best practices enable professionals to plan, implement, measure, and test their organization's systems and ensure that they're adequately protected against threats. The book starts by helping you to understand the core principles of information security, why risk management is important, and how you can drive information security governance. You'll then explore methods for implementing security controls to achieve the organization's information security goals. As you make progress, you'll get to grips with design principles that can be utilized along with methods to assess and mitigate architectural vulnerabilities. The book will also help you to discover best practices for designing secure network architectures and controlling and managing third-party identity services. Finally, you will learn about designing and managing security testing processes, along with ways in which you can improve software security. By the end of this infosec book, you'll have learned how to make your organization less vulnerable to threats and reduce the likelihood and impact of exploitation. As a result, you will be able to make an impactful change in your organization toward a higher level of information security.
Table of Contents (13 chapters)
1
Section 1: Information Security Risk Management and Governance
4
Section 2: Closing the Gap: How to Protect the Organization
8
Section 3: Operationalizing Information Security

Chapter 1: InfoSec and Risk Management

As this is the first page of this book, I'm meant to tell you why you might want to buy this book, instead of any of the others. Well, if the following describes you, then this book is going to help you in your career:

You are looking to begin (or have recently begun) working in an information security role. Perhaps you've been taking courses and studying for an industry-standard certification such as the CISSP or CISM, but you're looking for a way to convert the concepts (and seemingly endless number of acronyms) from theory into practice, and start making a difference in your day-to-day work at your organization.

In this book, we're going to help you turn the theory of your certifications into actionable and practical changes to make your organization more secure, and also help you progress your career as an information security professional.

Has that sold you? Is this book in your shopping cart now? Great – then let's get started.

This first chapter will go over the major topics that heavily influence decisions made by information security professionals: risk management and governance structures. That may not sound like a barnburner, full of thrills and excitement, but if you can manage to master the basics found in this first chapter, I can actually promise you that you will be a highly effective, well-oiled risk management machine in no time. Now if that doesn't make you want to read on, what would?

Let's get a bit more formal and list the main topics we're going to cover in this chapter:

  • Basic InfoSec terminology
  • Understanding why risk management is important
  • Performing a basic risk assessment
  • Considering legal regulations, investigations, and compliance structures
  • Proven methodologies in creating a strategy

And so, let's begin!