Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Infosec Strategies and Best Practices
  • Table Of Contents Toc
  • Feedback & Rating feedback
Infosec Strategies and Best Practices

Infosec Strategies and Best Practices

By : MacMillan
4.9 (14)
Buy this Book
close
close
Infosec Strategies and Best Practices

Infosec Strategies and Best Practices

4.9 (14)
By: MacMillan
Buy this Book

Overview of this book

Information security and risk management best practices enable professionals to plan, implement, measure, and test their organization's systems and ensure that they're adequately protected against threats. The book starts by helping you to understand the core principles of information security, why risk management is important, and how you can drive information security governance. You'll then explore methods for implementing security controls to achieve the organization's information security goals. As you make progress, you'll get to grips with design principles that can be utilized along with methods to assess and mitigate architectural vulnerabilities. The book will also help you to discover best practices for designing secure network architectures and controlling and managing third-party identity services. Finally, you will learn about designing and managing security testing processes, along with ways in which you can improve software security. By the end of this infosec book, you'll have learned how to make your organization less vulnerable to threats and reduce the likelihood and impact of exploitation. As a result, you will be able to make an impactful change in your organization toward a higher level of information security.
Table of Contents (13 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Reviews
1
Section 1: Information Security Risk Management and Governance
Icon
Section 1: Information Security Risk Management and Governance
Lock Free Chapter
2
Chapter 1: InfoSec and Risk Management
Icon
Chapter 1: InfoSec and Risk Management
Icon
Basic InfoSec terminology
Icon
Understanding why risk management is important
Icon
Performing a basic risk assessment
Icon
Considering legal regulations, investigations, and compliance structures
Icon
Proven methodologies in creating a strategy
Icon
Summary
3
Chapter 2: Protecting the Security of Assets
chevron up
Icon
Chapter 2: Protecting the Security of Assets
Icon
Implementing an ISMS
Icon
Identifying and classifying information assets
Icon
Securing information assets
Icon
Disposing of assets
Icon
Summary
4
Section 2: Closing the Gap: How to Protect the Organization
Icon
Section 2: Closing the Gap: How to Protect the Organization
5
Chapter 3: Designing Secure Information Systems
Icon
Chapter 3: Designing Secure Information Systems
Icon
Understanding the risks your organization faces
Icon
Best practices in assessing and mitigating vulnerabilities
Icon
Best practices in designing secure information systems
Icon
Summary
6
Chapter 4: Designing and Protecting Network Security
Icon
Chapter 4: Designing and Protecting Network Security
Icon
Designing secure network architectures
Icon
Strategies for protecting network security
7
Chapter 5: Controlling Access and Managing Identity
Icon
Chapter 5: Controlling Access and Managing Identity
Icon
Access control models and concepts
Icon
Selecting and implementing authentication and authorization mechanisms
Icon
Identity and access management (IAM)
Icon
Controlling physical access to assets
Icon
Summary
8
Section 3: Operationalizing Information Security
Icon
Section 3: Operationalizing Information Security
9
Chapter 6: Designing and Managing Security Testing Processes
Icon
Chapter 6: Designing and Managing Security Testing Processes
Icon
Preparing for security assessments
Icon
Understanding the different types of security assessments
Icon
Best practices in performing security assessments
Icon
Interpreting results from security assessments
Icon
Summary
10
Chapter 7: Owning Security Operations
Icon
Chapter 7: Owning Security Operations
Icon
Effective strategies in provisioning resources and maintaining assets
Icon
Focusing on availability, disaster recovery, and business continuity
Icon
Managing upgrades, patching, and applying security controls
Icon
Investigating events and responding to incidents
Icon
Implementing and utilizing detective controls
Icon
Using security monitoring to improve visibility
Icon
Security monitoring best practices
Icon
Summary
11
Chapter 8: Improving the Security of Software
Icon
Chapter 8: Improving the Security of Software
Icon
Exploring software security paradigms
Icon
Understanding the secure development life cycle
Icon
Utilizing the OWASP Top 10 Proactive Controls
Icon
Assessing software security
Icon
Summary
Icon
Why subscribe?
12
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Leave a review - let other readers know what you think

Chapter 2: Protecting the Security of Assets

Originally, the concept for the start of this chapter was to ask you "How can you protect an organization if you don't know what assets they have?". We both know the answer to that question is "You can't," and we've probably been asked this question a thousand times between the two of us, so I'm not going to ask it. Instead, I'm going to show you how you might structure the appropriate processes at your organization in order to discover and protect its assets.

These various processes combine to create what is known as an Information Security Management System (ISMS). We covered various key concepts in Chapter 1, InfoSec and Risk Management, but overall, there was much less structure than most organizations would require. What we want to be able to achieve with the ISMS is to appropriately identify and classify our organization's assets, and ensure the security of those assets is adequately...

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Infosec Strategies and Best Practices
End of Section 3
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon