Book Image

Infosec Strategies and Best Practices

By : Joseph MacMillan
Book Image

Infosec Strategies and Best Practices

By: Joseph MacMillan

Overview of this book

Information security and risk management best practices enable professionals to plan, implement, measure, and test their organization's systems and ensure that they're adequately protected against threats. The book starts by helping you to understand the core principles of information security, why risk management is important, and how you can drive information security governance. You'll then explore methods for implementing security controls to achieve the organization's information security goals. As you make progress, you'll get to grips with design principles that can be utilized along with methods to assess and mitigate architectural vulnerabilities. The book will also help you to discover best practices for designing secure network architectures and controlling and managing third-party identity services. Finally, you will learn about designing and managing security testing processes, along with ways in which you can improve software security. By the end of this infosec book, you'll have learned how to make your organization less vulnerable to threats and reduce the likelihood and impact of exploitation. As a result, you will be able to make an impactful change in your organization toward a higher level of information security.
Table of Contents (13 chapters)
1
Section 1: Information Security Risk Management and Governance
4
Section 2: Closing the Gap: How to Protect the Organization
8
Section 3: Operationalizing Information Security

What this book covers

Chapter 1, InfoSec and Risk Management, establishes the core principles of InfoSec and ensures the topics central to the discipline are well-understood.

Chapter 2, Protecting the Security of Assets, implements effective processes to ensure you can identify the assets of an organization and avoid common pitfalls that InfoSec professionals encounter.

Chapter 3, Designing Secure Information Systems, explores how to assess architectures and systems for vulnerabilities and mitigate those vulnerabilities with controls, including cryptography.

Chapter 4, Designing and Protecting Network Security, covers designing secure network systems, selecting the appropriate network components, and ensuring their effectiveness for your organization's requirements.

Chapter 5, Controlling Access and Managing Identity, examines both physical and digital access to your organization, and the various aspects of selecting and implementing the appropriate identity and access management controls.

Chapter 6, Designing and Managing Security Testing Processes, covers adopting a mindset of continuous improvement by testing existing implementations and utilizing any findings to optimize your InfoSec program.

Chapter 7, Owning Security Operations, covers aligning the day-to-day tasks involved with maintaining InfoSec to an organization's strategies.

Chapter 8, Improving the Security of Software, covers enforcing secure practices in procuring and developing software.