Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Executive's Cybersecurity Program Handbook
  • Table Of Contents Toc
Executive's Cybersecurity Program Handbook

Executive's Cybersecurity Program Handbook

By : Jason Brown
4.7 (7)
Buy this Book
close
close
Executive's Cybersecurity Program Handbook

Executive's Cybersecurity Program Handbook

4.7 (7)
By: Jason Brown
Buy this Book

Overview of this book

Ransomware, phishing, and data breaches are major concerns affecting all organizations as a new cyber threat seems to emerge every day, making it paramount to protect the security of your organization and be prepared for potential cyberattacks. This book will ensure that you can build a reliable cybersecurity framework to keep your organization safe from cyberattacks. This Executive’s Cybersecurity Program Handbook explains the importance of executive buy-in, mission, and vision statement of the main pillars of security program (governance, defence, people and innovation). You’ll explore the different types of cybersecurity frameworks, how they differ from one another, and how to pick the right framework to minimize cyber risk. As you advance, you’ll perform an assessment against the NIST Cybersecurity Framework, which will help you evaluate threats to your organization by identifying both internal and external vulnerabilities. Toward the end, you’ll learn the importance of standard cybersecurity policies, along with concepts of governance, risk, and compliance, and become well-equipped to build an effective incident response team. By the end of this book, you’ll have gained a thorough understanding of how to build your security program from scratch as well as the importance of implementing administrative and technical security controls.
Table of Contents (18 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
Download the color images
Icon
Get in touch
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
1
Part 1 – Getting Your Program Off the Ground
Icon
Part 1 – Getting Your Program Off the Ground
Lock Free Chapter
2
Chapter 1: The First 90 Days
chevron up
Icon
Chapter 1: The First 90 Days
Icon
Getting executive buy-in
Icon
Budget or no budget?
Icon
Vision statements
Icon
Mission statements
Icon
Program charters
Icon
The pillars of your cybersecurity program
Icon
Summary
Icon
References
3
Chapter 2: Choosing the Right Cybersecurity Framework
Icon
Chapter 2: Choosing the Right Cybersecurity Framework
Icon
What is a cybersecurity framework?
Icon
Examining security as a checkbox
Icon
Understanding continual improvement
Icon
Selecting the right framework
Icon
The framework used in this book
Icon
Summary
Icon
References
4
Chapter 3: Cybersecurity Strategic Planning through the Assessment Process
Icon
Chapter 3: Cybersecurity Strategic Planning through the Assessment Process
Icon
Developing your cybersecurity strategy
Icon
Who should perform the assessment?
Icon
Preparing for the assessment
Icon
Performing the assessment
Icon
Wrapping up the assessment
Icon
Understanding the current and future state of your program
Icon
The exit interview
Icon
Summary
Icon
References
5
Part 2 – Administrative Cybersecurity Controls
Icon
Part 2 – Administrative Cybersecurity Controls
6
Chapter 4: Establishing Governance through Policy
Icon
Chapter 4: Establishing Governance through Policy
Icon
The importance of governance
Icon
The importance of policy documents
Icon
Exploring PSPs
Icon
Policy workflow
Icon
Exploring policy objectives
Icon
Summary
Icon
References
7
Chapter 5: The Security Team
Icon
Chapter 5: The Security Team
Icon
The need for more security professionals
Icon
Applying NIST NICE framework to your organization
Icon
Exploring cybersecurity roles
Icon
Exploring cybersecurity architectural frameworks
Icon
Staffing – insourcing versus outsourcing
Icon
Structuring the cybersecurity team
Icon
Summary
Icon
References
8
Chapter 6: Risk Management
Icon
Chapter 6: Risk Management
Icon
Why do we need risk management?
Icon
Exploring IT risks
Icon
The NIST RMF
Icon
Applying risk management to IT resources
Icon
Documenting in the SSP
Icon
Summary
Icon
References
9
Chapter 7: Incident Response
Icon
Chapter 7: Incident Response
Icon
NIST incident response methodology
Icon
Incident response playbooks
Icon
Train like we fight
Icon
Summary
Icon
References
10
Chapter 8: Security Awareness and Training
Icon
Chapter 8: Security Awareness and Training
Icon
Understanding security awareness, training, and education
Icon
Setting up a security training program
Icon
Continuous improvement
Icon
Training for compliance
Icon
Summary
Icon
References
11
Part 3 – Technical Controls
Icon
Part 3 – Technical Controls
12
Chapter 9: Network Security
Icon
Chapter 9: Network Security
Icon
The history of the internet
Icon
The OSI model
Icon
IPv4 addressing and micro-segmentation
Icon
Traditional network security
Icon
Networks of today
Icon
Building trust into the network
Icon
Virtual private networking and remote access
Icon
Getting to know the “zero trust” concept
Icon
Understanding firewall functionality
Icon
Distributed denial of service
Icon
Summary
Icon
References
13
Chapter 10: Computer and Server Security
Icon
Chapter 10: Computer and Server Security
Icon
The history of operating systems
Icon
Exploring server hardening steps
Icon
Dangers of TOFU
Icon
The IoT
Icon
Understanding encryption
Icon
Summary
Icon
References
14
Chapter 11: Securing Software Development through DevSecOps
Icon
Chapter 11: Securing Software Development through DevSecOps
Icon
Why introduce cybersecurity early?
Icon
A new style in project management
Icon
The six principles of DevSecOps
Icon
Code reviews
Icon
Open source licensing
Icon
Gitflow branching
Icon
Secure coding checklists
Icon
Embedded secrets
Icon
Summary
Icon
References
15
Chapter 12: Testing Your Security and Building Metrics
Icon
Chapter 12: Testing Your Security and Building Metrics
Icon
Understanding your requirements
Icon
Continuous evaluation of your security program
Icon
Why CARE about metrics?
Icon
Vulnerability metrics
Icon
Incident reporting – red team versus blue team
Icon
Reporting to the executive team and BoD
Icon
Summary
Icon
References
16
Index
Icon
Index
Icon
Why subscribe?
17
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

Program charters

What is your department responsible for? How will you go about setting policies for information technology and the rest of the organization? Does the department have oversight of how things are implemented, configured, and monitored? When establishing governance, the first thing people think of is building roles and responsibility matrices – responsible, accountable, consulted, and informed (RACI) charts, and the like.

While RACI charts, roles, and responsibility matrices tend to provide the who and the what, they do not provide much detail. Program charters are intended to help fill in those gaps. They can be written to provide as little or as much detail as possible to help define what those responsibilities are and their intended purpose. For instance, most information security departments act as advisors for the rest of the information technology department. In this scenario, security has oversight of all aspects of information technology, but security does not implement or configure the IT resource (because of the separation of duties).

Much like policies, standards, and procedures (which we will cover in Chapter 4), a program charter document should have the following sections:

Purpose

What is the purpose of the charter? What is it trying to convey to the reader? Are there specific questions that the charter is trying to answer?

Scope

Charters impact an organization in many ways. They can impact internal and external employees, third-party vendors, contractors, whole departments, or the organization. Who will be impacted when this charter is put into place?

Responsibilities

Much like a RACI chart, what is the security department instructed to do? What is it responsible for? This is where you set the stage for how the department will function. Will it have oversight of many different aspects of information technology and the rest of the organization?

Those responsible for the charter

The charter must have a stakeholder and an executive sponsor to sign off on it. The stakeholder should be the head of the department, whether that is the Chief Security Officer (CSO), Chief Information Security Officer (CISO), director of information security, or manager of information security. These are the individuals who will be making decisions about how they see their cybersecurity department operating. The executive sponsor, whether that is a Chief Information Officer (CIO) or Chief Executive Officer (CEO), must have the authority to sign off on the charter. Once the charter is officially signed off on, it will have the teeth necessary to carry out the charter and any other supporting documentation.

In the previous sections, we have discussed how the security department will achieve success, its importance to the organization, and what it will be responsible for. To build on those concepts, we will take it a step further to discuss initiatives, strategy, and what is important to you as a leader.

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Executive's Cybersecurity Program Handbook
End of Section 2
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon