Sign In Start Free Trial

Book Overview & Buying
Table Of Contents

A CISO Guide to Cyber Resilience

By : Debra Baker

5 (11)

A CISO Guide to Cyber Resilience

5 (11)

By: Debra Baker

Overview of this book

This book, written by the CEO of TrustedCISO with 30+ years of experience, guides CISOs in fortifying organizational defenses and safeguarding sensitive data. Analyze a ransomware attack on a fictional company, BigCo, and learn fundamental security policies and controls. With its help, you’ll gain actionable skills and insights suitable for various expertise levels, from basic to intermediate. You’ll also explore advanced concepts such as zero-trust, managed detection and response, security baselines, data and asset classification, and the integration of AI and cybersecurity. By the end, you'll be equipped to build, manage, and improve a resilient cybersecurity program, ensuring your organization remains protected against evolving threats.

Preface

Preface

Who this book is for

What this book covers

To get the most out of this book

Conventions used

Get in touch

Reviews

Share Your Thoughts

Download a free PDF copy of this book

Free Chapter

Part 1: Attack on BigCo

Part 1: Attack on BigCo

Chapter 1: The Attack on BigCo

Chapter 1: The Attack on BigCo

BigCo – the attack

BigCo – cross-team co-ordination

Summary

Part 2: Security Resilience: Getting the Basics Down

Part 2: Security Resilience: Getting the Basics Down

Chapter 2: Identity and Access Management

Chapter 2: Identity and Access Management

Two-factor authentication and why you need it

Password complexity and NIST 800-63-3B

Password manager

Quick reference

Summary

Chapter 3: Security Policies

Chapter 3: Security Policies

Where are your policies, and are they being used?

Compliance begins with laws and regulations

Importance of Due diligence

Summary

Chapter 4: Security and Risk Management

Chapter 4: Security and Risk Management

What is risk management?

Identifying risks

Monitoring your controls

Key performance indicators (KPIs)

Quick reference

Summary

Chapter 5: Securing Your Endpoints

Chapter 5: Securing Your Endpoints

Antivirus/anti-malware

Virtual private network (VPN)

Moving to remote work

Testing your home firewall

Network access control (NAC) and Zero Trust

Application firewall

Securing your browser

Turning on your application firewall

Okta hack

Summary

Chapter 6: Data Safeguarding

Chapter 6: Data Safeguarding

Offline backups

Testing your backups

Cryptographic hashing

Availability in the cloud

Business continuity

Disaster recovery

Summary

Chapter 7: Security Awareness Culture

Chapter 7: Security Awareness Culture

Security awareness training is foundational

Security is everyone’s responsibility

Security awareness training is mandatory and tracked

Chapter 8: Vulnerability Management

Chapter 8: Vulnerability Management

What are software vulnerabilities?

Prioritizing your remediations

Securing your code

Summary

Chapter 9: Asset Inventory

Chapter 9: Asset Inventory

Asset inventory

Change management

Mobile device management (MDM)

Knowing your network

Summary

Chapter 10: Data Protection

Chapter 10: Data Protection

Encrypt your data!

What is PII? It depends…

Third-party risk management

Summary

Part 3: Security Resilience: Taking Your Security Program to the Next Level

Part 3: Security Resilience: Taking Your Security Program to the Next Level

Chapter 11: Taking Your Endpoint Security to the Next Level

Chapter 11: Taking Your Endpoint Security to the Next Level

Endpoint detection and response (EDR) – Focusing on the “R”

Managed detection and response (MDR)

Extended detection and response (XDR)

Cloud security posture management (CSPM)/Cloud-native application protection program (CNAPP)

Zero trust vs. software-defined perimeter

Summary

Chapter 12: Secure Configuration Baseline

Chapter 12: Secure Configuration Baseline

Security baseline

System and Organizational Controls (SOC) 2

Creating your security baseline

Summary

Chapter 13: Classify Your Data and Assets

Chapter 13: Classify Your Data and Assets

Start with your data

Classifying your assets

Monitoring

Subnetting

Segmentation

Summary

Chapter 14: Cyber Resilience in the Age of Artificial Intelligence (AI)

Chapter 14: Cyber Resilience in the Age of Artificial Intelligence (AI)

ChatGPT

What is responsible AI?

Secure AI framework (SAIF)

AI and cybersecurity – The good, the bad, and the ugly

AI bias

NIST AI RMF

Summary

Index

Index

Why subscribe?

Other Books You May Enjoy

Other Books You May Enjoy

Packt is searching for authors like you

Share Your Thoughts

Download a free PDF copy of this book

Index

As this ebook edition doesn't have fixed pagination, the page numbers below are hyperlinked for reference only, based on the printed edition of this book.

Symbols

1Password 25

A

Abnormal Security 54

acceptable use policy (AUP) 56, 83, 122

Address Resolution Protocol (ARP) 179

Advanced Encryption Standard (AES) 116

AI bias 197

human bias 199

statistical bias 198, 199

systematic bias 198

AI cybersecurity 195

benefits 195

challenges 196

unethical uses 197

American Institute of Certified Public Accountants (AICPA) 160

anti-malware 51

antivirus 51

application firewall 57

turning on 58

Argon2 24

Artificial Intelligence Act 192

artificial intelligence (AI) 20, 54, 135, 189

asset inventory 105, 106

automating 107

asset management

quick reference 112-114

assets

classifying 177, 178

identifying 106

asymmetric encryption 116

asymmetric key 116

availability

...

Visually different images

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

A CISO Guide to Cyber Resilience

Search

Your notes and bookmarks