Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Information Security Handbook
  • Table Of Contents Toc
  • Feedback & Rating feedback
Information Security Handbook

Information Security Handbook - Second Edition

By : Death
5 (5)
Buy this Book
close
close
Information Security Handbook

Information Security Handbook

5 (5)
By: Death
Buy this Book

Overview of this book

Information Security Handbook is a practical guide that’ll empower you to take effective actions in securing your organization’s assets. Whether you are an experienced security professional seeking to refine your skills or someone new to the field looking to build a strong foundation, this book is designed to meet you where you are and guide you toward improving your understanding of information security. Each chapter addresses the key concepts, practical techniques, and best practices to establish a robust and effective information security program. You’ll be offered a holistic perspective on securing information, including risk management, incident response, cloud security, and supply chain considerations. This book has distilled years of experience and expertise of the author, Darren Death, into clear insights that can be applied directly to your organization’s security efforts. Whether you work in a large enterprise, a government agency, or a small business, the principles and strategies presented in this book are adaptable and scalable to suit your specific needs. By the end of this book, you’ll have all the tools and guidance needed to fortify your organization’s defenses and expand your capabilities as an information security practitioner.
Table of Contents (16 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Conventions used
Icon
Get in touch
Icon
Reviews
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
1
Chapter 1: Information and Data Security Fundamentals
Icon
Chapter 1: Information and Data Security Fundamentals
Icon
Introduction
Icon
Information security challenges
Icon
Evolution of cybercrime
Icon
The modern role of information security
Icon
Information assurance
Icon
The CIA triad
Icon
Risk management
Icon
Summary
Lock Free Chapter
2
Chapter 2: Defining the Threat Landscape
Icon
Chapter 2: Defining the Threat Landscape
Icon
Understanding the organizational context
Icon
Threats
Icon
Hackers and hacking
Icon
Closing information system vulnerabilities
Icon
Summary
3
Chapter 3: Laying a Foundation for Information and Data Security
Icon
Chapter 3: Laying a Foundation for Information and Data Security
Icon
Developing a comprehensive information security program
Icon
Leveraging existing frameworks instead of building from scratch
Icon
Essential factors for information security program success
Icon
Information security policies
Icon
Summary
4
Chapter 4: Information Security Risk Management
Icon
Chapter 4: Information Security Risk Management
Icon
What is information security risk?
Icon
Understanding the ownership and management of information security risk
Icon
Identifying and protecting your organization’s 
valuable data
Icon
Conducting a quick risk assessment
Icon
Risk management is an organizational-wide activity
Icon
The life cycle of risk management in information security
Icon
Information classification and its importance in information security
Icon
Steps in the data classification process
Icon
Establishing impact
Icon
Security control selection
Icon
Calculating risk – a comprehensive look at qualitative and quantitative risk assessments
Icon
Identifying threats and choosing the right approach
Icon
Exploring management approaches to risk
Icon
Summary
5
Chapter 5: Developing Your Information and Data Security Plan
Icon
Chapter 5: Developing Your Information and Data Security Plan
Icon
Determining your information security program objectives
Icon
Foundational information security activities to consider
Icon
Successful information security program elements
Icon
Rightsizing your information security program
Icon
Principles to guarantee the success of your information security program
Icon
Information security program plan elements
Icon
Summary
6
Chapter 6: Continuous Testing and Monitoring
chevron up
Icon
Chapter 6: Continuous Testing and Monitoring
Icon
Types of technical testing
Icon
SDLC considerations for testing
Icon
SDLC summary
Icon
Continuous monitoring
Icon
Vulnerability assessment
Icon
Penetration testing
Icon
Difference between vulnerability assessments and penetration testing
Icon
Summary
7
Chapter 7: Business Continuity/Disaster Recovery Planning
Icon
Chapter 7: Business Continuity/Disaster Recovery Planning
Icon
Introduction to BCDR
Icon
Designing a BCDR plan
Icon
Defining technical DR mechanisms
Icon
Developing your plan
Icon
Testing the BCDR plan
Icon
Summary
8
Chapter 8: Incident Response Planning
Icon
Chapter 8: Incident Response Planning
Icon
What is an IRP?
Icon
Preparation of an IRP
Icon
Identification – detection and analysis
Icon
Identification – incident response tools
Icon
Remediation – containment/recovery/mitigation
Icon
Remediation – incident response tools
Icon
Post-incident activity
Icon
Summary
9
Chapter 9: Developing a Security Operations Center
Icon
Chapter 9: Developing a Security Operations Center
Icon
What is a SOC?
Icon
Management of SOC tools
Icon
SOC toolset design
Icon
SOC roles
Icon
Processes and procedures
Icon
SOC tools
Icon
Summary
10
Chapter 10: Developing an Information Security Architecture Program
Icon
Chapter 10: Developing an Information Security Architecture Program
Icon
What is information security architecture?
Icon
Information security architecture and SDLC/SELC
Icon
Conducting an initial information security analysis
Icon
Developing a security architecture advisement program
Icon
Information security architecture process
Icon
Summary
11
Chapter 11: Cloud Security Considerations
Icon
Chapter 11: Cloud Security Considerations
Icon
Importance of cloud computing
Icon
Cloud computing service models
Icon
Cloud computing deployment models
Icon
Cloud computing management models
Icon
Special considerations for cloud computing
Icon
Summary
12
Chapter 12: Zero Trust Architecture in Information Security
Icon
Chapter 12: Zero Trust Architecture in Information Security
Icon
Zero Trust and its principles
Icon
The history of Zero Trust
Icon
Importance of Zero Trust in cybersecurity
Icon
Shifting from traditional perimeter-based security
Icon
The pillars of Zero Trust
Icon
Summary
13
Chapter 13: Third-Party and Supply Chain Security
Icon
Chapter 13: Third-Party and Supply Chain Security
Icon
Understanding C-SCRM and its importance
Icon
The challenges in managing supply chain cybersecurity risks
Icon
The risks associated with supply chains
Icon
The consequences of supply chain risks
Icon
Methods to identify supply chain risks
Icon
Assessing the severity and likelihood of C-SCRM risks
Icon
Strategies to mitigate supply chain risks
Icon
Integrating C-SCRM into security program and business activities
Icon
Monitoring and reviewing C-SCRM practices
Icon
Summary
14
Index
Icon
Index
Icon
Why subscribe?
15
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

SDLC considerations for testing

The importance of security testing throughout the system development life cycle (SDLC) cannot be overstated. As information systems grow increasingly complex and cyber threats become more prevalent, organizations must prioritize security testing from the earliest stages of a project until the system’s eventual disposal. By considering security testing during every phase of the SDLC, organizations can safeguard valuable data and resources, maintain the confidentiality, integrity, and availability of information systems, and mitigate risks. The following discussion highlights the crucial role of security testing across the various stages of the SDLC and outlines best practices for integrating security considerations into each phase.

Project initiation

During the project initiation phase, information security professionals can collaborate closely with business/mission users and IT staff to understand the requested solution. By thoroughly analyzing...

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Information Security Handbook
End of Section 6
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon