Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Information Security Handbook
  • Table Of Contents Toc
Information Security Handbook

Information Security Handbook

By : Darren Death
5 (5)
Buy this Book
close
close
Information Security Handbook

Information Security Handbook

5 (5)
By: Darren Death
Buy this Book

Overview of this book

Having an information security mechanism is one of the most crucial factors for any organization. Important assets of organization demand a proper risk management and threat model for security, and so information security concepts are gaining a lot of traction. This book starts with the concept of information security and shows you why it’s important. It then moves on to modules such as threat modeling, risk management, and mitigation. It also covers the concepts of incident response systems, information rights management, and more. Moving on, it guides you to build your own information security framework as the best fit for your organization. Toward the end, you’ll discover some best practices that can be implemented to make your security framework strong. By the end of this book, you will be well-versed with all the factors involved in information security, which will help you build a security framework that is a perfect fit your organization’s requirements.
Table of Contents (16 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Conventions used
Icon
Get in touch
Icon
Reviews
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
Lock Free Chapter
1
Chapter 1: Information and Data Security Fundamentals
Icon
Chapter 1: Information and Data Security Fundamentals
Icon
Introduction
Icon
Information security challenges
Icon
Evolution of cybercrime
Icon
The modern role of information security
Icon
Information assurance
Icon
The CIA triad
Icon
Risk management
Icon
Summary
2
Chapter 2: Defining the Threat Landscape
Icon
Chapter 2: Defining the Threat Landscape
Icon
Understanding the organizational context
Icon
Threats
Icon
Hackers and hacking
Icon
Closing information system vulnerabilities
Icon
Summary
3
Chapter 3: Laying a Foundation for Information and Data Security
Icon
Chapter 3: Laying a Foundation for Information and Data Security
Icon
Developing a comprehensive information security program
Icon
Leveraging existing frameworks instead of building from scratch
Icon
Essential factors for information security program success
Icon
Information security policies
Icon
Summary
4
Chapter 4: Information Security Risk Management
Icon
Chapter 4: Information Security Risk Management
Icon
What is information security risk?
Icon
Understanding the ownership and management of information security risk
Icon
Identifying and protecting your organization’s 
valuable data
Icon
Conducting a quick risk assessment
Icon
Risk management is an organizational-wide activity
Icon
The life cycle of risk management in information security
Icon
Information classification and its importance in information security
Icon
Steps in the data classification process
Icon
Establishing impact
Icon
Security control selection
Icon
Calculating risk – a comprehensive look at qualitative and quantitative risk assessments
Icon
Identifying threats and choosing the right approach
Icon
Exploring management approaches to risk
Icon
Summary
5
Chapter 5: Developing Your Information and Data Security Plan
Icon
Chapter 5: Developing Your Information and Data Security Plan
Icon
Determining your information security program objectives
Icon
Foundational information security activities to consider
Icon
Successful information security program elements
Icon
Rightsizing your information security program
Icon
Principles to guarantee the success of your information security program
Icon
Information security program plan elements
Icon
Summary
6
Chapter 6: Continuous Testing and Monitoring
chevron up
Icon
Chapter 6: Continuous Testing and Monitoring
Icon
Types of technical testing
Icon
SDLC considerations for testing
Icon
SDLC summary
Icon
Continuous monitoring
Icon
Vulnerability assessment
Icon
Penetration testing
Icon
Difference between vulnerability assessments and penetration testing
Icon
Summary
7
Chapter 7: Business Continuity/Disaster Recovery Planning
Icon
Chapter 7: Business Continuity/Disaster Recovery Planning
Icon
Introduction to BCDR
Icon
Designing a BCDR plan
Icon
Defining technical DR mechanisms
Icon
Developing your plan
Icon
Testing the BCDR plan
Icon
Summary
8
Chapter 8: Incident Response Planning
Icon
Chapter 8: Incident Response Planning
Icon
What is an IRP?
Icon
Preparation of an IRP
Icon
Identification – detection and analysis
Icon
Identification – incident response tools
Icon
Remediation – containment/recovery/mitigation
Icon
Remediation – incident response tools
Icon
Post-incident activity
Icon
Summary
9
Chapter 9: Developing a Security Operations Center
Icon
Chapter 9: Developing a Security Operations Center
Icon
What is a SOC?
Icon
Management of SOC tools
Icon
SOC toolset design
Icon
SOC roles
Icon
Processes and procedures
Icon
SOC tools
Icon
Summary
10
Chapter 10: Developing an Information Security Architecture Program
Icon
Chapter 10: Developing an Information Security Architecture Program
Icon
What is information security architecture?
Icon
Information security architecture and SDLC/SELC
Icon
Conducting an initial information security analysis
Icon
Developing a security architecture advisement program
Icon
Information security architecture process
Icon
Summary
11
Chapter 11: Cloud Security Considerations
Icon
Chapter 11: Cloud Security Considerations
Icon
Importance of cloud computing
Icon
Cloud computing service models
Icon
Cloud computing deployment models
Icon
Cloud computing management models
Icon
Special considerations for cloud computing
Icon
Summary
12
Chapter 12: Zero Trust Architecture in Information Security
Icon
Chapter 12: Zero Trust Architecture in Information Security
Icon
Zero Trust and its principles
Icon
The history of Zero Trust
Icon
Importance of Zero Trust in cybersecurity
Icon
Shifting from traditional perimeter-based security
Icon
The pillars of Zero Trust
Icon
Summary
13
Chapter 13: Third-Party and Supply Chain Security
Icon
Chapter 13: Third-Party and Supply Chain Security
Icon
Understanding C-SCRM and its importance
Icon
The challenges in managing supply chain cybersecurity risks
Icon
The risks associated with supply chains
Icon
The consequences of supply chain risks
Icon
Methods to identify supply chain risks
Icon
Assessing the severity and likelihood of C-SCRM risks
Icon
Strategies to mitigate supply chain risks
Icon
Integrating C-SCRM into security program and business activities
Icon
Monitoring and reviewing C-SCRM practices
Icon
Summary
14
Index
Icon
Index
Icon
Why subscribe?
15
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

Examples of successful attacks in the news

The reason that we perform so much testing is to ensure that the organization's information systems are protected from attack. Here are some examples of publicized attacks. These attacks could have been prevented if their organizations had tested and mitigated these vulnerabilities. If this had occurred, the attacker would not have had a vulnerability to exploit.

Point of sale system attacks

The point of sale (POS) systems are cash registers. You may be thinking what is the big deal about cash registers and how can people break into my network by attacking a cash register? The reality is that modern POS systems are typically fully functioning operating systems that expose services that can be exploited by an attacker.

Vendor

Date reported

Settlement amount

URLs

Target

December 19, 2013

$18.5 million

http://www.latimes.com/business/la-fi-target-credit-settlement-20170523-story.html

Home Depot

September 8, 2014

$19.5 million

https://threatpost.com/home-depot-agrees...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Information Security Handbook
End of Section 6
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon