What this book covers

Chapter 1, Information and Data Security Fundamentals, provides you with an overview of key concepts that will be examined throughout this book. You will understand the history, key concepts, and components of information and data security. Additionally, you will see how these concepts should be balanced with business needs.

Chapter 2, Defining the Threat Landscape, shows how understanding the modern threat landscape will help you develop a highly effective information security program to defend against current adversaries in support of your organization’s goals and objectives. In this chapter, you will learn how to determine what is important to your organization, potential threats to your organization, the types of hackers/adversaries, the methods used by hackers and adversaries, and the techniques for conducting training and awareness as it relates to threats.

Chapter 3, Laying a Foundation for Information and Data Security, teaches you the essential activities required to establish an enterprise-wide information security program, focusing on executive buy-in, policies, procedures, standards, and guidelines. Additionally, you will learn about the planning concepts associated with information security program establishment, the success factors for information security program development, integration of the SDLC in the information security program, information security program maturity concepts, and best practices related to policies, procedures, standards, and guidelines.

Chapter 4, Information Security Risk Management, outlines the fundamentals of information security risk management, which provides the primary interface for prioritization and communication between the information security program and the business. Additionally, you will learn about some key concepts related to information security risk management, how to determine where valuable data is in your organization, some quick risk assessment techniques, how risk management affects different parts of the organization, how to perform information categorization, security control selection, implementation, and testing, and what’s involved in authorizing information systems for production operation.

Chapter 5, Developing Your Information and Data Security Plan, teaches you the concepts necessary to develop your information security program plan. Your program plan will be a foundational document to establish how your information security program will function and interact with the rest of the business. Additionally, you will learn how to develop the objectives for your information security program, elements of a successful information security program, information security program business/mission alignment, information security program plan elements, and establishing information security program enforcement.

Chapter 6, Continuous Testing and Monitoring, explains how it is essential for the information security professional to understand that vulnerabilities in information systems are a fact of life that is not going away anytime soon. The key to protecting the modern information system is continued vigilance through continuous technical testing. In this chapter, you will learn about the technical testing capabilities at your disposal, testing integration into the SDLC, continuous monitoring considerations, vulnerability assessment considerations, and penetration testing considerations.

Chapter 7, Business Continuity/Disaster Recovery Planning, explores how these two topics encompass separate but related disciplines that work together. Business continuity planning ensures an organization can understand what business processes and information are essential to continued operations and success. Disaster recovery planning serves to develop a technical solution that supports the organization’s business needs in the event of a system outage. In this chapter, you will learn the scope and focus areas of the BCDR plan and the design, implementation, testing, and maintenance of the BCDR plan.

Chapter 8, Incident Response Planning, explains how an incident response plan is the plans and procedures that your information security program implements to ensure that you have adequate and repeatable processes to respond to an information security incident against your organizational network or information systems. In this chapter, you will learn about why you need an incident response plan, what components make up the incident response plan, tools and techniques related to incident response, the incident response process, and the OODA loop and how it can be applied to incident response.

Chapter 9, Developing a Security Operations Center, talks about how the Security Operations Center serves as your centralized view into your enterprise information systems. The security operations center aims to ensure this view is in real time so your organization can identify and respond to internal and external threats as quickly as possible. In this chapter, you will learn what comprises the responsibilities of the Security Operations Center; Security Operations Center tool management and design; Security Operations Center roles, processes, and procedures; and internal versus outsourced Security Operations Center implementation considerations.

Chapter 10, Developing an Information Security Architecture Program, shows how to establish rigorous and comprehensive policies, procedures, and guidelines around the development and operationalization of an information security architecture across the enterprise information technology deployed within an organization. Additionally, you will learn about incorporating security architecture into the system development life cycle process, conducting an initial information security analysis, and developing a security architecture advisement program.

Chapter 11, Cloud Security Consideration, discusses how cloud computing enables on-demand and ubiquitous access to a shared pool of configurable outsourced computing resources such as networks, servers, storage, and applications. In this chapter, you will learn about cloud computing characteristics and services, deployment and management models, and special information security considerations as they relate to cloud computing.

Chapter 12, Zero Trust Architecture in Information Security, notes that Zero Trust has emerged as a key architectural framework in modern information security, challenging traditional models by fundamentally shifting how organizations perceive trust and access to data and information systems. In this chapter, you will learn about Zero Trust and its principles, the history of Zero Trust, the importance of Zero Trust in cybersecurity, the shift from traditional perimeter-based security, and the pillars of Zero Trust.

Chapter 13, Third-Party and Supply Chain Security, recognizes that cybersecurity is not a singular, one-off effort but a continuous process that must be integrated into the entire life cycle of supply chain operations. It forces organizations to look beyond their internal cybersecurity practices and assess their partners’ practices. In this chapter, you will learn about C-SCRM and its importance, understand the challenges in managing supply chain cybersecurity, and consider the risks associated with supply chains, the consequences of supply chain risks, the methods for identifying supply chain risks. You’ll also learn about assessing the severity and likelihood of C-SCRM risks, strategies for mitigating supply chain risks, integrating C-SCRM into security programs and business activities, and monitoring and reviewing C-SCRM practices.