Information Security Handbook - Second Edition

By : Darren Death

Information Security Handbook - Second Edition

By: Darren Death

Overview of this book

Information Security Handbook is a practical guide that’ll empower you to take effective actions in securing your organization’s assets. Whether you are an experienced security professional seeking to refine your skills or someone new to the field looking to build a strong foundation, this book is designed to meet you where you are and guide you toward improving your understanding of information security. Each chapter addresses the key concepts, practical techniques, and best practices to establish a robust and effective information security program. You’ll be offered a holistic perspective on securing information, including risk management, incident response, cloud security, and supply chain considerations. This book has distilled years of experience and expertise of the author, Darren Death, into clear insights that can be applied directly to your organization’s security efforts. Whether you work in a large enterprise, a government agency, or a small business, the principles and strategies presented in this book are adaptable and scalable to suit your specific needs. By the end of this book, you’ll have all the tools and guidance needed to fortify your organization’s defenses and expand your capabilities as an information security practitioner.

Preface

Who this book is for

What this book covers

To get the most out of this book

Conventions used

Get in touch

Reviews

Share Your Thoughts

Download a free PDF copy of this book

Chapter 1: Information and Data Security Fundamentals

Introduction

Information security challenges

Evolution of cybercrime

The modern role of information security

Information assurance

The CIA triad

Risk management

Summary

Free Chapter

Chapter 2: Defining the Threat Landscape

Understanding the organizational context

Threats

Hackers and hacking

Closing information system vulnerabilities

Summary

Chapter 3: Laying a Foundation for Information and Data Security

Developing a comprehensive information security program

Leveraging existing frameworks instead of building from scratch

Essential factors for information security program success

Information security policies

Summary

Chapter 4: Information Security Risk Management

What is information security risk?

Understanding the ownership and management of information security risk

Identifying and protecting your organization’s  valuable data

Conducting a quick risk assessment

Risk management is an organizational-wide activity

The life cycle of risk management in information security

Information classification and its importance in information security

Steps in the data classification process

Establishing impact

Security control selection

Calculating risk – a comprehensive look at qualitative and quantitative risk assessments

Identifying threats and choosing the right approach

Exploring management approaches to risk

Summary

Chapter 5: Developing Your Information and Data Security Plan

Determining your information security program objectives

Foundational information security activities to consider

Successful information security program elements

Rightsizing your information security program

Principles to guarantee the success of your information security program

Information security program plan elements

Summary

Chapter 6: Continuous Testing and Monitoring

Types of technical testing

SDLC considerations for testing

SDLC summary

Continuous monitoring

Vulnerability assessment

Penetration testing

Difference between vulnerability assessments and penetration testing

Summary

Chapter 7: Business Continuity/Disaster Recovery Planning

Introduction to BCDR

Designing a BCDR plan

Defining technical DR mechanisms

Developing your plan

Testing the BCDR plan

Summary

Chapter 8: Incident Response Planning

What is an IRP?

Preparation of an IRP

Identification – detection and analysis

Identification – incident response tools

Remediation – containment/recovery/mitigation

Remediation – incident response tools

Post-incident activity

Summary

Chapter 9: Developing a Security Operations Center

What is a SOC?

Management of SOC tools

SOC toolset design

SOC roles

Processes and procedures

SOC tools

Summary

Chapter 10: Developing an Information Security Architecture Program

What is information security architecture?

Information security architecture and SDLC/SELC

Conducting an initial information security analysis

Developing a security architecture advisement program

Information security architecture process

Summary

Chapter 11: Cloud Security Considerations

Importance of cloud computing

Cloud computing service models

Cloud computing deployment models

Cloud computing management models

Special considerations for cloud computing

Summary

Chapter 12: Zero Trust Architecture in Information Security

Zero Trust and its principles

The history of Zero Trust

Importance of Zero Trust in cybersecurity

Shifting from traditional perimeter-based security

The pillars of Zero Trust

Summary

Chapter 13: Third-Party and Supply Chain Security

Understanding C-SCRM and its importance

The challenges in managing supply chain cybersecurity risks

The risks associated with supply chains

The consequences of supply chain risks

Methods to identify supply chain risks

Assessing the severity and likelihood of C-SCRM risks

Strategies to mitigate supply chain risks

Integrating C-SCRM into security program and business activities

Monitoring and reviewing C-SCRM practices

Summary

Index

Why subscribe?

Other Books You May Enjoy

Packt is searching for authors like you

Share Your Thoughts

Download a free PDF copy of this book

Customer Reviews

5 star

4 star

3 star

2 star

1 star

To get the most out of this book

To be as practical in our approach as possible, we’ve made a few assumptions about you, your skill level, and your needs. We assume you have a foundational understanding of cybersecurity and information security. This means you should be familiar with common security controls and concepts. If terms such as “firewalls,” “antivirus software,” “encryption,” and “password security” ring a bell, you’re on the right track. If not, don’t worry; we’ll provide explanations and guidance along the way.

In addition to basic cybersecurity concepts, we assume a baseline of enterprise technology knowledge. This doesn’t mean you need to be an IT expert, but it does imply a general understanding of how technology is used in organizational settings. If you’ve worked in an office environment, used business software, or interacted with enterprise-level systems, you have the foundational knowledge we’re referring to for this book. As with the assumption mentioned previously, we will provide explanations and guidance as we describe enterprise technology to support you.

If you meet these prerequisites, you’re well prepared to begin. If you find some concepts still unfamiliar, don’t be discouraged; this book is designed to bridge gaps in your knowledge and build a solid understanding from the ground up.

Information Security Handbook - Second Edition

By : Darren Death

Information Security Handbook - Second Edition

By: Darren Death

Overview of this book

Related Content you might be interested in

Current Title:

Information Security Handbook - Second Edition

Mastering Cloud Security Posture Management (CSPM)

Cybersecurity Architect's Handbook

Mastering Information Security Compliance Management

To get the most out of this book