book

Information Security Handbook - Second Edition

by Darren Death

October 2023

Beginner to intermediate

370 pages

11h 42m

English

Packt Publishing

Read now

Unlock full access

ContributorsAbout the authorAbout the reviewers
Who this book is forWhat this book coversTo get the most out of this bookConventions usedGet in touchReviewsShare Your ThoughtsDownload a free PDF copy of this book
IntroductionInformation security challengesEvolution of cybercrimeThe modern role of information securityInformation technology security engineeringInformation assuranceThe CIA triadOrganizational information security assessmentRisk managementInformation security standardsInformation security policiesInformation security trainingSummary
Understanding the organizational contextThreatsPhishing attacksRansomwareMalwareDistributed denial-of-service attacksInsider threatsAdvanced Persistent ThreatsSocial engineering attacksSupply chain attacksHackers and hackingWhite hat/ethical hackerBlack hat hackerGray hat hackerBlue hat hackerScript kiddieHacktivistNation-state attackerPenetration testingCybercrimeExploitsHacker techniquesClosing information system vulnerabilitiesVulnerability managementSummary
Developing a comprehensive information security programLeveraging existing frameworks instead of building from scratchEssential factors for information security program successAligning information security with the organization’s missionOptimizing information security measures for your organizationEnhancing security through comprehensive awareness and training programsBuilding information security into the SDLC/SELC processUnderstanding and enhancing your information security program maturityInformation security policiesInformation security program policyEnterprise information security policiesInformation security system-specific policyPlanning policyAccess controls policyAwareness and training policyAuditing and accountability policyConfiguration management policyContingency planning policyIdentification and authentication policyIncident response policyMaintenance policyMedia protection policyPersonnel security policyPhysical and environmental protection policyRisk assessment policyAssessment, authorization, and monitoring policySystem and communications protection policySystem and information integrity policySystems and services acquisitions policyPersonally identifiable information policySupply chain risk management policySummary
What is information security risk?Understanding the ownership and management of information security riskIdentifying and protecting your organization’s  valuable dataConducting a quick risk assessmentRisk management is an organizational-wide activityThe life cycle of risk management in information securityInformation classification and its importance in information securitySteps in the data classification processDetermining information assetsFinding information in the environmentOrganizing information into categoriesValuing informationEstablishing impactSecurity control selectionSecurity control implementationAssessing implemented security controlsAuthorizing information systems to operateMonitoring information system security controlsCalculating risk – a comprehensive look at qualitative and quantitative risk assessmentsQualitative risk analysis – subjective evaluation of threatsQuantitative risk analysis – objective measurements and calculationsIdentifying threats and choosing the right approachIdentifying your organization’s vulnerabilitiesPairing threats with vulnerabilitiesEstimating likelihoodEstimating impactConducting the risk assessmentExploring management approaches to riskQuantitative analysisSummary
Determining your information security program objectivesFoundational information security activities to considerSuccessful information security program elementsRightsizing your information security programCompliance requirementsIs your organization centralized or decentralized?Business risk appetiteOrganizational maturityPrinciples to guarantee the success of your information security programBusiness alignmentCommunication strategiesInformation security program plan elementsDeveloping an information security program strategyEstablishing key initiativesDefining roles and responsibilitiesEstablishing enforcement areasSummary
Types of technical testingSDLC considerations for testingProject initiationRequirements analysisSystem designSystem implementationSystem testingOperations and maintenanceDispositionSDLC summaryContinuous monitoringInformation security assessment automationEffectively reporting information security metricsAlerting to information security weaknessesVulnerability assessmentVulnerability scanning processVulnerability resolutionPenetration testingPhases of a penetration testDifference between vulnerability assessments and penetration testingSummary
Introduction to BCDRIntegrating BC planning and DR planningScope of a BCDR planFocus areas for BCDR planningDesigning a BCDR planRequirements and context gathering – BIAInputs to the BIAOutputs from the BIASample BIA formDefining technical DR mechanismsIdentifying and documenting required resourcesConducting a gap analysisDeveloping DR mechanismsDeveloping your planTesting the BCDR planSummary
What is an IRP?Do I need an IRP?Components of an IRPPreparation of an IRPUnderstanding what is importantPrioritizationDetermining what normal network activity looks likeObserve, orient, decide, and actIncident response procedure developmentIdentification – detection and analysisIdentification – incident response toolsObservational technical toolsOrientation toolsDecision toolsRemediation – containment/recovery/mitigationRemediation – incident response toolsAct (response) toolsPost-incident activityRemediation – root cause analysisLessons-learned sessionsIRP testingSummary

What is a SOC?What are the responsibilities of the SOC?Management of SOC toolsSOC toolset designUsing already implemented toolsetsSOC rolesLog/information aggregationLog/information analysisProcesses and proceduresIdentification – detection and analysisRemediation – containment/eradication/recoverySOC toolsBenefits of a SOC – in-house and MSSPSummary
What is information security architecture?Information security architecture and SDLC/SELCInitiation phaseRequirement analysis phaseDesign phaseImplementation phaseTesting phaseOperations and maintenance phaseDisposition phaseConducting an initial information security analysisPurpose and description of the information systemDetermining compliance requirementsDocumenting key information system and project rolesDefining the expected user typesDocumenting interface requirementsDocumenting external information systems accessConducting a business impact assessment (BIA)Conducting information categorizationDeveloping a security architecture advisement programInformation security architecture processExample information security architecture processArchitecture special considerationsSummary
Importance of cloud computingCloud computing characteristicsCloud computing service modelsInfrastructure as a Service (IaaS)Platform as a Service (PaaS)Software as a Service (SaaS)Cloud computing deployment modelsPublic cloudPrivate cloudCommunity cloudHybrid cloudCloud computing management modelsManaged service providersCloud service providersSpecial considerations for cloud computingCloud computing data securityIdentification, authentication, and authorization in the cloudMonitoring and logging considerationsSecurity automation considerationsSecure application development considerationsSummary
Zero Trust and its principlesThe history of Zero TrustImportance of Zero Trust in cybersecurityShifting from traditional perimeter-based securityThe pillars of Zero TrustIdentity pillarDevicesNetworksApplications and WorkloadsDataSummary
Understanding C-SCRM and its importanceThe challenges in managing supply chain cybersecurity risksThe risks associated with supply chainsThe consequences of supply chain risksMethods to identify supply chain risksAssessing the severity and likelihood of C-SCRM risksStrategies to mitigate supply chain risksDeveloping C-SCRM policies and plansIntegrating C-SCRM into security program and business activitiesStakeholders that support the integrationMonitoring and reviewing C-SCRM practicesSummary
Other Books You May EnjoyPackt is searching for authors like youShare Your ThoughtsDownload a free PDF copy of this book

Overview

In the "Information Security Handbook," Darren Death presents a practical and accessible guide for developing robust and effective information security programs. Tailored for both seasoned professionals and new entrants to the field, this book offers indispensable insights into securing organizational assets through strategic and guided approaches. Whether tackling cloud security or implementing zero trust frameworks, readers will find clear and actionable advice.

What this Book will help me do

Establish and implement effective information security programs tailored to organizational needs.
Understand and comply with industry standards and regulations to ensure robust security practices.
Identify, assess, and mitigate security risks using advanced techniques like zero trust and supply chain management.
Integrate and institutionalize information security architectures across systems and engineering processes.
Apply practical and scalable actions to enhance cybersecurity hygiene and organizational defense capabilities.

Author(s)

Darren Death, a seasoned information security expert, brings decades of practical experience and leadership to this book. Leveraging his history in designing and managing security programs across varied industries, Darren provides readers with the methodologies and insights drawn from real-world challenges. His passion lies in demystifying information security concepts and empowering organizations through clear, actionable guidance.

Who is it for?

This book is perfect for information security professionals aiming to enhance their understanding of building business-aligned security programs. It's also ideal for beginners seeking a comprehensive introduction to information security practices. Enterprise IT managers, risk analysts, and cybersecurity architects, looking for realistic and pragmatic advice on security implementation, will find this book invaluable. Whether you're advancing your career or ensuring organizational protection, this book is for you.