book

CCISO Certified Chief Information Security Officer All-in-One Exam Guide

Name: CCISO Certified Chief Information Security Officer All-in-One Exam Guide
ISBN: 9781260463934

by Steve Bennett, Jordan Genung

November 2020

Intermediate to advanced

400 pages

12h 21m

English

McGraw-Hill

Read now

Unlock full access

Cover
Title Page
Copyright Page
Dedication
Contents
Acknowledgments
Introduction
Chapter 1 Governance and Risk Management
GovernanceInformation Security GovernanceInformation Security Management StructureSizingManagement StructurePrinciples of Information SecurityThe CIA TriadSecurity Vulnerabilities, Threats, Risks, and ExposuresCyberattack ElementsDefense-In-DepthRisk ManagementRisk Management ProgramBest Practice Frameworks for Risk ManagementManagement and Technical Information Security ElementsSecurity Program PlanSecurity Policies, Standards, and GuidelinesAsset SecurityIdentity and Access ManagementSecurity EngineeringPhysical SecuritySecurity OperationsSoftware Development SecuritySecurity Assessments and TestingSecurity Training and AwarenessBusiness Continuity and Disaster RecoveryComplianceCompliance TeamCompliance ManagementPrivacyPrivacy Impact AssessmentPrivacy and SecurityLaws and Regulatory DriversFederal Information Security Modernization ActDefense Federal Acquisition Regulation Supplement 252.204-7012Clinger-Cohen ActPayment Card Industry Data Security StandardPrivacy Act of 1974Gramm-Leach-Bliley ActHealth Insurance Portability and Accountability ActFamily Educational Rights and Privacy ActSarbanes-Oxley ActGeneral Data Protection RegulationNorth American Electric Reliability Corporation Critical Infrastructure ProtectionSummary of Laws and Regulatory DriversStandards and FrameworksISO/IEC 27000 SeriesISO/IEC 27001NIST Cybersecurity FrameworkFederal Information Processing StandardsNIST Special PublicationsPrivacy ShieldCOBITInformation Security Trends and Best PracticesOpen Web Application Security ProjectCloud Security AllianceCenter for Internet SecurityInformation Security Training and CertificationsInternational Information System Security Certification ConsortiumISACAInternational Council of E-Commerce ConsultantsSANS InstituteComputing Technology Industry AssociationInternational Association of Privacy ProfessionalsOffensive SecurityEthicsChapter ReviewQuick ReviewQuestionsAnswers
Chapter 2 Information Security Controls, Compliance, and Audit Management
Information Security ControlsControl FundamentalsControl FrameworksInformation Security Control Life Cycle FrameworksNIST Risk Management FrameworkNIST Cybersecurity FrameworkISO/IEC 27000Information Security Control Life CycleStep 1: Risk AssessmentStep 2: DesignStep 3: ImplementationStep 4: AssessmentStep 5: MonitoringExploring Information Security Control FrameworksNIST SP 800-53NIST Cybersecurity FrameworkISO/IEC 27002CIS Critical Security ControlsCSA Cloud Controls MatrixAuditing for the CISOAudit ManagementAudit ProcessControl Self-AssessmentsContinuous AuditingSpecific Types of Audits and AssessmentsChapter ReviewQuick ReviewQuestionsAnswers
Chapter 3 Security Program Management and Operations
Security Program ManagementSecurity Areas of FocusSecurity Streams of WorkAsset Security ManagementSecurity ProjectsSecurity Program Budgets, Finance, and Cost ControlEstablishing the BudgetManaging and Monitoring SpendingSecurity Program Resource Management: Building the Security TeamProject ManagementProject Management FundamentalsProject Management Training and CertificationsPhases of Project ManagementInitiatingPlanningExecutingMonitoring and ControllingClosingChapter ReviewQuick ReviewQuestionsAnswers

Chapter 4 Information Security Core Competencies
Malicious Software and AttacksMalwareScripting and Vulnerability-Specific AttacksSocial EngineeringTypes of Social Engineering AttacksWhy Employees Are Susceptible to Social EngineeringSocial Engineering DefensesAsset SecurityAsset Inventory and Configuration ManagementSecure Configuration BaselinesVulnerability ManagementAsset Security TechniquesData SecurityData at RestData in TransitData in UseData Life CycleIdentity and Access ManagementIdentity and Access Management FundamentalsIdentity Management TechnologiesAuthentication Factors and MechanismsAccess Control PrinciplesAccess Control ModelsAccess Control AdministrationIdentity and Access Management Life CycleCommunication and Network SecurityWANs and LANsIP AddressingNetwork Address TranslationNetwork Protocols and CommunicationsWirelessNetwork Technologies and DefensesCryptographyCryptographic DefinitionsCryptographic ServicesSymmetric, Asymmetric, and Hybrid CryptosystemsHash AlgorithmsMessage Authentication CodesDigital SignaturesPublic Key InfrastructureCloud SecurityCloud Computing CharacteristicsCloud Deployment ModelsCloud Service ModelsCloud Security Risks and Assurance LevelsCloud Security ResourcesPhysical SecurityPhysical Security ThreatsPhysical Security Program PlanningPhysical Security ResourcesPhysical Security ControlsPhysical Security Auditing and MeasurementPersonnel SecuritySoftware Development SecurityIntegrating Security into the SDLCSecurity SDLC Roles and ResponsibilitiesSoftware VulnerabilitiesSecure Coding PracticesSoftware Vulnerability Analysis and AssessmentsForensics, Incident Handling, and InvestigationsRelevant LawLogging and MonitoringIncident Response and Investigations
Forensics and Digital Evidence
Security Assessment and TestingVulnerability AssessmentsPenetration TestingRegulatory Compliance AssessmentsSecurity Program AssessmentsBusiness Continuity and Disaster RecoveryContinuity Planning InitiationBusiness Impact AnalysisIdentify Preventive ControlsDevelop Recovery Strategies and SolutionsDevelop the PlanTest the PlanMaintain the PlanChapter ReviewQuick ReviewQuestionsAnswers
Chapter 5 Strategic Planning, Finance, Procurement, and Vendor Management
Strategic PlanningOrganizational Strategic PlanningOrganizational Strategic Planning TeamsStrategic Planning ProcessSecurity Strategic Plan ExampleMaking Security DecisionsEnterprise ArchitectureFinancial ManagementAccounting and Finance BasicsInformation Security Annual BudgetProcurement and Vendor ManagementProcurement Core Principles and ProcessesTypes of ContractsScope AgreementsThird-Party Vendor Risk ManagementChapter ReviewQuick ReviewQuestionsAnswers
Appendix About the Online Content
System RequirementsYour Total Seminars Training Hub AccountPrivacy NoticeSingle User License Terms and ConditionsTotalTester OnlineTechnical Support
Glossary
Index

Content preview from CCISO Certified Chief Information Security Officer All-in-One Exam Guide

CHAPTER 2

Information Security Controls, Compliance, and Audit Management

This chapter discusses the following topics:

• Information security controls

• Information security control life cycle frameworks

• Information security control life cycle

• Exploring information security control frameworks

• Auditing for the CISO

Chapter 1 introduced the concept of risk management, in which an organization performs a risk analysis of the entire enterprise to understand each asset’s importance to the business. An asset is an information system, a facility, data, or any component (hardware, software, or data) used to support operations. This chapter explores how an organization goes about selecting and auditing security controls for a given ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

CISM Certified Information Security Manager Study Guide

Publisher Resources

ISBN: 9781260463934

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

CCISO Certified Chief Information Security Officer All-in-One Exam Guide

by Steve Bennett, Jordan Genung

Information Security Controls, Compliance, and Audit Management

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.