book

Effective Cybersecurity: A Guide to Using Best Practices and Standards

Name: Effective Cybersecurity: A Guide to Using Best Practices and Standards
Author: William Stallings
ISBN: 9780134772929

by William Stallings

August 2018

Intermediate to advanced

800 pages

26h 7m

English

Addison-Wesley Professional

Read now

Unlock full access

Cover
About This E-Book
Title Page
Copyright Page
Dedication Page
Contents at a Glance
Table of Contents
Preface
BackgroundOrganization of the BookSupporting Websites
Acknowledgments
About the Author and Contributors

Technical Editors
Chapter 1 Best Practices, Standards, and a Plan of Action
1.1 Defining Cyberspace and Cybersecurity1.2 The Value of Standards and Best Practices Documents1.3 The Standard of Good Practice for Information Security1.4 The ISO/IEC 27000 Suite of Information Security Standards1.5 Mapping the ISO 27000 Series to the ISF SGP1.6 NIST Cybersecurity Framework and Security Documents1.7 The CIS Critical Security Controls for Effective Cyber Defense1.8 COBIT 5 for Information Security1.9 Payment Card Industry Data Security Standard (PCI DSS)1.10 ITU-T Security Documents1.11 Effective Cybersecurity1.12 Key Terms and Review Questions1.13 References
PART I Planning for Cybersecurity
Chapter 2 Security Governance
2.1 Security Governance and Security Management2.2 Security Governance Principles and Desired Outcomes2.3 Security Governance Components2.4 Security Governance Approach2.5 Security Governance Evaluation2.6 Security Governance Best Practices2.7 Key Terms and Review Questions2.8 References
Chapter 3 Information Risk Assessment
3.1 Risk Assessment Concepts3.2 Asset Identification3.3 Threat Identification3.4 Control Identification3.5 Vulnerability Identification3.6 Risk Assessment Approaches3.7 Likelihood Assessment3.8 Impact Assessment3.9 Risk Determination3.10 Risk Evaluation3.11 Risk Treatment3.12 Risk Assessment Best Practices3.13 Key Terms and Review Questions3.14 References
Chapter 4 Security Management
4.1 The Security Management Function4.2 Security Policy4.3 Acceptable Use Policy4.4 Security Management Best Practices4.5 Key Terms and Review Questions4.6 References
PART II Managing the Cybersecurity Function
Chapter 5 People Management
5.1 Human Resource Security5.2 Security Awareness and Education5.3 People Management Best Practices5.4 Key Terms and Review Questions5.5 References
Chapter 6 Information Management
6.1 Information Classification and Handling6.2 Privacy6.3 Document and Records Management6.4 Sensitive Physical Information6.5 Information Management Best Practices6.6 Key Terms and Review Questions6.7 References
Chapter 7 Physical Asset Management
7.1 Hardware Life Cycle Management7.2 Office Equipment7.3 Industrial Control Systems7.4 Mobile Device Security7.5 Physical Asset Management Best Practices7.6 Key Terms and Review Questions7.7 References
Chapter 8 System Development
8.1 System Development Life Cycle8.2 Incorporating Security into the SDLC8.3 System Development Management8.4 System Development Best Practices8.5 Key Terms and Review Questions8.6 References
Chapter 9 Business Application Management
9.1 Application Management Concepts9.2 Corporate Business Application Security9.3 End User-Developed Applications (EUDAs)9.4 Business Application Management Best Practices9.5 Key Terms and Review Questions9.6 References
Chapter 10 System Access
10.1 System Access Concepts10.2 User Authentication10.3 Password-Based Authentication10.4 Possession-Based Authentication10.5 Biometric Authentication10.6 Risk Assessment for User Authentication10.7 Access Control10.8 Customer Access10.9 System Access Best Practices10.10 Key Terms and Review Questions10.11 References
Chapter 11 System Management
11.1 Server Configuration11.2 Virtual Servers11.3 Network Storage Systems11.4 Service Level Agreements11.5 Performance and Capacity Management11.6 Backup11.7 Change Management11.8 System Management Best Practices11.9 Key Terms and Review Questions11.10 References
Chapter 12 Networks and Communications
12.1 Network Management Concepts12.2 Firewalls12.3 Virtual Private Networks and IP Security12.4 Security Considerations for Network Management12.5 Electronic Communications12.6 Networks and Communications Best Practices12.7 Key Terms and Review Questions12.8 References
Chapter 13 Supply Chain Management and Cloud Security
13.1 Supply Chain Management Concepts13.2 Supply Chain Risk Management13.3 Cloud Computing13.4 Cloud Security13.5 Supply Chain Best Practices13.6 Key Terms and Review Questions13.7 References
Chapter 14 Technical Security Management
14.1 Security Architecture14.2 Malware Protection Activities14.3 Malware Protection Software14.4 Identity and Access Management14.5 Intrusion Detection14.6 Data Loss Prevention14.7 Digital Rights Management14.8 Cryptographic Solutions14.9 Cryptographic Key Management14.10 Public Key Infrastructure14.11 Technical Security Management Best Practices14.12 Key Terms and Review Questions14.13 References
Chapter 15 Threat and Incident Management
15.1 Technical Vulnerability Management15.2 Security Event Logging15.3 Security Event Management15.4 Threat Intelligence15.5 Cyber Attack Protection15.6 Security Incident Management Framework15.7 Security Incident Management Process15.8 Emergency Fixes15.9 Forensic Investigations15.10 Threat and Incident Management Best Practices15.11 Key Terms and Review Questions15.12 References
Chapter 16 Local Environment Management
16.1 Local Environment Security16.2 Physical Security16.3 Local Environment Management Best Practices16.4 Key Terms and Review Questions16.5 References
Chapter 17 Business Continuity
17.1 Business Continuity Concepts17.2 Business Continuity Program17.3 Business Continuity Readiness17.4 Business Continuity Operations17.5 Business Continuity Best Practices17.6 Key Terms and Review Questions17.7 References
PART III Security Assessment
Chapter 18 Security Monitoring and Improvement
18.1 Security Audit18.2 Security Performance18.3 Security Monitoring and Improvement Best Practices18.4 Key Terms and Review Questions18.5 References
Appendix A References and Standards
ReferencesList of NIST, ITU-T, and ISO Documents Referenced in the Book
Appendix B Glossary
Index
Appendix C Answers to Review Questions

Overview

William Stallings’ Effective Cybersecurity offers a comprehensive and unified explanation of the best practices and standards that represent proven, consensus techniques for implementing cybersecurity. Stallings draws on the immense work that has been collected in multiple key security documents, making this knowledge far more accessible than it has ever been before. Effective Cybersecurity is organized to align with the comprehensive Information Security Forum document The Standard of Good Practice for Information Security, but deepens, extends, and complements ISF’s work with extensive insights from the ISO 27002 Code of Practice for Information Security Controls, the NIST Framework for Improving Critical Infrastructure Cybersecurity, COBIT 5 for Information Security, and a wide spectrum of standards and guidelines documents from ISO, ITU-T, NIST, Internet RFCs, other official sources, and the professional, academic, and industry literature.

In a single expert source, current and aspiring cybersecurity practitioners will find comprehensive and usable practices for successfully implementing cybersecurity within any organization. Stallings covers:

Security Planning: Developing approaches for managing and controlling the cybersecurity function; defining the requirements specific to a given IT environment; and developing policies and procedures for managing the security function
Security Management: Implementing the controls to satisfy the defined security requirements
Security Evaluation: Assuring that the security management function enables business continuity; monitoring, assessing, and improving the suite of cybersecurity controls.

Beyond requiring a basic understanding of cryptographic terminology and applications, this book is self-contained: all technology areas are explained without requiring other reference material. Each chapter contains a clear technical overview, as well as a detailed discussion of action items and appropriate policies. Stallings, author of 13 TAA Computer Science Textbooks of the Year, offers many pedagogical features designed to help readers master the material. These include: clear learning objectives, keyword lists, and glossaries to QR codes linking to relevant standards documents and web resources.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780134772929

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills