Book description
Implement information security effectively as per your organization's needs.
About This Book
- Learn to build your own information security framework, the best fit for your organization
- Build on the concepts of threat modeling, incidence response, and security analysis
- Practical use cases and best practices for information security
Who This Book Is For
This book is for security analysts and professionals who deal with security mechanisms in an organization. If you are looking for an end to end guide on information security and risk analysis with no prior knowledge of this domain, then this book is for you.
What You Will Learn
- Develop your own information security framework
- Build your incident response mechanism
- Discover cloud security considerations
- Get to know the system development life cycle
- Get your security operation center up and running
- Know the various security testing types
- Balance security as per your business needs
- Implement information security best practices
In Detail
Having an information security mechanism is one of the most crucial factors for any organization. Important assets of organization demand a proper risk management and threat model for security, and so information security concepts are gaining a lot of traction. This book starts with the concept of information security and shows you why it's important.
It then moves on to modules such as threat modeling, risk management, and mitigation. It also covers the concepts of incident response systems, information rights management, and more. Moving on, it guides you to build your own information security framework as the best fit for your organization. Toward the end, you'll discover some best practices that can be implemented to make your security framework strong.
By the end of this book, you will be well-versed with all the factors involved in information security, which will help you build a security framework that is a perfect fit your organization's requirements.
Style and approach
This book takes a practical approach, walking you through information security fundamentals, along with information security best practices.
Publisher resources
Table of contents
- Preface
- Information and Data Security Fundamentals
- Defining the Threat Landscape
-
Preparing for Information and Data Security
- Establishing an information security program
- Information security policies
-
Recommended operational policies
- Planning policy
- Access control policy
- Awareness and training policy
- Auditing and accountability policy
- Configuration management policy
- Contingency planning policy
- Identification and authentication policy
- Incident response policy
- Maintenance policy
- Media protection policy
- Personnel security policy
- Physical and environmental protection policy
- Risk assessment policy
- Security assessment policy
- System and communications protection policy
- System and information integrity policy
- Systems and services acquisitions policy
- Summary
-
Information Security Risk Management
- What is risk?
- Who owns organizational risk?
- Where is your valuable data?
- Performing a quick risk assessment
-
Risk management is an organization-wide activity
- Business operations
- IT operations
- Personnel
- External organization
- Risk management life cycle
- Information categorization
- Data classification steps
- Determining information assets
- Finding information in the environment
- Disaster recovery considerations
- Backup storage considerations
- Organizing information into categories
- Examples of information type categories
- Security control selection
- Security control implementation
- Assessing implemented security controls
- Authorizing information systems to operate
- Monitoring information system security controls
-
Calculating risk
- Qualitative risk analysis
- Identifying your organizations threats
- Identifying your organizations vulnerabilities
- Pairing threats with vulnerabilities
- Estimating likelihood
- Estimating impact
- Conducting the risk assessment
- Management choices when it comes to risk
- Quantitative analysis
- Qualitative risk assessment example
- Summary
- Developing Your Information and Data Security Plan
- Continuous Testing and Monitoring
- Business Continuity/Disaster Recovery Planning
-
Incident Response Planning
- Do I need an incident response plan?
- Components of an incident response plan
- Preparing the incident response plan
- Identification – detection and analysis
- Identification – incident response tools
- Remediation – containment/recovery/mitigation
- Remediation - incident response tools
- Post incident activity
- Summary
- Developing a Security Operations Center
-
Developing an Information Security Architecture Program
- Information security architecture and SDLC/SELC
-
Conducting an initial information security analysis
- Purpose and description of the information system
- Determining compliance requirements
- Documenting key information system and project roles
- Defining the expected user types
- Documenting interface requirements
- Documenting external information systems access
- Conducting a business impact assessment
- Conducting an information categorization
- Developing a security architecture advisement program
- Summary
-
Cloud Security Consideration
- Cloud computing characteristics
- Cloud computing service models
- Cloud computing deployment models
- Cloud computing management models
- Cloud computing special consideration
- Summary
- Information and Data Security Best Practices
Product information
- Title: Information Security Handbook
- Author(s):
- Release date: December 2017
- Publisher(s): Packt Publishing
- ISBN: 9781788478830
You might also like
book
Defensive Security Handbook
Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don’t have …
book
The Basics of Information Security, 2nd Edition
As part of the Syngress Basics series, The Basics of Information Security provides you with fundamental …
book
Information Security: Principles and Practices, Second Edition
Information Security: Principles and Practices, Second Edition Everything You Need to Know About Modern Computer Security, …
book
Computer and Information Security Handbook, 3rd Edition
Computer and Information Security Handbook, Third Edition, provides the most current and complete reference on computer …