book

Information Security Handbook - Second Edition

Name: Information Security Handbook - Second Edition
Author: Darren Death
ISBN: 9781837632701

by Darren Death

October 2023

Beginner to intermediate

370 pages

11h 42m

English

Packt Publishing

Read now

Unlock full access

Information Security Handbook
ContributorsAbout the authorAbout the reviewers
Preface
Who this book is forWhat this book coversTo get the most out of this bookConventions usedGet in touchReviewsShare Your ThoughtsDownload a free PDF copy of this book
Chapter 1: Information and Data Security Fundamentals
IntroductionInformation security challengesEvolution of cybercrimeThe modern role of information securityInformation technology security engineeringInformation assuranceThe CIA triadOrganizational information security assessmentRisk managementInformation security standardsInformation security policiesInformation security trainingSummary
Chapter 2: Defining the Threat Landscape
Understanding the organizational contextThreatsPhishing attacksRansomwareMalwareDistributed denial-of-service attacksInsider threatsAdvanced Persistent ThreatsSocial engineering attacksSupply chain attacksHackers and hackingWhite hat/ethical hackerBlack hat hackerGray hat hackerBlue hat hackerScript kiddieHacktivistNation-state attackerPenetration testingCybercrimeExploitsHacker techniquesClosing information system vulnerabilitiesVulnerability managementSummary
Chapter 3: Laying a Foundation for Information and Data Security
Developing a comprehensive information security programLeveraging existing frameworks instead of building from scratchEssential factors for information security program successAligning information security with the organization’s missionOptimizing information security measures for your organizationEnhancing security through comprehensive awareness and training programsBuilding information security into the SDLC/SELC processUnderstanding and enhancing your information security program maturityInformation security policiesInformation security program policyEnterprise information security policiesInformation security system-specific policyPlanning policyAccess controls policyAwareness and training policyAuditing and accountability policyConfiguration management policyContingency planning policyIdentification and authentication policyIncident response policyMaintenance policyMedia protection policyPersonnel security policyPhysical and environmental protection policyRisk assessment policyAssessment, authorization, and monitoring policySystem and communications protection policySystem and information integrity policySystems and services acquisitions policyPersonally identifiable information policySupply chain risk management policySummary
Chapter 4: Information Security Risk Management
What is information security risk?Understanding the ownership and management of information security riskIdentifying and protecting your organization’s  valuable dataConducting a quick risk assessmentRisk management is an organizational-wide activityThe life cycle of risk management in information securityInformation classification and its importance in information securitySteps in the data classification processDetermining information assetsFinding information in the environmentOrganizing information into categoriesValuing informationEstablishing impactSecurity control selectionSecurity control implementationAssessing implemented security controlsAuthorizing information systems to operateMonitoring information system security controlsCalculating risk – a comprehensive look at qualitative and quantitative risk assessmentsQualitative risk analysis – subjective evaluation of threatsQuantitative risk analysis – objective measurements and calculationsIdentifying threats and choosing the right approachIdentifying your organization’s vulnerabilitiesPairing threats with vulnerabilitiesEstimating likelihoodEstimating impactConducting the risk assessmentExploring management approaches to riskQuantitative analysisSummary
Chapter 5: Developing Your Information and Data Security Plan
Determining your information security program objectivesFoundational information security activities to considerSuccessful information security program elementsRightsizing your information security programCompliance requirementsIs your organization centralized or decentralized?Business risk appetiteOrganizational maturityPrinciples to guarantee the success of your information security programBusiness alignmentCommunication strategiesInformation security program plan elementsDeveloping an information security program strategyEstablishing key initiativesDefining roles and responsibilitiesEstablishing enforcement areasSummary
Chapter 6: Continuous Testing and Monitoring
Types of technical testingSDLC considerations for testingProject initiationRequirements analysisSystem designSystem implementationSystem testingOperations and maintenanceDispositionSDLC summaryContinuous monitoringInformation security assessment automationEffectively reporting information security metricsAlerting to information security weaknessesVulnerability assessmentVulnerability scanning processVulnerability resolutionPenetration testingPhases of a penetration testDifference between vulnerability assessments and penetration testingSummary
Chapter 7: Business Continuity/Disaster Recovery Planning
Introduction to BCDRIntegrating BC planning and DR planningScope of a BCDR planFocus areas for BCDR planningDesigning a BCDR planRequirements and context gathering – BIAInputs to the BIAOutputs from the BIASample BIA formDefining technical DR mechanismsIdentifying and documenting required resourcesConducting a gap analysisDeveloping DR mechanismsDeveloping your planTesting the BCDR planSummary
Chapter 8: Incident Response Planning
What is an IRP?Do I need an IRP?Components of an IRPPreparation of an IRPUnderstanding what is importantPrioritizationDetermining what normal network activity looks likeObserve, orient, decide, and actIncident response procedure developmentIdentification – detection and analysisIdentification – incident response toolsObservational technical toolsOrientation toolsDecision toolsRemediation – containment/recovery/mitigationRemediation – incident response toolsAct (response) toolsPost-incident activityRemediation – root cause analysisLessons-learned sessionsIRP testingSummary

Chapter 9: Developing a Security Operations Center
What is a SOC?What are the responsibilities of the SOC?Management of SOC toolsSOC toolset designUsing already implemented toolsetsSOC rolesLog/information aggregationLog/information analysisProcesses and proceduresIdentification – detection and analysisRemediation – containment/eradication/recoverySOC toolsBenefits of a SOC – in-house and MSSPSummary
Chapter 10: Developing an Information Security Architecture Program
What is information security architecture?Information security architecture and SDLC/SELCInitiation phaseRequirement analysis phaseDesign phaseImplementation phaseTesting phaseOperations and maintenance phaseDisposition phaseConducting an initial information security analysisPurpose and description of the information systemDetermining compliance requirementsDocumenting key information system and project rolesDefining the expected user typesDocumenting interface requirementsDocumenting external information systems accessConducting a business impact assessment (BIA)Conducting information categorizationDeveloping a security architecture advisement programInformation security architecture processExample information security architecture processArchitecture special considerationsSummary
Chapter 11: Cloud Security Considerations
Importance of cloud computingCloud computing characteristicsCloud computing service modelsInfrastructure as a Service (IaaS)Platform as a Service (PaaS)Software as a Service (SaaS)Cloud computing deployment modelsPublic cloudPrivate cloudCommunity cloudHybrid cloudCloud computing management modelsManaged service providersCloud service providersSpecial considerations for cloud computingCloud computing data securityIdentification, authentication, and authorization in the cloudMonitoring and logging considerationsSecurity automation considerationsSecure application development considerationsSummary
Chapter 12: Zero Trust Architecture in Information Security
Zero Trust and its principlesThe history of Zero TrustImportance of Zero Trust in cybersecurityShifting from traditional perimeter-based securityThe pillars of Zero TrustIdentity pillarDevicesNetworksApplications and WorkloadsDataSummary
Chapter 13: Third-Party and Supply Chain Security
Understanding C-SCRM and its importanceThe challenges in managing supply chain cybersecurity risksThe risks associated with supply chainsThe consequences of supply chain risksMethods to identify supply chain risksAssessing the severity and likelihood of C-SCRM risksStrategies to mitigate supply chain risksDeveloping C-SCRM policies and plansIntegrating C-SCRM into security program and business activitiesStakeholders that support the integrationMonitoring and reviewing C-SCRM practicesSummary
Index
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youShare Your ThoughtsDownload a free PDF copy of this book

Content preview from Information Security Handbook - Second Edition

8 Incident Response Planning

Incident response planning is a critical component of information security. This chapter covers the essential aspects of an incident response plan (IRP): its definition, preparation, identification process, including detection and analysis, and the tools for these tasks. We also address the stages of remediation, from containment to recovery and mitigation, supported by specific capabilities. The chapter concludes by discussing post-incident activities to prepare organizations for future incidents.

The following topics will be covered in this chapter:

What is an IRP?
Preparation of an IRP
Identification – detection and analysis
Identification – incident response tools
Remediation – containment/recovery/mitigation ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Fundamentals of Information Systems Security, 4th Edition

Publisher Resources

ISBN: 9781837632701

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Information Security Handbook - Second Edition

by Darren Death

8

Incident Response Planning

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.