book

Information Security Handbook - Second Edition

by Darren Death

October 2023

Beginner to intermediate

370 pages

11h 42m

English

Packt Publishing

Read now

Unlock full access

ContributorsAbout the authorAbout the reviewers
Who this book is forWhat this book coversTo get the most out of this bookConventions usedGet in touchReviewsShare Your ThoughtsDownload a free PDF copy of this book
IntroductionInformation security challengesEvolution of cybercrimeThe modern role of information securityInformation technology security engineeringInformation assuranceThe CIA triadOrganizational information security assessmentRisk managementInformation security standardsInformation security policiesInformation security trainingSummary
Understanding the organizational contextThreatsPhishing attacksRansomwareMalwareDistributed denial-of-service attacksInsider threatsAdvanced Persistent ThreatsSocial engineering attacksSupply chain attacksHackers and hackingWhite hat/ethical hackerBlack hat hackerGray hat hackerBlue hat hackerScript kiddieHacktivistNation-state attackerPenetration testingCybercrimeExploitsHacker techniquesClosing information system vulnerabilitiesVulnerability managementSummary
Developing a comprehensive information security programLeveraging existing frameworks instead of building from scratchEssential factors for information security program successAligning information security with the organization’s missionOptimizing information security measures for your organizationEnhancing security through comprehensive awareness and training programsBuilding information security into the SDLC/SELC processUnderstanding and enhancing your information security program maturityInformation security policiesInformation security program policyEnterprise information security policiesInformation security system-specific policyPlanning policyAccess controls policyAwareness and training policyAuditing and accountability policyConfiguration management policyContingency planning policyIdentification and authentication policyIncident response policyMaintenance policyMedia protection policyPersonnel security policyPhysical and environmental protection policyRisk assessment policyAssessment, authorization, and monitoring policySystem and communications protection policySystem and information integrity policySystems and services acquisitions policyPersonally identifiable information policySupply chain risk management policySummary
What is information security risk?Understanding the ownership and management of information security riskIdentifying and protecting your organization’s  valuable dataConducting a quick risk assessmentRisk management is an organizational-wide activityThe life cycle of risk management in information securityInformation classification and its importance in information securitySteps in the data classification processDetermining information assetsFinding information in the environmentOrganizing information into categoriesValuing informationEstablishing impactSecurity control selectionSecurity control implementationAssessing implemented security controlsAuthorizing information systems to operateMonitoring information system security controlsCalculating risk – a comprehensive look at qualitative and quantitative risk assessmentsQualitative risk analysis – subjective evaluation of threatsQuantitative risk analysis – objective measurements and calculationsIdentifying threats and choosing the right approachIdentifying your organization’s vulnerabilitiesPairing threats with vulnerabilitiesEstimating likelihoodEstimating impactConducting the risk assessmentExploring management approaches to riskQuantitative analysisSummary
Determining your information security program objectivesFoundational information security activities to considerSuccessful information security program elementsRightsizing your information security programCompliance requirementsIs your organization centralized or decentralized?Business risk appetiteOrganizational maturityPrinciples to guarantee the success of your information security programBusiness alignmentCommunication strategiesInformation security program plan elementsDeveloping an information security program strategyEstablishing key initiativesDefining roles and responsibilitiesEstablishing enforcement areasSummary
Types of technical testingSDLC considerations for testingProject initiationRequirements analysisSystem designSystem implementationSystem testingOperations and maintenanceDispositionSDLC summaryContinuous monitoringInformation security assessment automationEffectively reporting information security metricsAlerting to information security weaknessesVulnerability assessmentVulnerability scanning processVulnerability resolutionPenetration testingPhases of a penetration testDifference between vulnerability assessments and penetration testingSummary
Introduction to BCDRIntegrating BC planning and DR planningScope of a BCDR planFocus areas for BCDR planningDesigning a BCDR planRequirements and context gathering – BIAInputs to the BIAOutputs from the BIASample BIA formDefining technical DR mechanismsIdentifying and documenting required resourcesConducting a gap analysisDeveloping DR mechanismsDeveloping your planTesting the BCDR planSummary
What is an IRP?Do I need an IRP?Components of an IRPPreparation of an IRPUnderstanding what is importantPrioritizationDetermining what normal network activity looks likeObserve, orient, decide, and actIncident response procedure developmentIdentification – detection and analysisIdentification – incident response toolsObservational technical toolsOrientation toolsDecision toolsRemediation – containment/recovery/mitigationRemediation – incident response toolsAct (response) toolsPost-incident activityRemediation – root cause analysisLessons-learned sessionsIRP testingSummary

What is a SOC?What are the responsibilities of the SOC?Management of SOC toolsSOC toolset designUsing already implemented toolsetsSOC rolesLog/information aggregationLog/information analysisProcesses and proceduresIdentification – detection and analysisRemediation – containment/eradication/recoverySOC toolsBenefits of a SOC – in-house and MSSPSummary
What is information security architecture?Information security architecture and SDLC/SELCInitiation phaseRequirement analysis phaseDesign phaseImplementation phaseTesting phaseOperations and maintenance phaseDisposition phaseConducting an initial information security analysisPurpose and description of the information systemDetermining compliance requirementsDocumenting key information system and project rolesDefining the expected user typesDocumenting interface requirementsDocumenting external information systems accessConducting a business impact assessment (BIA)Conducting information categorizationDeveloping a security architecture advisement programInformation security architecture processExample information security architecture processArchitecture special considerationsSummary
Importance of cloud computingCloud computing characteristicsCloud computing service modelsInfrastructure as a Service (IaaS)Platform as a Service (PaaS)Software as a Service (SaaS)Cloud computing deployment modelsPublic cloudPrivate cloudCommunity cloudHybrid cloudCloud computing management modelsManaged service providersCloud service providersSpecial considerations for cloud computingCloud computing data securityIdentification, authentication, and authorization in the cloudMonitoring and logging considerationsSecurity automation considerationsSecure application development considerationsSummary
Zero Trust and its principlesThe history of Zero TrustImportance of Zero Trust in cybersecurityShifting from traditional perimeter-based securityThe pillars of Zero TrustIdentity pillarDevicesNetworksApplications and WorkloadsDataSummary
Understanding C-SCRM and its importanceThe challenges in managing supply chain cybersecurity risksThe risks associated with supply chainsThe consequences of supply chain risksMethods to identify supply chain risksAssessing the severity and likelihood of C-SCRM risksStrategies to mitigate supply chain risksDeveloping C-SCRM policies and plansIntegrating C-SCRM into security program and business activitiesStakeholders that support the integrationMonitoring and reviewing C-SCRM practicesSummary
Other Books You May EnjoyPackt is searching for authors like youShare Your ThoughtsDownload a free PDF copy of this book

Content preview from Information Security Handbook - Second Edition

9 Developing a Security Operations Center

A security operations center (SOC) serves as the nerve center for cybersecurity, where teams continuously monitor, detect, and respond to security threats to protect an organization’s information systems. In this chapter, we’ll define what a SOC is, discuss the management of SOC tools, explore the design of the SOC toolset, outline the various roles within a SOC, and examine the processes and procedures that ensure operational efficiency. Additionally, we’ll take a closer look at the specific tools that underpin SOC functions and contribute to its overall effectiveness.

The following topics will be covered in this chapter: