The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

Book description

This book is a comprehensive cyber security implementation manual which gives practical guidance on the individual activities identified in the IT Governance Cyber Resilience Framework (CRF) that can help organisations become cyber resilient and combat the cyber threat landscape.

Table of contents

  1. Cover
  2. Title
  3. Copyright
  4. Contents
  5. Part 1: Introduction
    1. Chapter 1: The threat landscape
    2. Chapter 2: Information and cyber security
    3. Chapter 3: Cyber resilience
    4. Chapter 4: Regulatory and contractual requirements
      1. 4.1 International data privacy laws
      2. 4.2 Cyber security requirements for critical infrastructure
      3. 4.3 Contractual requirements
    5. Chapter 5: Implementing cyber security
      1. 5.1 Making trade-offs
      2. 5.2 Three security pillars
      3. 5.3 The IT Governance Cyber Resilience Framework (CRF)
      4. 5.4 Structure of the book
  6. Part 2: Threats and vulnerabilities
    1. Chapter 6: The anatomy of threats
    2. Chapter 7: Technical threats
      1. 7.1 The attackers
      2. 7.2 Malware
      3. 7.3 Technical threat example: TalkTalk data breach
    3. Chapter 8: Human threats
      1. 8.1 Staff awareness
      2. 8.2 Social engineering
      3. 8.3 Remote working
      4. 8.4 Human threat example: WannaCry
    4. Chapter 9: Physical threats
      1. 9.1 Physical entry threats
      2. 9.2 Physical security and mobile devices
      3. 9.3 Environmental threats
      4. 9.4 Physical threat example: KVM attacks
    5. Chapter 10: Third-party threats
      1. 10.1 Supply chain threats
      2. 10.2 Third-party threat example: Target data breach
  7. Part 3: The CRF processes
    1. Chapter 11: An overview of the CRF processes
    2. Chapter 12: Manage and protect
      1. 12.1 Asset management
      2. 12.2 Information security policies
      3. 12.3 Physical and environmental security
      4. 12.4 Identity and access control
      5. 12.5 Malware protection
      6. 12.6 Configuration and patch management
      7. 12.7 Encryption
      8. 12.8 System security
      9. 12.9 Network and communications security
      10. 12.10 Security competence and training
      11. 12.11 Staff awareness training
      12. 12.12 Comprehensive risk management programme
      13. 12.13 Supply chain risk management
    3. Chapter 13: Identify and detect
      1. 13.1 Threat and vulnerability intelligence
      2. 13.2 Security monitoring
    4. Chapter 14: Respond and recover
      1. 14.1 Incident response management
      2. 14.2 ICT continuity management
      3. 14.3 Business continuity management
    5. Chapter 15: Govern and assure
      1. 15.1 Formal information security management programme
      2. 15.2 Continual improvement process
      3. 15.3 Board-level commitment and involvement
      4. 15.4 Governance structure and processes
      5. 15.5 Internal audit
      6. 15.6 External certification/validation
    6. Chapter 16: Maturity levels
      1. 16.1 Determining the level of maturity to aim for
  8. Part 4: Eight steps to implementing cyber security
    1. Chapter 17: Introducing the IT Governance eight-step approach
    2. Chapter 18: Step 1 – Start the project
      1. 18.1 Project mandate
      2. 18.2 Project team
      3. 18.3 Project leadership
    3. Chapter 19: Step 2 – Determine requirements and objectives
      1. 19.1 Project vs cyber security objectives
    4. Chapter 20: Step 3 – Determine the scope
    5. Chapter 21: Step 4 – Define current and ideal target states
      1. Using the CRF
      2. Gap analysis
    6. Chapter 22: Step 5 – Establish a continual improvement model
    7. Chapter 23: Step 6 – Conduct a risk assessment
    8. Chapter 24: Step 7 – Select and implement controls
    9. Chapter 25: Step 8 – Measure and review performance
      1. 25.1 Continual improvement
      2. 25.2 Management review
  9. Part 5: Reference frameworks
    1. Chapter 26: Why you should consider reference frameworks
      1. 26.1 Standard types
      2. 26.2 Certification benefits
    2. Chapter 27: Core
      1. 27.1 Cyber Essentials
      2. 27.2 CRF alignment
    3. Chapter 28: Baseline
      1. 28.1 NIST CSF
      2. 28.2 ISO 27001
      3. 28.3 CRF alignment
    4. Chapter 29: Extended
      1. 29.1 ISO 22301 – BCM
      2. 29.2 ISO 27017 – Cloud security
      3. 29.3 ISO 27035 – Information security incident management
      4. 29.4 ISO 27036 – Information security in the supply chain
      5. 29.5 ISO 27701 – Privacy management
      6. 29.6 CRF alignment
    5. Chapter 30: Embedded
      1. 30.1 COBIT®
      2. 30.2 ISO 27014
      3. 30.3 CRF alignment
    6. Part 6: Conclusion and appendices
    7. Chapter 31: Conclusion
  10. Appendix 1: IT and information asset checklist
  11. Appendix 2: Template outline project plan
  12. Appendix 3: Glossary of acronyms and abbreviations
  13. GRC International Group resources
    1. Publishing services
    2. GRC International Group cyber security services
    3. Cyber security training and staff awareness
    4. Professional services and consultancy
    5. Newsletter

Product information

  • Title: The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks
  • Author(s): Alan Calder
  • Release date: December 2020
  • Publisher(s): IT Governance Publishing
  • ISBN: None