book

The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

by Alan Calder

December 2020

Intermediate to advanced

361 pages

6h 26m

English

IT Governance Publishing

Read now

Unlock full access

4.1 International data privacy laws4.2 Cyber security requirements for critical infrastructure4.3 Contractual requirements
5.1 Making trade-offs5.2 Three security pillars5.3 The IT Governance Cyber Resilience Framework (CRF)5.4 Structure of the book

7.1 The attackers7.2 Malware7.3 Technical threat example: TalkTalk data breach
8.1 Staff awareness8.2 Social engineering8.3 Remote working8.4 Human threat example: WannaCry
9.1 Physical entry threats9.2 Physical security and mobile devices9.3 Environmental threats9.4 Physical threat example: KVM attacks
10.1 Supply chain threats10.2 Third-party threat example: Target data breach
12.1 Asset management12.2 Information security policies12.3 Physical and environmental security12.4 Identity and access control12.5 Malware protection12.6 Configuration and patch management12.7 Encryption12.8 System security12.9 Network and communications security12.10 Security competence and training12.11 Staff awareness training12.12 Comprehensive risk management programme12.13 Supply chain risk management
13.1 Threat and vulnerability intelligence13.2 Security monitoring
14.1 Incident response management14.2 ICT continuity management14.3 Business continuity management
15.1 Formal information security management programme15.2 Continual improvement process15.3 Board-level commitment and involvement15.4 Governance structure and processes15.5 Internal audit15.6 External certification/validation
16.1 Determining the level of maturity to aim for
18.1 Project mandate18.2 Project team18.3 Project leadership
19.1 Project vs cyber security objectives
Using the CRFGap analysis
25.1 Continual improvement25.2 Management review
26.1 Standard types26.2 Certification benefits
27.1 Cyber Essentials27.2 CRF alignment
28.1 NIST CSF28.2 ISO 2700128.3 CRF alignment
29.1 ISO 22301 – BCM29.2 ISO 27017 – Cloud security29.3 ISO 27035 – Information security incident management29.4 ISO 27036 – Information security in the supply chain29.5 ISO 27701 – Privacy management29.6 CRF alignment
30.1 COBIT®30.2 ISO 2701430.3 CRF alignment
Publishing servicesGRC International Group cyber security servicesCyber security training and staff awarenessProfessional services and consultancyNewsletter

Content preview from The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

CHAPTER 11: AN OVERVIEW OF THE CRF PROCESSES

Part 3 – by far the longest part of this book – goes into a wide range of security processes (all taken from the CRF) you might need to implement. For ease of reference, this chapter offers a short description for each of the 24 processes within our CRF, giving you a better idea of which ones you should look at further.

To break the Framework down, there are four process categories, with each process falling within one of them. Each category describes how its processes fit within the overall Framework. The four categories are:

1.Manage and protect:

Deploy risk-appropriate information security measures – relying on people, processes and technology – to protect the confidentiality, integrity and availability ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers

Publisher Resources

ISBN: 9781787782624Publisher Website

The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

by Alan Calder

CHAPTER 11: AN OVERVIEW OF THE CRF PROCESSES

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers

Cyber Security and Network Security

Cybersecurity - Attack and Defense Strategies

Cyber Security and Digital Forensics

Publisher Resources

CHAPTER 11: AN OVERVIEW OF THE CRF PROCESSES

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers

Cyber Security and Network Security

Cybersecurity - Attack and Defense Strategies

Cyber Security and Digital Forensics

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.