book

The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

by Alan Calder

December 2020

Intermediate to advanced

361 pages

6h 26m

English

IT Governance Publishing

Read now

Unlock full access

4.1 International data privacy laws4.2 Cyber security requirements for critical infrastructure4.3 Contractual requirements
5.1 Making trade-offs5.2 Three security pillars5.3 The IT Governance Cyber Resilience Framework (CRF)5.4 Structure of the book

7.1 The attackers7.2 Malware7.3 Technical threat example: TalkTalk data breach
8.1 Staff awareness8.2 Social engineering8.3 Remote working8.4 Human threat example: WannaCry
9.1 Physical entry threats9.2 Physical security and mobile devices9.3 Environmental threats9.4 Physical threat example: KVM attacks
10.1 Supply chain threats10.2 Third-party threat example: Target data breach
12.1 Asset management12.2 Information security policies12.3 Physical and environmental security12.4 Identity and access control12.5 Malware protection12.6 Configuration and patch management12.7 Encryption12.8 System security12.9 Network and communications security12.10 Security competence and training12.11 Staff awareness training12.12 Comprehensive risk management programme12.13 Supply chain risk management
13.1 Threat and vulnerability intelligence13.2 Security monitoring
14.1 Incident response management14.2 ICT continuity management14.3 Business continuity management
15.1 Formal information security management programme15.2 Continual improvement process15.3 Board-level commitment and involvement15.4 Governance structure and processes15.5 Internal audit15.6 External certification/validation
16.1 Determining the level of maturity to aim for
18.1 Project mandate18.2 Project team18.3 Project leadership
19.1 Project vs cyber security objectives
Using the CRFGap analysis
25.1 Continual improvement25.2 Management review
26.1 Standard types26.2 Certification benefits
27.1 Cyber Essentials27.2 CRF alignment
28.1 NIST CSF28.2 ISO 2700128.3 CRF alignment
29.1 ISO 22301 – BCM29.2 ISO 27017 – Cloud security29.3 ISO 27035 – Information security incident management29.4 ISO 27036 – Information security in the supply chain29.5 ISO 27701 – Privacy management29.6 CRF alignment
30.1 COBIT®30.2 ISO 2701430.3 CRF alignment
Publishing servicesGRC International Group cyber security servicesCyber security training and staff awarenessProfessional services and consultancyNewsletter

Content preview from The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

CHAPTER 12: MANAGE AND PROTECT

Deploy risk-appropriate information security measures – relying on people, processes and technology – to protect the CIA of your information assets, business processes and infrastructure.

‘Manage and protect’, the first and largest process category of the CRF, consists of activities that are central to managing cyber security and protecting the organisation from threats. Of course, in order for your defensive measures to be effective, you need to know what those threats are. By this we do not mean in a generic way, as discussed in part 2 of this book, but specifically those that apply to you. You need to understand who might attack you and how, and what their motivations are.

What line of business are you in? ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers

Publisher Resources

ISBN: 9781787782624Publisher Website

The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

by Alan Calder

CHAPTER 12: MANAGE AND PROTECT

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers

Cyber Security and Network Security

Cybersecurity - Attack and Defense Strategies

Cyber Security and Digital Forensics

Publisher Resources

CHAPTER 12: MANAGE AND PROTECT

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers

Cyber Security and Network Security

Cybersecurity - Attack and Defense Strategies

Cyber Security and Digital Forensics

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.