book

The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

by Alan Calder

December 2020

Intermediate to advanced

361 pages

6h 26m

English

IT Governance Publishing

Read now

Unlock full access

4.1 International data privacy laws4.2 Cyber security requirements for critical infrastructure4.3 Contractual requirements
5.1 Making trade-offs5.2 Three security pillars5.3 The IT Governance Cyber Resilience Framework (CRF)5.4 Structure of the book

7.1 The attackers7.2 Malware7.3 Technical threat example: TalkTalk data breach
8.1 Staff awareness8.2 Social engineering8.3 Remote working8.4 Human threat example: WannaCry
9.1 Physical entry threats9.2 Physical security and mobile devices9.3 Environmental threats9.4 Physical threat example: KVM attacks
10.1 Supply chain threats10.2 Third-party threat example: Target data breach
12.1 Asset management12.2 Information security policies12.3 Physical and environmental security12.4 Identity and access control12.5 Malware protection12.6 Configuration and patch management12.7 Encryption12.8 System security12.9 Network and communications security12.10 Security competence and training12.11 Staff awareness training12.12 Comprehensive risk management programme12.13 Supply chain risk management
13.1 Threat and vulnerability intelligence13.2 Security monitoring
14.1 Incident response management14.2 ICT continuity management14.3 Business continuity management
15.1 Formal information security management programme15.2 Continual improvement process15.3 Board-level commitment and involvement15.4 Governance structure and processes15.5 Internal audit15.6 External certification/validation
16.1 Determining the level of maturity to aim for
18.1 Project mandate18.2 Project team18.3 Project leadership
19.1 Project vs cyber security objectives
Using the CRFGap analysis
25.1 Continual improvement25.2 Management review
26.1 Standard types26.2 Certification benefits
27.1 Cyber Essentials27.2 CRF alignment
28.1 NIST CSF28.2 ISO 2700128.3 CRF alignment
29.1 ISO 22301 – BCM29.2 ISO 27017 – Cloud security29.3 ISO 27035 – Information security incident management29.4 ISO 27036 – Information security in the supply chain29.5 ISO 27701 – Privacy management29.6 CRF alignment
30.1 COBIT®30.2 ISO 2701430.3 CRF alignment
Publishing servicesGRC International Group cyber security servicesCyber security training and staff awarenessProfessional services and consultancyNewsletter

Content preview from The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

CHAPTER 13: IDENTIFY AND DETECT

Develop a system to identify anomalies that may signify an incident through automated, continual security monitoring, with manual follow-ups.

Effective security is about managing your risks, monitoring them to make sure they are acceptable and taking appropriate action if not. Importantly, it is not about eliminating all risk and achieving absolute security, as the trade-offs that approach would require – not having an online presence, for instance – are simply too great. However, an acceptable risk is still a risk. Even with a preventive measure in place, that measure might fail, or that measure may have been implemented to only reduce the impact and not necessarily to prevent the risk from materialising. Furthermore, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers

Publisher Resources

ISBN: 9781787782624Publisher Website

The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

by Alan Calder

CHAPTER 13: IDENTIFY AND DETECT

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers

Cyber Security and Network Security

Cybersecurity - Attack and Defense Strategies

Cyber Security and Digital Forensics

Publisher Resources

CHAPTER 13: IDENTIFY AND DETECT

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers

Cyber Security and Network Security

Cybersecurity - Attack and Defense Strategies

Cyber Security and Digital Forensics

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.