book

The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

by Alan Calder

December 2020

Intermediate to advanced

361 pages

6h 26m

English

IT Governance Publishing

Read now

Unlock full access

4.1 International data privacy laws4.2 Cyber security requirements for critical infrastructure4.3 Contractual requirements
5.1 Making trade-offs5.2 Three security pillars5.3 The IT Governance Cyber Resilience Framework (CRF)5.4 Structure of the book

7.1 The attackers7.2 Malware7.3 Technical threat example: TalkTalk data breach
8.1 Staff awareness8.2 Social engineering8.3 Remote working8.4 Human threat example: WannaCry
9.1 Physical entry threats9.2 Physical security and mobile devices9.3 Environmental threats9.4 Physical threat example: KVM attacks
10.1 Supply chain threats10.2 Third-party threat example: Target data breach
12.1 Asset management12.2 Information security policies12.3 Physical and environmental security12.4 Identity and access control12.5 Malware protection12.6 Configuration and patch management12.7 Encryption12.8 System security12.9 Network and communications security12.10 Security competence and training12.11 Staff awareness training12.12 Comprehensive risk management programme12.13 Supply chain risk management
13.1 Threat and vulnerability intelligence13.2 Security monitoring
14.1 Incident response management14.2 ICT continuity management14.3 Business continuity management
15.1 Formal information security management programme15.2 Continual improvement process15.3 Board-level commitment and involvement15.4 Governance structure and processes15.5 Internal audit15.6 External certification/validation
16.1 Determining the level of maturity to aim for
18.1 Project mandate18.2 Project team18.3 Project leadership
19.1 Project vs cyber security objectives
Using the CRFGap analysis
25.1 Continual improvement25.2 Management review
26.1 Standard types26.2 Certification benefits
27.1 Cyber Essentials27.2 CRF alignment
28.1 NIST CSF28.2 ISO 2700128.3 CRF alignment
29.1 ISO 22301 – BCM29.2 ISO 27017 – Cloud security29.3 ISO 27035 – Information security incident management29.4 ISO 27036 – Information security in the supply chain29.5 ISO 27701 – Privacy management29.6 CRF alignment
30.1 COBIT®30.2 ISO 2701430.3 CRF alignment
Publishing servicesGRC International Group cyber security servicesCyber security training and staff awarenessProfessional services and consultancyNewsletter

Content preview from The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

CHAPTER 21: STEP 4 – DEFINE CURRENT AND IDEAL TARGET STATES

Most organisations already have some cyber security measures in place – these may not be sufficient or as effective as they should be, but the point is that you are almost certainly not starting from scratch. It is therefore important to understand how far your current practices are from where you want to be.

Before you can do that, you have to define both your current and ideal target states in a way that they can easily be compared against one another. The CRF can make this task easier.

Using the CRF

The most pertinent parts of the CRF for this process are the comprehensive selection of processes (discussed in detail in part 3 of this book) and the different levels of maturity (see ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers

Publisher Resources

ISBN: 9781787782624Publisher Website

The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

by Alan Calder

CHAPTER 21: STEP 4 – DEFINE CURRENT AND IDEAL TARGET STATES

Using the CRF

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers

Cyber Security and Network Security

Cybersecurity - Attack and Defense Strategies

Cyber Security and Digital Forensics

Publisher Resources

CHAPTER 21: STEP 4 – DEFINE CURRENT AND IDEAL TARGET STATES

Using the CRF

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers

Cyber Security and Network Security

Cybersecurity - Attack and Defense Strategies

Cyber Security and Digital Forensics

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.