book

The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

by Alan Calder

December 2020

Intermediate to advanced

361 pages

6h 26m

English

IT Governance Publishing

Read now

Unlock full access

4.1 International data privacy laws4.2 Cyber security requirements for critical infrastructure4.3 Contractual requirements
5.1 Making trade-offs5.2 Three security pillars5.3 The IT Governance Cyber Resilience Framework (CRF)5.4 Structure of the book

7.1 The attackers7.2 Malware7.3 Technical threat example: TalkTalk data breach
8.1 Staff awareness8.2 Social engineering8.3 Remote working8.4 Human threat example: WannaCry
9.1 Physical entry threats9.2 Physical security and mobile devices9.3 Environmental threats9.4 Physical threat example: KVM attacks
10.1 Supply chain threats10.2 Third-party threat example: Target data breach
12.1 Asset management12.2 Information security policies12.3 Physical and environmental security12.4 Identity and access control12.5 Malware protection12.6 Configuration and patch management12.7 Encryption12.8 System security12.9 Network and communications security12.10 Security competence and training12.11 Staff awareness training12.12 Comprehensive risk management programme12.13 Supply chain risk management
13.1 Threat and vulnerability intelligence13.2 Security monitoring
14.1 Incident response management14.2 ICT continuity management14.3 Business continuity management
15.1 Formal information security management programme15.2 Continual improvement process15.3 Board-level commitment and involvement15.4 Governance structure and processes15.5 Internal audit15.6 External certification/validation
16.1 Determining the level of maturity to aim for
18.1 Project mandate18.2 Project team18.3 Project leadership
19.1 Project vs cyber security objectives
Using the CRFGap analysis
25.1 Continual improvement25.2 Management review
26.1 Standard types26.2 Certification benefits
27.1 Cyber Essentials27.2 CRF alignment
28.1 NIST CSF28.2 ISO 2700128.3 CRF alignment
29.1 ISO 22301 – BCM29.2 ISO 27017 – Cloud security29.3 ISO 27035 – Information security incident management29.4 ISO 27036 – Information security in the supply chain29.5 ISO 27701 – Privacy management29.6 CRF alignment
30.1 COBIT®30.2 ISO 2701430.3 CRF alignment
Publishing servicesGRC International Group cyber security servicesCyber security training and staff awarenessProfessional services and consultancyNewsletter

Content preview from The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

CHAPTER 26: WHY YOU SHOULD CONSIDER REFERENCE FRAMEWORKS

It is perfectly possible to develop a robust cyber security system without using internationally recognised standards or frameworks. Indeed, if you purely viewed part 3 of this book as a reference, rather than the building blocks of our resilience framework, and just implemented the most basic and relevant controls discussed, you are already off to a great start. As your cyber security posture evolves, however, you may find that standards or frameworks can benefit your organisation in several ways.⁹⁸

Standards and frameworks offer a tried, tested and comprehensive approach to cyber security developed by experts in the field. By adopting such an approach, you can take some of the guesswork ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers

Publisher Resources

ISBN: 9781787782624Publisher Website

The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

by Alan Calder

CHAPTER 26: WHY YOU SHOULD CONSIDER REFERENCE FRAMEWORKS

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers

Cyber Security and Network Security

Cybersecurity - Attack and Defense Strategies

Cyber Security and Digital Forensics

Publisher Resources

CHAPTER 26: WHY YOU SHOULD CONSIDER REFERENCE FRAMEWORKS

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers

Cyber Security and Network Security

Cybersecurity - Attack and Defense Strategies

Cyber Security and Digital Forensics

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.