book

The Cybersecurity Control Playbook

Name: The Cybersecurity Control Playbook
Author: Jason Edwards
ISBN: 9781394331857

by Jason Edwards

April 2025

Intermediate to advanced

544 pages

20h 19m

English

Wiley

Read now

Unlock full access

Cover
Table of Contents
Title Page
Copyright
Preface
Acknowledgments
1 Understanding Cybersecurity Controls
Definition and ImportanceTypes of ControlsMowing the Lawn: An Allegory for Cybersecurity ControlsThe Lifecycle of a ControlLeadership Insight: Guiding Teams in Understanding and Valuing ControlsChapter RecommendationsChapter ConclusionQuestions
2 The Risk‐Based Approach
Identifying Cyber RisksPrioritizing RisksDeveloping a Risk TaxonomyLeadership Insight: Leading Risk Assessment and Prioritization EffortsChapter RecommendationsChapter ConclusionQuestions
3 Small Business Implementation
Unique Challenges and SolutionsCost‐Effective StrategiesLeadership Insight: Leading Security Initiatives in Small BusinessesAI Recommendations: Leveraging AI for Cybersecurity in Small BusinessesSelecting the Right Managed Security Service Provider (MSSP) for Your Small BusinessChapter RecommendationsChapter ConclusionQuestions
4 Medium‐Sized Enterprises
Balancing Resources and SecurityManaging Limited IT and Security BudgetsCost‐Effective Security SolutionsMaximizing Existing ResourcesAllocating Human ResourcesOutsourcing Cybersecurity FunctionsCollaborating Across TeamsMaximizing Impact Through Strategic PlanningSizing Security Teams for Medium‐Sized EnterprisesLeadership Insight: Managing Security Teams in Medium‐Sized EnterprisesAI Recommendations: Leveraging AI for Education on Cybersecurity and Medium Enterprise Risks and ControlsChapter RecommendationsChapter ConclusionQuestions

5 Large Enterprises
Advanced Control StrategiesCollaborating Across the Organization to Design ControlsChoosing the Right Cybersecurity FrameworkPrioritizing Controls in a Large Enterprise SettingAdvanced Strategies for Large Organizations with Complex EnvironmentsManaging Complexity and ScaleLeadership Insight: Leading Large‐Scale Security OperationsAI Recommendations: GRC AI Uses for Large EnterprisesChapter RecommendationsChapter ConclusionQuestions
6 Introduction to MITRE ATT&CK & DEFEND
What Is MITRE ATT&CK?What Is MITRE DEFEND?Benefits of Using ATT&CK and DEFEND TogetherLeadership Insight: Encouraging Adoption of MITRE ATT&CK and DEFEND Within TeamsAI Recommendations: Learning MITRE ATT&CK and DEFENDChapter RecommendationsChapter ConclusionQuestions
7 Mapping Threats to Controls Using MITRE ATT&CK
Practical Guide to Threat MappingSteps for Threat MappingTools for Effective Threat MappingMapping Specific Techniques to ControlsLeadership Insight: Leading Threat‐Mapping ExercisesAligning Threat Mapping with Business ObjectivesDriving Continuous ImprovementAI Recommendations: Leveraging AI for Threat Mapping and AnalysisChapter RecommendationsChapter ConclusionQuestions
8 Enhancing Defenses with MITRE DEFEND
Integrating MITRE DEFEND into Organizational Defense StrategiesAlignment with NIST Cybersecurity Framework (CSF)Alignment with ISO 27001: Establishing a Strong Information Security Management System (ISMS)Alignment with CIS Controls: Prioritizing Actions to Mitigate Common ThreatsEmbedding MITRE DEFEND into Risk ManagementTools and Techniques for Defensive ImplementationLeadership Strategies for MITRE DEFEND IntegrationEnhancing Defense with AI and MITRE DEFENDChapter RecommendationsChapter ConclusionQuestions
9 Cybersecurity Frameworks Overview
Why Cybersecurity Frameworks Are CriticalLeadership Insight: Choosing and Championing the Right Frameworks for Your OrganizationIntegrating AI with Cybersecurity FrameworksChapter RecommendationsComparison of Popular Cybersecurity Control FrameworksChapter ConclusionQuestions
10 NIST 800‐53
Overview of NIST SP 800‐53Control FamiliesCategorization of Information Systems (FIPS 199)Control BaselinesImplementation StrategiesPrioritizing Controls Based on RiskTailoring Controls to the OrganizationOvercoming Challenges in ImplementationNIST 800‐171—Controls for Non‐federal EntitiesChapter RecommendationsChapter ConclusionQuestions
11 Center for Internet Security (CIS) 18 Controls
Overview of CIS ControlsIn‐Depth Exploration of the 18 CIS ControlsLeadership Insight: Driving the Application of CIS ControlsOvercoming Resistance to ChangeChapter RecommendationsChapter ConclusionQuestions
12 Agile Implementation of Controls and Control Frameworks
Agile Implementation of Controls and Control FrameworksLeadership Insight: Leading Agile Cybersecurity TeamsChapter RecommendationsChapter ConclusionQuestions
13 Adaptive Control Testing & Continuous Improvement
What Is Control Testing?Using Metrics to Monitor and Evaluate ControlsContinuous Improvement and AdaptationLeveraging AI in Control Testing: Enhancing Efficiency and AccuracyIncreased Testing Frequency Without Resource DrainChapter RecommendationsChapter ConclusionQuestions
14 Testing Controls in Small and Medium Enterprises
Streamlined Control Testing for Small BusinessesSimplified Testing Methods for Medium‐Sized EnterprisesManaged Security Service Providers (MSSPs) for Small BusinessesMSSPs for Medium‐Sized EnterprisesThird‐Party Testing for Small BusinessesAdvanced Testing for Medium‐Sized EnterprisesLeadership Insight: Managing Control Testing in Small BusinessesLeadership Insight: Managing Control Testing in Medium EnterprisesIntegration of AI into Small and Medium Enterprise Control TestingChapter RecommendationsChapter ConclusionQuestions
15 Control Testing in Larger and Complex Enterprises
Dealing with Organizational ComplexityTailoring Tests to Specific EnvironmentsQuantitative Testing MethodsQualitative Testing MethodsSampling Best PracticesControl Testing FrequencyInvolvement of GRC Systems and Risk/Compliance TeamsOutside Testing Options, Including Penetration TestingLeadership Insight: Managing Large‐Scale Control Testing EffortsChapter RecommendationsChapter ConclusionQuestions
16 Control Failures: Identification, Management, and Reporting
Defining Control FailuresHandling Control FailuresReporting Control FailuresKey vs. Non‐key Control FailuresInherited or Common Control FailuresReporting and Escalating Control FailuresImpact of Control Failures on Metrics and KPIsProactive Measures for Reducing Control FailuresChapter RecommendationsChapter ConclusionQuestions
17 Control Testing for Regulated Companies
Navigating Legal RequirementsMaintaining Awareness of Regulatory ChangesIntegrating Compliance with Security StrategyTechnology Solutions for Managing ComplianceCompliance Testing and AuditsLeadership Insight: Leading Compliance EffortsChapter RecommendationsChapter ConclusionQuestions
18 Emerging Threats and Technologies
Adapting Controls to New Attack VectorsControl Flexibility and ScalabilityEnhancing Control Development Through Threat IntelligenceFostering Proactive Control DevelopmentAI‐Powered Control DevelopmentChapter RecommendationsChapter ConclusionQuestions
Appendix A: Glossary of Terms
Appendix B: Creating and Using a Cybersecurity Risk Register
How to Create a Cybersecurity Risk RegisterUsing the Sample Risk RegisterSample Cybersecurity Risk Register
Appendix C: Creating and Using a Cybersecurity Risk Taxonomy
How to Build a Risk TaxonomyHow to Use This Sample Risk Taxonomy
Appendix D: SME Security Team Structures
Small‐to‐Lower‐Medium Enterprise Security Team StructureMid‐Medium Enterprise Security Team StructureUpper‐Medium Enterprise Security Team Structure
Appendix E: Developing Process Maps
Process Mapping and Risk Identification GuideControl Identification and Implementation GuideControl Testing and Continuous Monitoring Guide
Appendix F: Establishing a Regulatory Change Management Program
Establish a Regulatory Monitoring ProcessDefine Roles and ResponsibilitiesCreate a Regulatory Impact Assessment ProcessUpdate Policies, Procedures, and ControlsImplement a Training and Awareness ProgramEstablish a Reporting and Documentation SystemCreate a Review and Continuous Improvement CycleIntegrate Regulatory Changes into Risk Management ProcessesCommunicate Changes to External StakeholdersImplement Continuous Monitoring and Auditing
Appendix G: Recommended Metrics for MITRE ATT&CK Techniques
Answers
Chapter 1Chapter 2Chapter 3Chapter 4Chapter 5Chapter 6Chapter 7Chapter 8Chapter 9Chapter 10Chapter 11Chapter 12Chapter 13Chapter 14Chapter 15Chapter 16Chapter 17Chapter 18
Index
End User License Agreement

Content preview from The Cybersecurity Control Playbook

Appendix GRecommended Metrics for MITRE ATT&CK Techniques

Technique	Tactic	Mitigation	Control Type	Suggested Metric
T1001—Data Obfuscation	Command and Control	M1039—Environment Variable Permissions	Preventive	% of systems with restricted variable modification; logs of changes to variables
T1003—OS Credential Dumping	Credential Access	M1043—Credential Access Protection	Preventive	# of credential dumping attempts blocked; % of systems with credential protection enabled
T1005—Data from Local System	Collection	M1022—Restrict File and Directory Permissions	Preventive	% of critical files with restricted access; audit log of access attempts to protected files
T1006—Direct Volume Access	Defense Evasion	M1046—Boot Integrity	Preventive	% of systems with secure boot enabled; alerts for unauthorized boot attempts
T1007—System Service Discovery	Discovery	M1047—Audit	Detective	Frequency of system service discovery attempts detected in audit logs
T1008—Fallback Channels	Command and Control	M1037—Filter Network Traffic	Preventive	# of fallback channel connections blocked; % of traffic filtered
T1010—Application Window Discovery	Discovery	M1021—Restrict Web‐Based Content	Preventive	% of systems with restricted window discovery; application access logs reviewed regularly
T1011—Exfiltration Over Other Network Medium	Exfiltration	M1057—Data Loss Prevention	Preventive	# of exfiltration attempts blocked; % of data monitored by DLP
T1012—Query Registry	Discovery	M1024—Restrict ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Emerging Threats and Countermeasures in Cybersecurity

Publisher Resources

ISBN: 9781394331857

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

The Cybersecurity Control Playbook

by Jason Edwards

Appendix GRecommended Metrics for MITRE ATT&CK Techniques

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.