Implement effective cybersecurity measures for all organizations
Cybersecurity is one of the central concerns of our digital age. In an increasingly connected world, protecting sensitive data, maintaining system integrity, and ensuring privacy have never been more important. The Cybersecurity Control Playbook offers a step-by-step guide for implementing cybersecurity controls that will protect businesses and prepare them to compete in an overwhelmingly networked landscape. With balanced coverage of both foundational and advanced topics, and concrete examples throughout, this is a must-own resource for professionals looking to keep their businesses safe and secure.
Readers will also find:
- Clear, jargon-free language that makes it accessible to a wide range of readers
- An introduction to developing, deploying, monitoring, testing, and retiring controls and control frameworks across large, medium, and small enterprises
- A system for identifying, prioritizing, and managing cyber risks based on the MITRE ATT&CK framework, with additional coverage of other key cybersecurity frameworks
The Cybersecurity Control Playbook is ideal for cybersecurity practitioners, IT professionals, and security managers who are responsible for implementing and managing cybersecurity strategies in their organizations.
Mục lục
Preface xxv
Acknowledgments xxvii
1 Understanding Cybersecurity Controls 1
2 The Risk-Based Approach 17
3 Small Business Implementation 35
4 Medium-Sized Enterprises 55
5 Large Enterprises 73
6 Introduction to MITRE ATT&CK & DEFEND 97
7 Mapping Threats to Controls Using MITRE ATT&CK 117
8 Enhancing Defenses with MITRE DEFEND 141
9 Cybersecurity Frameworks Overview 169
10 Nist 800-53 191
11 Center for Internet Security (CIS) 18 Controls 221
12 Agile Implementation of Controls and Control Frameworks 253
13 Adaptive Control Testing & Continuous Improvement 267
14 Testing Controls in Small and Medium Enterprises 297
15 Control Testing in Larger and Complex Enterprises 317
16 Control Failures: Identification, Management, and Reporting 365
17 Control Testing for Regulated Companies 389
18 Emerging Threats and Technologies 409
Appendix A Glossary of Terms 427
Appendix B Creating and Using a Cybersecurity Risk Register 431
Appendix C Creating and Using a Cybersecurity Risk Taxonomy 437
Appendix D SME Security Team Structures 441
Appendix E Developing Process Maps 445
Appendix F Establishing a Regulatory Change Management Program 449
Appendix G Recommended Metrics for MITRE ATT&CK Techniques 453
Answers 467
Index 503
Giới thiệu về tác giả
Jason Edwards, DM, CISSP, is an accomplished cybersecurity leader with extensive experience in the technology, finance, insurance, and energy sectors. Holding a Doctorate in Management, Information Systems, and Technology, Jason specializes in guiding large public and private companies through complex cybersecurity challenges. His career includes leadership roles across the military, insurance, finance, energy, and technology industries. He is a husband, father, former military cyber officer, adjunct professor, avid reader, dog dad, and popular on Linked In.
Thêm sách điện tử từ cùng một tác giả / Biên tập viên
19.021 Ebooks trong thể loại này
