Search

Your search keyword '"Computer security--Management"' showing total 174 results
Start Over Descriptor "Computer security--Management"

Refine your results

more »

more »

more »

more »
174 results on '"Computer security--Management"'

29. Cyber Investigations of Smart Devices

Author

Akashdeep Bhardwaj and Akashdeep Bhardwaj

Subjects
Artificial intelligence--Security measures, Computer security--Management, Internet of things--Security measures, Wireless communication systems--Security measures, Electronic apparatus and appliances--Security measures
Abstract

The rapid proliferation of smart devices has transformed our lives and industries, but it has also created a complex and evolving cyber threat landscape. Cyber Investigations of Smart Devices provides a comprehensive guide to navigating this challenging terrain. This book delves into the intricacies of smart device ecosystems, the fundamentals of cyber investigations, and the specific security challenges posed by IoT and smart devices.Readers will gain a deep understanding of cyber threats targeting smart devices, including their motivations and tactics. The book also offers practical guidance on implementing robust cyber defence strategies and best practices to protect critical infrastructure. It explores the complexities of cyber attribution, the forensic implications of advanced cyberattacks, and the transformative potential of emerging technologies in shaping the future of digital investigations.With a focus on AI-based cybersecurity opportunities and issues in industrial IoT, this book equips cybersecurity professionals, law enforcement agencies, and organizations with the knowledge and tools needed to effectively investigate and mitigate cyber threats in the age of smart devices. Cyber Investigations of Smart Devices is essential reading for anyone involved in cybersecurity, digital forensics, and the protection of critical infrastructure.

Published
2025

31. Enterprise Cyber Risk Management As a Value Creator : Leverage Cybersecurity for Competitive Advantage

Author

Bob Chaput and Bob Chaput

Subjects
Business intelligence, Risk management, Computer crimes--Prevention, Computer security--Management, Computer networks--Security measures
Abstract

This book will help you learn the importance of organizations treating enterprise cyber risk management (ECRM) as a value creator, a business enabler, and a mechanism to create a competitive advantage. Organizations began to see the real value of information and information technology in the mid-1980s. Forty years later, it's time to leverage your ECRM program and cybersecurity strategy in the same way. The main topics covered include the case for action with specific coverage on the topic of cybersecurity as a value creator, including how the courts, legislators, and regulators are raising the bar for C-suite executives and board members. The book covers how the board's three primary responsibilities (talent management, strategy, and risk management) intersect with their ECRM responsibilities.ECRM was once solely focused on managing the downside of risk by defending the organization from adversarial, accidental, structural, and environmental threat sources. Author BobChaput presents the view that we must focus equally on managing the upside of cyber strengths to increase customer trust and brand loyalty, improving social responsibility, driving revenue growth, lowering the cost of capital, attracting higher quality investments, creating competitive advantage, attracting and retaining talent, and facilitating M&A work. He focuses on the C-suite and board role in the first part and provides guidance on their roles and responsibilities, the most important decision about ECRM they must facilitate, and how to think differently about ECRM funding. You will learn how to the pivot from cost-center thinking to value-center thinking.Having built the case for action, in the second part, the book details the steps that organizations must take to develop and document their ECRM program and cybersecurity strategy. The book first covers how ECRM must be integrated into business strategy. The remainder of that part presents a sample table of contents for an ECRM Program and Cybersecurity Strategy document and works through each section to facilitate development of your own program and strategy. With all the content and ideas presented, you will be able to establish, implement, and mature your program and strategy.What You Will LearnRead new information and treat ECRM and cybersecurity as a value creatorReceive updates on legal cases, legislative actions, and regulations that are raising the stakes for organizations, their C-suites, and boardsThink differently about funding ECRM and cybersecurity initiativesUnderstand the most critical ECRM decision that boards must facilitate in their organizationsUse practical, tangible, actionable content to develop and document your ECRM program and cybersecurity strategy“This book should be mandatory reading for C-suite executives and board members. It shows you how to move from viewingcybersecurity as a risk to avoid, and a cost center that does not add value and is overhead, to seeing cybersecurity as an enabler and part of your core strategy to transform your business and earn customer and stakeholder trust.” —Paul Connelly, First CISO at the White House and HCA Healthcare Who This Book Is ForThe primary audience includes Chief Information Security Officers, Chief Risk Officers, and Chief Compliance Officers. The secondary audience includes C-suite executives and board members. The tertiary audience includes any stakeholder responsible for privacy, security, compliance, and cyber risk management or students of these topics.

Published
2024

32. Cyber Guardians : Empowering Board Members for Effective Cybersecurity

Author

Bart R. McDonough and Bart R. McDonough

Subjects
Computer security--Management, Computer networks--Security measures--Management
Abstract

A comprehensive overview for directors aiming to meet their cybersecurity responsibilities In Cyber Guardians: Empowering Board Members for Effective Cybersecurity, veteran cybersecurity advisor Bart McDonough delivers a comprehensive and hands-on roadmap to effective cybersecurity oversight for directors and board members at organizations of all sizes. The author includes real-world case studies, examples, frameworks, and blueprints that address relevant cybersecurity risks, including the industrialized ransomware attacks so commonly found in today's headlines. In the book, you'll explore the modern cybersecurity landscape, legal and regulatory requirements, risk management and assessment techniques, and the specific role played by board members in developing and promoting a culture of cybersecurity. You'll also find: Examples of cases in which board members failed to adhere to regulatory and legal requirements to notify the victims of data breaches about a cybersecurity incident and the consequences they faced as a result Specific and actional cybersecurity implementation strategies written for readers without a technical background What to do to prevent a cybersecurity incident, as well as how to respond should one occur in your organizationA practical and accessible resource for board members at firms of all shapes and sizes, Cyber Guardians is relevant across industries and sectors and a must-read guide for anyone with a stake in robust organizational cybersecurity.

Published
2024

33. Building a Cyber Risk Management Program

Author

Brian Allen, Brandon Bapst, Terry Allan Hicks, Brian Allen, Brandon Bapst, and Terry Allan Hicks

Subjects
Business enterprises--Computer networks--Security measures, Computer security--Management
Abstract

Cyber risk management is one of the most urgent issues facing enterprises today. This book presents a detailed framework for designing, developing, and implementing a cyber risk management program that addresses your company's specific needs. Ideal for corporate directors, senior executives, security risk practitioners, and auditors at many levels, this guide offers both the strategic insight and tactical guidance you're looking for.You'll learn how to define and establish a sustainable, defendable, cyber risk management program, and the benefits associated with proper implementation. Cyber risk management experts Brian Allen and Brandon Bapst, working with writer Terry Allan Hicks, also provide advice that goes beyond risk management. You'll discover ways to address your company's oversight obligations as defined by international standards, case law, regulation, and board-level guidance.This book helps you:Understand the transformational changes digitalization is introducing, and new cyber risks that come with itLearn the key legal and regulatory drivers that make cyber risk management a mission-critical priority for enterprisesGain a complete understanding of four components that make up a formal cyber risk management programImplement or provide guidance for a cyber risk management program within your enterprise

Published
2024

34. Cyber CISO Marksmanship : Hitting the Mark in Cybersecurity Leadership

Author

Ken Dunham, James Johnson, Joseph McComb, Jason Elrod, Ken Dunham, James Johnson, Joseph McComb, and Jason Elrod

Subjects
Computer security--Management, Computer networks--Management
Abstract

Cyber CISO Marksmanship is the only book of its kind authored by multiple highly experienced individuals to collectively bring together the'best of the best'on what works and what doesn't, as a CISO, in a unique storytelling format. This book is designed for a Chief Information Security Officer (CISO) or an individual seeking this role and also has value to other types of cyber leaders. Knowledge and understanding of traditional books can only get you so far – Cyber CISO Marksmanship has powerful perspectives, real-world accounts, and insights you won't find anywhere else!Key features included with Cyber CISO Marksmanship: Over a century of CISO experience is represented by the authors of this book Unique storytelling format based upon real-world accounts from leading CISOs Sharpshooter perspectives from multiple CISOs for each story Bottom Line Up Front (BLUF) for quick reference on outcomes for each story Sharpshooter icon for what works Misfire icon for pitfalls to avoid All book owners are invited to participate in online content at CyberCISOMarksmanship.com and face-to-face events Book owners who are CISOs qualify to join, for free, a private CISO online community (by CISOs for CISOs) While this book is written for CISOs or those desiring to be in that role soon, it is also helpful to other cyber leaders.

Published
2024

35. The CISO Playbook

Author

Andres Andreu and Andres Andreu

Subjects
Computer security--Management, Computer networks--Management
Abstract

A CISO is the ultimate guardian of an organization's digital assets. As a cybersecurity leader,a CISO must possess a unique balance of executive leadership, technical knowledge, strategic vision, and effective communication skills. The ever-evolving cyberthreat landscape demands a resilient, proactive approach coupled with a keen ability to anticipate attack angles and implement protective security mechanisms. Simultaneously, a cybersecurity leader must navigate the complexities of balancing security requirements with business objectives, fostering a culture of cybersecurity awareness, and ensuring compliance with regulatory frameworks.The CISO Playbook aims to provide nothing but real-world advice and perspectives to both up-and-coming cybersecurity leaders as well as existing ones looking to grow. The book does not approach cybersecurity leadership from the perspective of the academic, or what it should be, but more from that which it really is. Moreover, it focuses on the many things a cybersecurity leader needs to “be” given that the role is dynamic and ever-evolving, requiring a high level of adaptability.A CISO's career is touched from many differing angles, by many different people and roles. A healthy selection of these entities, from executive recruiters to salespeople to venture capitalists, is included to provide real-world value to the reader. To augment these, the book covers many areas that a cybersecurity leader needs to understand, from the pre-interview stage to the first quarter and from security operations to the softer skills such as storytelling and communications.The book wraps up with a focus on techniques and knowledge areas, such as financial literacy, that are essential for a CISO to be effective. Other important areas, such as understanding the adversaries'mindset and self-preservation, are covered as well. A credo is provided as an example of the documented commitment a cybersecurity leader must make and remain true to.

Published
2024

36. Microsoft 365 Security and Compliance for Administrators : A Definitive Guide to Planning, Implementing, and Maintaining Microsoft 365 Security Posture

Author

Sasha Kranjac, Omar Kudović, Sasha Kranjac, and Omar Kudović

Subjects
Computer security--Management, Microsoft software
Abstract

Master the art of configuring and securing Microsoft 365, emphasizing robust security and compliance features, and managing privacy and risk in the Microsoft 365 environmentKey FeaturesProtect and defend your organization with the capabilities of the Microsoft 365 Defender familyDiscover, classify, and safeguard sensitive organizational data against loss, leakage, and exposureCollaborate securely while adhering to regulatory compliance and governance standardsPurchase of the print or Kindle book includes a free PDF eBookBook DescriptionIn today's hostile cyber landscape, securing data and complying with regulations is paramount for individuals, businesses, and organizations alike. Learn how Microsoft 365 Security and Compliance offers powerful tools to protect sensitive data and defend against evolving cyber threats with this comprehensive guide for administrators. Starting with an introduction to Microsoft 365 plans and essential compliance and security features, this book delves into the role of Azure Active Directory in Microsoft 365, laying the groundwork for a robust security framework. You'll then advance to exploring the complete range of Microsoft 365 Defender security products, their coverage, and unique protection services to combat evolving threats. From threat mitigation strategies to governance and compliance best practices, you'll gain invaluable insights into classifying and protecting data while mastering crucial data lifecycle capabilities in Microsoft 365. By the end of this book, you'll be able to elevate the security and compliance posture of your organization significantly.What you will learnMaintain your Microsoft 365 security and compliance posturePlan and implement security strategiesManage data retention and lifecycleProtect endpoints and respond to incidents manually and automaticallyImplement, manage, and monitor security and compliance solutionsLeverage Microsoft Purview to address risk and compliance challengesUnderstand Azure Active Directory's role in Microsoft 365 SecurityWho this book is forThis book is for security professionals, security administrators, and security responders looking to increase their knowledge and technical depth when it comes to Microsoft 365 security and compliance solutions and features. However, anyone aiming to enhance their security and compliance posture within the Microsoft 365 environment will find this book useful. Familiarity with fundamental Microsoft 365 concepts and navigating and accessing portals, along with basic Microsoft 365 administration experience is assumed.

Published
2024

37. Security Chaos Engineering

Author

Kelly Shortridge, Aaron Rinehart, Kelly Shortridge, and Aaron Rinehart

Subjects
Computer security--Management
Abstract

Cybersecurity is broken. Year after year, attackers remain unchallenged and undeterred, while engineering teams feel pressure to design, build, and operate'secure'systems. Failure can't be prevented, mental models of systems are incomplete, and our digital world constantly evolves. How can we verify that our systems behave the way we expect? What can we do to improve our systems'resilience? In this comprehensive guide, authors Kelly Shortridge and Aaron Rinehart help you navigate the challenges of sustaining resilience in complex software systems by using the principles and practices of security chaos engineering. By preparing for adverse events, you can ensure they don't disrupt your ability to innovate, move quickly, and achieve your engineering and business goals. Learn how to design a modern security programMake informed decisions at each phase of software delivery to nurture resilience and adaptive capacityUnderstand the complex systems dynamics upon which resilience outcomes dependNavigate technical and organizational trade-offsthat distort decision making in systemsExplore chaos experimentation to verify critical assumptions about software quality and securityLearn how major enterprises leverage security chaos engineering

Published
2023

38. Cyber Security and Operations Management for Industry 4.0

Author

Ahmed A Elngar, N. Thillaiarasu, Mohamed Elhoseny, K. Martin Sagayam, Ahmed A Elngar, N. Thillaiarasu, Mohamed Elhoseny, and K. Martin Sagayam

Subjects
Computer security--Management, Industry 4.0
Abstract

This book seamlessly connects the topics of Industry 4.0 and cyber security. It discusses the risks and solutions of using cyber security techniques for Industry 4.0.Cyber Security and Operations Management for Industry 4.0 covers the cyber security risks involved in the integration of Industry 4.0 into businesses and highlights the issues and solutions. The book offers the latest theoretical and practical research in the management of cyber security issues common in Industry 4.0 and also discusses the ethical and legal perspectives of incorporating cyber security techniques and applications into the day-to-day functions of an organization. Industrial management topics related to smart factories, operations research, and value chains are also discussed.This book is ideal for industry professionals, researchers, and those in academia who are interested in learning more about how cyber security and Industry 4.0 are related and can work together.

Published
2023

39. Computational Intelligence for Cybersecurity Management and Applications

Author

Yassine Maleh, Mamoun Alazab, Soufyane Mounir, Yassine Maleh, Mamoun Alazab, and Soufyane Mounir

Subjects
Computational intelligence, Computer security--Management
Abstract

As cyberattacks continue to grow in complexity and number, computational intelligence is helping under-resourced security analysts stay one step ahead of threats. Drawing on threat intelligence from millions of studies, blogs, and news articles, computational intelligence techniques such as machine learning and automatic natural language processing quickly provide the means to identify real threats and dramatically reduce response times. The book collects and reports on recent high-quality research addressing different cybersecurity challenges. It: explores the newest developments in the use of computational intelligence and AI for cybersecurity applications provides several case studies related to computational intelligence techniques for cybersecurity in a wide range of applications (smart health care, blockchain, cyber-physical system, etc.) integrates theoretical and practical aspects of computational intelligence for cybersecurity so that any reader, from novice to expert, may understand the book's explanations of key topics. It offers comprehensive coverage of the essential topics, including: machine learning and deep learning for cybersecurity blockchain for cybersecurity and privacy security engineering for cyber-physical systems AI and data analytics techniques for cybersecurity in smart systems trust in digital systems This book discusses the current state-of-the-art and practical solutions for the following cybersecurity and privacy issues using artificial intelligence techniques and cutting-edge technology. Readers interested in learning more about computational intelligence techniques for cybersecurity applications and management will find this book invaluable. They will get insight into potential avenues for future study on these topics and be able to prioritize their efforts better.

Published
2023

40. Microsoft 365 Security, Compliance, and Identity Administration : Plan and Implement Security and Compliance Strategies for Microsoft 365 and Hybrid Environments

Author

Peter Rising and Peter Rising

Subjects
Electronic data processing personnel--Certification--Study guides, Microsoft software, Computer security--Management
Abstract

Explore expert tips and techniques to effectively manage the security, compliance, and identity features within your Microsoft 365 applications Purchase of the print or Kindle book includes a free PDF eBookKey FeaturesDiscover techniques to reap the full potential of Microsoft security and compliance suiteExplore a range of strategies for effective security and complianceGain practical knowledge to resolve real-world challengesBook DescriptionThe Microsoft 365 Security, Compliance, and Identity Administration is designed to help you manage, implement, and monitor security and compliance solutions for Microsoft 365 environments. With this book, you'll first configure, administer identity and access within Microsoft 365. You'll learn about hybrid identity, authentication methods, and conditional access policies with Microsoft Intune. Next, you'll discover how RBAC and Azure AD Identity Protection can be used to detect risks and secure information in your organization. You'll also explore concepts such as Microsoft Defender for endpoint and identity, along with threat intelligence. As you progress, you'll uncover additional tools and techniques to configure and manage Microsoft 365, including Azure Information Protection, Data Loss Prevention (DLP), and Microsoft Defender for Cloud Apps. By the end of this book, you'll be well-equipped to manage and implement security measures within your Microsoft 365 suite successfully.What you will learnGet up to speed with implementing and managing identity and accessUnderstand how to employ and manage threat protectionManage Microsoft 365's governance and compliance featuresImplement and manage information protection techniquesExplore best practices for effective configuration and deploymentEnsure security and compliance at all levels of Microsoft 365Who this book is forThis book is for IT professionals, administrators, or anyone looking to pursue a career in security administration and wants to enhance their skills in utilizing Microsoft 365 Security Administration. A basic understanding of administration principles of Microsoft 365 and Azure Active Directory is a must. A good grip of on-premises Active Directory will be beneficial.

Published
2023

41. Project Zero Trust : A Story About a Strategy for Aligning Security and the Business

Author

George Finney and George Finney

Subjects
Business enterprises--Security measures, Computer security--Management, Security systems
Abstract

Implement Zero Trust initiatives efficiently and effectively In Project Zero Trust: A Story About a Strategy for Aligning Security and the Business, George Finney, Chief Security Officer at Southern Methodist University, delivers an insightful and practical discussion of Zero Trust implementation. Presented in the form of a fictional narrative involving a breach at a company, the book tracks the actions of the company's new IT Security Director. Readers will learn John Kindervag's 5-Step methodology for implementing Zero Trust, the four Zero Trust design principles, and how to limit the impact of a breach. They'll also find: Concrete strategies for aligning your security practices with the business Common myths and pitfalls when implementing Zero Trust and how to implement it in a cloud environment Strategies for preventing breaches that encourage efficiency and cost reduction in your company's security practices Project Zero Trust is an ideal resource for aspiring technology professionals, as well as experienced IT leaders, network engineers, system admins, and project managers who are interested in or expected to implement zero trust initiatives.

Published
2022

42. Digital Identity Management in Formal Education : Implications for Policy and Decision-Making

Author

Alan Moran and Alan Moran

Subjects
Information storage and retrieval systems--Educational technology, Educational technology--Security measures, Online identities--Social aspects, Risk management, Computer security--Management
Abstract

Digital Identity Management in Formal Education offers a broad analysis of the online self considered from educational policy, technological, legal and social perspectives. This book introduces the reader to the notion that digital identity is a multifaceted topic which requires a broad and systematic approach that is rooted in risk-based policy. It provides educational technologists, leaders and decision-makers with an accessible, jargon-free guide to their responsibilities towards students and instructors in today's digitally networked schools and universities. Real-life examples illustrate how digital identities impact management and delivery, privacy and transactions, governance and accountability, and other interconnected choices in the use of technology-enabled services in formal learning.

Published
2022

43. A Comprehensive Guide to Information Security Management and Audit

Author

Rajkumar Banoth, Gugulothu Narsimha, Aruna Kranthi Godishala, Rajkumar Banoth, Gugulothu Narsimha, and Aruna Kranthi Godishala

Subjects
Data protection--Standards, Business enterprises--Computer networks--Security measures--Standards, Business enterprises--Computer networks--Security measures, Computer security--Management, Data protection, Computer security--Management--Standards
Abstract

The text is written to provide readers with a comprehensive study of information security and management system, audit planning and preparation, audit techniques and collecting evidence, international information security (ISO) standard 27001, and asset management. It further discusses important topics such as security mechanisms, security standards, audit principles, audit competence and evaluation methods, and the principles of asset management. It will serve as an ideal reference text for senior undergraduate, graduate students, and researchers in fields including electrical engineering, electronics and communications engineering, computer engineering, and information technology.The book explores information security concepts and applications from an organizational information perspective and explains the process of audit planning and preparation. It further demonstrates audit techniques and collecting evidence to write important documentation by following the ISO 27001 standards.The book: Elaborates on the application of confidentiality, integrity, and availability (CIA) in the area of audit planning and preparation Covers topics such as managing business assets, agreements on how to deal with business assets, and media handling Demonstrates audit techniques and collects evidence to write the important documentation by following the ISO 27001 standards Explains how the organization's assets are managed by asset management, and access control policies Presents seven case studies

Published
2022

44. Shields Up : Cybersecurity Project Management

Author

Gregory J. Skulmoski and Gregory J. Skulmoski

Subjects
Electronic books, Computer security--Management
Abstract

The demand for cybersecurity expertise is growing phenomenally; enhancing cybersecurity project skills will boost technology professionals'careers and improve organizational cybersecurity readiness.Shields Up: Cybersecurity Project Management provides an end-to-end framework tuned for cybersecurity projects. More experienced cybersecurity professionals will appreciate the innovative and lean elements of this approach. The reader is guided through the delivery, management, and optimization approach that increases the probability of cybersecurity project success.Cybersecurity project management in Shields Up brings together international frameworks such as the Guide to the Project Management Body of Knowledge, the National Institute of Standards and Technology Cybersecurity Framework, ITIL 4 Service Management, the ISO 27001 Information Security Management, ISO 31000 Risk Management, and ISO 9000 Quality Management. A key benefit of this book is the reader can quickly apply the hybrid project management approach since it combines global frameworks already followed by cybersecurity professionals leading to successful projects. Never before has cybersecurity project management been so important.

Published
2022

45. Cyberinsurance Policy : Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks

Author

Josephine Wolff and Josephine Wolff

Subjects
Cyberspace--Security measures--Management, Computer security--Management, Computer insurance, Computer crimes--Prevention, Risk management
Abstract

Why cyberinsurance has not improved cybersecurity and what governments can do to make it a more effective tool for cyber risk management.As cybersecurity incidents—ranging from data breaches and denial-of-service attacks to computer fraud and ransomware—become more common, a cyberinsurance industry has emerged to provide coverage for any resulting liability, business interruption, extortion payments, regulatory fines, or repairs. In this book, Josephine Wolff offers the first comprehensive history of cyberinsurance, from the early “Internet Security Liability” policies in the late 1990s to the expansive coverage offered today. Drawing on legal records, government reports, cyberinsurance policies, and interviews with regulators and insurers, Wolff finds that cyberinsurance has not improved cybersecurity or reduced cyber risks. Wolff examines the development of cyberinsurance, comparing it to other insurance sectors, including car and flood insurance; explores legal disputes between insurers and policyholders about whether cyber-related losses were covered under policies designed for liability, crime, or property and casualty losses; and traces the trend toward standalone cyberinsurance policies and government efforts to regulate and promote the industry. Cyberinsurance, she argues, is ineffective at curbing cybersecurity losses because it normalizes the payment of online ransoms, whereas the goal of cybersecurity is the opposite—to disincentivize such payments to make ransomware less profitable. An industry built on modeling risk has found itself confronted by new technologies before the risks posed by those technologies can be fully understood.

Published
2022

46. Cybersecurity Management : An Organizational and Strategic Approach

Author

Nir Kshetri and Nir Kshetri

Subjects
Computer crimes, Computer security--Management
Abstract

Cyberthreats are among the most critical issues facing the world today. Cybersecurity Management draws on case studies to analyze cybercrime at the macro level, and evaluates the strategic and organizational issues connected to cybersecurity. Cross-disciplinary in its focus, orientation, and scope, this book looks at emerging communication technologies that are currently under development to tackle emerging threats to data privacy. Cybersecurity Management provides insights into the nature and extent of cyberthreats to organizations and consumers, and how such threats evolve with new technological advances and are affected by cultural, organizational, and macro‐environmental factors. Cybersecurity Management articulates the effects of new and evolving information, communication technologies, and systems on cybersecurity and privacy issues. As the COVID-19 pandemic has revealed, we are all dependent on the Internet as a source for not only information but also person-to-person connection, thus our chances of encountering cyberthreats is higher than ever. Cybersecurity Management aims to increase the awareness of and preparedness to handle such threats among policy-makers, planners, and the public.

Published
2021

47. The CISO’s Transformation : Security Leadership in a High Threat Landscape

Author

Raj Badhwar and Raj Badhwar

Subjects
Computer security--Management, Executives
Abstract

The first section of this book addresses the evolution of CISO (chief information security officer) leadership, with the most mature CISOs combining strong business and technical leadership skills. CISOs can now add significant value when they possess an advanced understanding of cutting-edge security technologies to address the risks from the nearly universal operational dependence of enterprises on the cloud, the Internet, hybrid networks, and third-party technologies demonstrated in this book. In our new cyber threat-saturated world, CISOs have begun to show their market value. Wall Street is more likely to reward companies with good cybersecurity track records with higher stock valuations. To ensure that security is always a foremost concern in business decisions, CISOs should have a seat on corporate boards, and CISOs should be involved from beginning to end in the process of adopting enterprise technologies.The second and third sections of thisbook focus on building strong security teams, and exercising prudence in cybersecurity. CISOs can foster cultures of respect through careful consideration of the biases inherent in the socio-linguistic frameworks shaping our workplace language and through the cultivation of cyber exceptionalism. CISOs should leave no stone unturned in seeking out people with unique abilities, skills, and experience, and encourage career planning and development, in order to build and retain a strong talent pool. The lessons of the breach of physical security at the US Capitol, the hack back trend, and CISO legal liability stemming from network and data breaches all reveal the importance of good judgment and the necessity of taking proactive stances on preventative measures. This book will target security and IT engineers, administrators and developers, CIOs, CTOs, CISOs, and CFOs. Risk personnel, CROs, IT, security auditors and security researchers will alsofind this book useful.

Published
2021

48. Advances in Cybersecurity Management

Author

Kevin Daimi, Cathryn Peoples, Kevin Daimi, and Cathryn Peoples

Subjects
Computer security--Management
Abstract

This book concentrates on a wide range of advances related to IT cybersecurity management. The topics covered in this book include, among others, management techniques in security, IT risk management, the impact of technologies and techniques on security management, regulatory techniques and issues, surveillance technologies, security policies, security for protocol management, location management, GOS management, resource management, channel management, and mobility management. The authors also discuss digital contents copyright protection, system security management, network security management, security management in network equipment, storage area networks (SAN) management, information security management, government security policy, web penetration testing, security operations, and vulnerabilities management. The authors introduce the concepts, techniques, methods, approaches and trends needed by cybersecurity management specialists and educators for keeping current their cybersecurity management knowledge. Further, they provide a glimpse of future directions where cybersecurity management techniques, policies, applications, and theories are headed. The book is a rich collection of carefully selected and reviewed manuscripts written by diverse cybersecurity management experts in the listed fields and edited by prominent cybersecurity management researchers and specialists.

Published
2021

49. Infosec Strategies and Best Practices : Gain Proficiency in Information Security Using Expert-level Strategies and Best Practices

Author

Joseph MacMillan and Joseph MacMillan

Subjects
Computer security--Management
Abstract

Advance your career as an information security professional by turning theory into robust solutions to secure your organizationKey FeaturesConvert the theory of your security certifications into actionable changes to secure your organizationDiscover how to structure policies and procedures in order to operationalize your organization's information security strategyLearn how to achieve security goals in your organization and reduce software riskBook DescriptionInformation security and risk management best practices enable professionals to plan, implement, measure, and test their organization's systems and ensure that they're adequately protected against threats. The book starts by helping you to understand the core principles of information security, why risk management is important, and how you can drive information security governance. You'll then explore methods for implementing security controls to achieve the organization's information security goals. As you make progress, you'll get to grips with design principles that can be utilized along with methods to assess and mitigate architectural vulnerabilities. The book will also help you to discover best practices for designing secure network architectures and controlling and managing third-party identity services. Finally, you will learn about designing and managing security testing processes, along with ways in which you can improve software security. By the end of this infosec book, you'll have learned how to make your organization less vulnerable to threats and reduce the likelihood and impact of exploitation. As a result, you will be able to make an impactful change in your organization toward a higher level of information security.What you will learnUnderstand and operationalize risk management concepts and important security operations activitiesDiscover how to identify, classify, and maintain information and assetsAssess and mitigate vulnerabilities in information systemsDetermine how security control testing will be undertakenIncorporate security into the SDLC (software development life cycle)Improve the security of developed software and mitigate the risks of using unsafe softwareWho this book is forIf you are looking to begin your career in an information security role, then this book is for you. Anyone who is studying to achieve industry-standard certification such as the CISSP or CISM, but looking for a way to convert concepts (and the seemingly endless number of acronyms) from theory into practice and start making a difference in your day-to-day work will find this book useful.

Published
2021

50. Incident Response in the Age of Cloud : Techniques and Best Practices to Effectively Respond to Cybersecurity Incidents

Author

Dr. Erdal Ozkaya and Dr. Erdal Ozkaya

Subjects
Cloud computing, Computer security--Management, Computer security
Abstract

Learn to identify security incidents and build a series of best practices to stop cyber attacks before they create serious consequencesKey FeaturesDiscover Incident Response (IR), from its evolution to implementationUnderstand cybersecurity essentials and IR best practices through real-world phishing incident scenariosExplore the current challenges in IR through the perspectives of leading expertsBook DescriptionCybercriminals are always in search of new methods to infiltrate systems. Quickly responding to an incident will help organizations minimize losses, decrease vulnerabilities, and rebuild services and processes. In the wake of the COVID-19 pandemic, with most organizations gravitating towards remote working and cloud computing, this book uses frameworks such as MITRE ATT&CK® and the SANS IR model to assess security risks. The book begins by introducing you to the cybersecurity landscape and explaining why IR matters. You will understand the evolution of IR, current challenges, key metrics, and the composition of an IR team, along with an array of methods and tools used in an effective IR process. You will then learn how to apply these strategies, with discussions on incident alerting, handling, investigation, recovery, and reporting. Further, you will cover governing IR on multiple platforms and sharing cyber threat intelligence and the procedures involved in IR in the cloud. Finally, the book concludes with an “Ask the Experts” chapter wherein industry experts have provided their perspective on diverse topics in the IR sphere. By the end of this book, you should become proficient at building and applying IR strategies pre-emptively and confidently.What you will learnUnderstand IR and its significanceOrganize an IR teamExplore best practices for managing attack situations with your IR teamForm, organize, and operate a product security team to deal with product vulnerabilities and assess their severityOrganize all the entities involved in product security responseRespond to security vulnerabilities using tools developed by Keepnet Labs and BinalyzeAdapt all the above learnings for the cloudWho this book is forThis book is aimed at first-time incident responders, cybersecurity enthusiasts who want to get into IR, and anyone who is responsible for maintaining business security. It will also interest CIOs, CISOs, and members of IR, SOC, and CSIRT teams. However, IR is not just about information technology or security teams, and anyone with a legal, HR, media, or other active business role would benefit from this book. The book assumes you have some admin experience. No prior DFIR experience is required. Some infosec knowledge will be a plus but isn't mandatory.

Published
2021

Catalog

Books, media, physical & digital resources
See catalog results