دانلود کتاب Cyber Security: ESORMA Quickstart Guide: Enterprise Security Operations Risk Management Architecture for Cyber Security Practitioners

فهرست مطالب :

Change Is Needed Foundation What ESORMA is and is not Every Business Has A CISO Where to start? Learn While ‘Doing’ This Quick Start Guide Is Here For You Continuing Professional Education Practical And Pragmatic The Common Problem Loose Frameworks Are More Adaptable Is Security A Cost? An Enabler? Or Profit Centre? The ESORMA Membership Wait There’s More! What Alternatives Are There? The Well-Architected GRC Framework The Key Domains ESORMA Summary ESORMA Domain #1: Scope How scoping is done Categorisation: Classification Tools The Information Asset Register Geo-Mapping Tool Information Flow Map Fishbone Diagram Case Study Summary Domain #1: Scope Questionnaire ESORMA Domain #2: Priority Two Ways To Measure Risk Human Risk Factors Key Tools Job Rotation Job Segregation Key Risk Stages Threats and Vulnerabilities Risk Assessment & Prioritisation The Five Major Components of Quantitative Risk Analysis How To Calculate Risk How To Invest In Safeguards Efficiently Associated Safeguard Costs Risk Registers Case Study FREE Bonus Chapter Resource Summary Domain #2: Priority Questionnaire ESORMA Domain #3: Evaluate Business Impact Analysis The objective of the BIA is to help you in several areas: Timing Priority The Benefits of Using A Form Driven Approach Understanding Through Interviews Business Procedures Information Systems Real Assets RISK Appetite Genuine Business Benefits Impact Statements Timing Risk Treatment Risk Acceptance Framework FREE Bonus Chapter Resource Summary Domain #3: Evaluate Questionnaire ESORMA Domain #4: Enable Tools Risk Communication Risk Awareness Checklist Documentation Compliance The PDCA: PLAN - DO - CHECK - ACT Walk through. Resource Management Controls Summary Domain #4: Enable Questionnaire ESORMA Domain #5: Harden Pre-Planning Clarity Capability Disasters Happen Business Continuity and Disaster Recovery (BC/DRP) Business Continuity Management Lifecycle Disaster Recovery Disaster Recovery Plan Lifecycle BCM/DRP Objectives Summary Domain #5: Harden Questionnaire ESORMA Domain #6: Monitor How monitoring is conducted Strategy Programme Analysis Response Tools & Walk-through SIEM Continuous audit module Manual audit logs Heartbeat monitoring Penetration Testing Control objective evaluation Summary Domain #6: Monitor Questionnaire ESORMA Domain #7: Operations What is the alternative to a SOC? Good security is invisible. The Who ? The How ? The What ? Tools Case Studies Summary Domain #7: Operations Questionnaire ESORMA Domain #8: Comply Geographic locations Contractual obligations Organisational principles Optional standards How compliance is done Compliance Tools UCF (Unified controls framework) CCM from the CSA ESORMA GRC Case Studies Summary Domain #8: Comply Questionnaire EPILOGUE The Book Plan The ESORMA Platform Introducing The Authors Mustafa Ahmed David White Special Thanks Finally