دانلود کتاب The Cybersecurity Manager's Guide: The Art of Building Your Security Program

فهرست مطالب :

Copyright
Table of Contents
Why I Wrote this Book
Conventions Used in This Book
O’Reilly Online Learning
How to Contact Us
Acknowledgments
Chapter 1. The Odds Are Against You
Fact 1: Nobody Really Cares
Fact 2: Nobody Understands
Fact 3: Fear Drives Our Industry
Conclusion 1: It’s All Up to You
Conclusion 2: You’ll Always Be Under-Resourced
Conclusion 3: Being Successful Requires Thoughtful Work
Conclusion
Chapter 2. The Science of Our Business:The Eight Domains
Why Am I Commenting on the Eight Domains?
Domain 1: Security and Risk Management
IT Policies and Procedures
Security Governance Principles
Risk-Based Management Concepts
The Other Areas in the First Domain
Domain 2: Asset Security
Domain 3: Security Engineering and Architecture
Domain 4: Communications and Network Security
Domain 5: Identity and Access Management
Domain 6: Security Assessment and Testing
Domain 7: Security Operations
Domain 8: Software Development Security
Conclusion
Chapter 3. The Art of Our Business: The Seven Steps
The Sumo Approach
The Judo Approach
The Seven Steps to Engage Your Organization
Step 1: Cultivate Relationships
Step 2: Ensure Alignment
Step 3: Use the Four Cornerstones to Lay the Groundwork for Your Program
Step 4: Create a Communications Plan
Step 5: Give Your Job Away
Step 6: Build Your Team
Step 7: Measure What Matters
Conclusion
Chapter 4. Step 1: Cultivate Relationships
Caution: The Nature of Our Work
Making Relationships a Top Priority
Your Program Will Be Only as Good as Your Relationships
Relationships Aren’t Sexy
Hiring Staff with Relationships in Mind
Building Strong Relationships: It Takes a Plan
Understanding the Value of Listening
Reaping the Benefits of Relationships: Teamwork
Fostering Special Relationships
Legal
Corporate Audit
Corporate Security
Human Resources
Conclusion
Chapter 5. Step 2: Ensure Alignment
What I Mean by Alignment
Choosing Where to Start on Alignment
Seeing Alignment as the Starting Point
Determining Your Company’s Risk Profile
The Ideal Alignment
Understanding Your Company’s Unique Risk Profile
Creating Alignment Through Councils
Security business council
Extended security council
Executive security council
Recognizing Signs of Misalignment
Conclusion
Chapter 6. Step 3: Use the Four Cornerstones to Lay the Foundation of Your Program
The Four Cornerstones
Cornerstone 1: Documentation
The Charter
Information Security Policy
Security Incident Response Plan
Takeaways
Cornerstone 2: Governance
Cornerstone 3: Security Architecture
What Does Architecture Look Like?
How to Put the Security Architecture Together
What’s the Outcome of Developing the Security Architecture?
Cornerstone 4: Communications, Education, and Awareness
The Benefits of Training and Educating Others
Conclusion
Chapter 7. Step 4: Use Communications to Get the Message Out
What Is a Communications Program?
Why Is a Communications Program So Important?
Communications Within the InfoSec Team
The Goal and Objectives of the Communications Program
Starting Your Communications Program
Not All Departments Require Equal Levels of Communication
Your Team’s Responsibilities
Communications at Work
Example 1: Training with Industry Experts
Example 2: Collaborative Decision Making
Example 3: InfoSec Campus Events
Signs the Communications Plan Is Working
Conclusion
Chapter 8. Step 5: Give Your Job Away...It’s Your Only Hope
Giving Your Job Away, a History Lesson
The 1990s
The Early 2000s
The Late 2000s
2010 to Today
Understanding Your Challenge
Relationships and the Neighborhood Watch
The Need for Governance
Understanding the Risks to Giving Your Job Away
Risky Situation 1
Risky Situation 2
Risky Situation 3
Working with Your New Neighbors
Helpful Hints for Working with Other Teams
Conclusion
Chapter 9. Step 6: Organize Your InfoSec Team
Identifying the Type of Talent You’ll Need
Managing a Preexisting Team
Where You Report in the Organization Matters
Working with the Infrastructure Team
Dealing with Toxic Security Leaders
Turning Around an InfoSec Enemy
Defining Roles and Responsibilities of Team Members
Conclusion
Chapter 10. Step 7: Measure What Matters
Why Measure?
Understanding What to Measure
Recognizing Policy Violations
The Mother of All Metrics: Phishing Tests
Social Engineering and Staff Training
Technology Versus Training
Conclusion
Chapter 11. Working with the Audit Team
The Audit Team Needs Your Help to Be Effective in Cybersecurity
A Typical Encounter with Auditors When Not Guided by InfoSec
Partnering with the Audit Team to Influence Change
Where Did Auditors Get Such License?
Getting Value from an Audit
Conclusion
Chapter 12. A Note to CISOs
Seeing the CISO as a Cultural Change Agent
Keeping Your Sword Sharp
Hiring Techies
Utilising Lunches
Free Lunch Fridays
Lunches with Other Companies
Holding Cybersecurity Conferences
Meeting with Other CISOs
Conclusion
Final Thoughts
Where to Go from Here
Conclusion
Index
About the Author