Cover image for The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks

Release Date: 2020/12/01
ISBN: 9781787782624
Topic:
0%
47
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

This book is a comprehensive cyber security implementation manual which gives practical guidance on the individual activities identified in the IT Governance Cyber Resilience Framework (CRF) that can help organisations become cyber resilient and combat the cyber threat landscape.

Table of Contents

  1. Cover
  2. Title
  3. Copyright
  4. Contents
  5. Part 1: Introduction
    1. Chapter 1: The threat landscape
    2. Chapter 2: Information and cyber security
    3. Chapter 3: Cyber resilience
    4. Chapter 4: Regulatory and contractual requirements
    5. 4.1 International data privacy laws
    6. 4.2 Cyber security requirements for critical infrastructure
    7. 4.3 Contractual requirements
    8. Chapter 5: Implementing cyber security
    9. 5.1 Making trade-offs
    10. 5.2 Three security pillars
    11. 5.3 The IT Governance Cyber Resilience Framework (CRF)
    12. 5.4 Structure of the book
  6. Part 2: Threats and vulnerabilities
    1. Chapter 6: The anatomy of threats
    2. Chapter 7: Technical threats
    3. 7.1 The attackers
    4. 7.2 Malware
    5. 7.3 Technical threat example: TalkTalk data breach
    6. Chapter 8: Human threats
    7. 8.1 Staff awareness
    8. 8.2 Social engineering
    9. 8.3 Remote working
    10. 8.4 Human threat example: WannaCry
    11. Chapter 9: Physical threats
    12. 9.1 Physical entry threats
    13. 9.2 Physical security and mobile devices
    14. 9.3 Environmental threats
    15. 9.4 Physical threat example: KVM attacks
    16. Chapter 10: Third-party threats
    17. 10.1 Supply chain threats
    18. 10.2 Third-party threat example: Target data breach
  7. Part 3: The CRF processes
    1. Chapter 11: An overview of the CRF processes
    2. Chapter 12: Manage and protect
    3. 12.1 Asset management
    4. 12.2 Information security policies
    5. 12.3 Physical and environmental security
    6. 12.4 Identity and access control
    7. 12.5 Malware protection
    8. 12.6 Configuration and patch management
    9. 12.7 Encryption
    10. 12.8 System security
    11. 12.9 Network and communications security
    12. 12.10 Security competence and training
    13. 12.11 Staff awareness training
    14. 12.12 Comprehensive risk management programme
    15. 12.13 Supply chain risk management
    16. Chapter 13: Identify and detect
    17. 13.1 Threat and vulnerability intelligence
    18. 13.2 Security monitoring
    19. Chapter 14: Respond and recover
    20. 14.1 Incident response management
    21. 14.2 ICT continuity management
    22. 14.3 Business continuity management
    23. Chapter 15: Govern and assure
    24. 15.1 Formal information security management programme
    25. 15.2 Continual improvement process
    26. 15.3 Board-level commitment and involvement
    27. 15.4 Governance structure and processes
    28. 15.5 Internal audit
    29. 15.6 External certification/validation
    30. Chapter 16: Maturity levels
    31. 16.1 Determining the level of maturity to aim for
  8. Part 4: Eight steps to implementing cyber security
    1. Chapter 17: Introducing the IT Governance eight-step approach
    2. Chapter 18: Step 1 – Start the project
    3. 18.1 Project mandate
    4. 18.2 Project team
    5. 18.3 Project leadership
    6. Chapter 19: Step 2 – Determine requirements and objectives
    7. 19.1 Project vs cyber security objectives
    8. Chapter 20: Step 3 – Determine the scope
    9. Chapter 21: Step 4 – Define current and ideal target states
    10. Using the CRF
    11. Gap analysis
    12. Chapter 22: Step 5 – Establish a continual improvement model
    13. Chapter 23: Step 6 – Conduct a risk assessment
    14. Chapter 24: Step 7 – Select and implement controls
    15. Chapter 25: Step 8 – Measure and review performance
    16. 25.1 Continual improvement
    17. 25.2 Management review
  9. Part 5: Reference frameworks
    1. Chapter 26: Why you should consider reference frameworks
    2. 26.1 Standard types
    3. 26.2 Certification benefits
    4. Chapter 27: Core
    5. 27.1 Cyber Essentials
    6. 27.2 CRF alignment
    7. Chapter 28: Baseline
    8. 28.1 NIST CSF
    9. 28.2 ISO 27001
    10. 28.3 CRF alignment
    11. Chapter 29: Extended
    12. 29.1 ISO 22301 – BCM
    13. 29.2 ISO 27017 – Cloud security
    14. 29.3 ISO 27035 – Information security incident management
    15. 29.4 ISO 27036 – Information security in the supply chain
    16. 29.5 ISO 27701 – Privacy management
    17. 29.6 CRF alignment
    18. Chapter 30: Embedded
    19. 30.1 COBIT®
    20. 30.2 ISO 27014
    21. 30.3 CRF alignment
    22. Part 6: Conclusion and appendices
    23. Chapter 31: Conclusion
  10. Appendix 1: IT and information asset checklist
  11. Appendix 2: Template outline project plan
  12. Appendix 3: Glossary of acronyms and abbreviations
  13. GRC International Group resources
    1. Publishing services
    2. GRC International Group cyber security services
    3. Cyber security training and staff awareness
    4. Professional services and consultancy
    5. Newsletter
52.14.0.24