Preface
In this book, we will cover various topics within the information security (InfoSec) domain, and help you to translate your organization's strategic requirements into actionable improvements in securing their most valuable assets.
You can expect to learn about a wide range of InfoSec paradigms, including the foundations of risk management, implementing processes and controls, designing information systems securely, and managing the day-to-day activities required to ensure security is maintained at your organization.
Upon completion, you should be well on your way toward converting the theory of your InfoSec certifications into actionable and practical changes you can make to ensure your organization is more secure. Beyond that, delving deeper into any and all of the topics covered in this book will help you to progress in your career as an InfoSec professional.
Who this book is for
This book is for those who are looking to begin (or have recently begun) working in an InfoSec role. Perhaps you've been taking courses and studying for an industry-standard certification such as the CISSP or CISM, but you're looking for a way to convert the concepts (and seemingly endless number of acronyms) from theory into practice and start making a difference in your day-to-day work at your organization.
What this book covers
Chapter 1, InfoSec and Risk Management, establishes the core principles of InfoSec and ensures the topics central to the discipline are well-understood.
Chapter 2, Protecting the Security of Assets, implements effective processes to ensure you can identify the assets of an organization and avoid common pitfalls that InfoSec professionals encounter.
Chapter 3, Designing Secure Information Systems, explores how to assess architectures and systems for vulnerabilities and mitigate those vulnerabilities with controls, including cryptography.
Chapter 4, Designing and Protecting Network Security, covers designing secure network systems, selecting the appropriate network components, and ensuring their effectiveness for your organization's requirements.
Chapter 5, Controlling Access and Managing Identity, examines both physical and digital access to your organization, and the various aspects of selecting and implementing the appropriate identity and access management controls.
Chapter 6, Designing and Managing Security Testing Processes, covers adopting a mindset of continuous improvement by testing existing implementations and utilizing any findings to optimize your InfoSec program.
Chapter 7, Owning Security Operations, covers aligning the day-to-day tasks involved with maintaining InfoSec to an organization's strategies.
Chapter 8, Improving the Security of Software, covers enforcing secure practices in procuring and developing software.
To get the most out of this book
Bring your inquisitive nature and interest in securing information systems. This book covers an extremely wide set of subjects, offering the opportunity to investigate further on your own. If a topic interests you, make sure you delve deeper into the content available online.
After completing this book, challenge the conclusions made, don't accept anything as a hard-and-fast rule, and cater all the solutions to suit you and your organization.
Download the color images
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/9781800566354_ColorImages.pdf.
Conventions used
The following is how tip and information notes will be shown throughout this book:
Tips or important notes
Appear like this.
Get in touch
Feedback from our readers is always welcome.
General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.
Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Reviews
Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!
For more information about Packt, please visit packt.com.