Home Page Icon
Home Page
Table of Contents for
Infosec Strategies and Best Practices
Close
Infosec Strategies and Best Practices
by
Infosec Strategies and Best Practices
Infosec Strategies and Best Practices
Contributors
About the author
About the reviewer
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Section 1: Information Security Risk Management and Governance
Chapter 1: InfoSec and Risk Management
Basic InfoSec terminology
Understanding why risk management is important
Understanding assets
Understanding vulnerabilities
Performing a basic risk assessment
Defining and calculating impact
Defining and calculating likelihood
Calculating risk
Risk appetite, risk treatment, and risk acceptance
Considering legal regulations, investigations, and compliance structures
Compliance structures
Understanding legal and regulatory requirements
Responding to and undertaking investigations
Further compliance optimization
Proven methodologies in creating a strategy
Creating InfoSec policies, procedures, and playbooks
Establishing and maintaining a security awareness, education, and training program
Managing third-party risk
Continual improvement and reporting
Summary
Chapter 2: Protecting the Security of Assets
Implementing an ISMS
Responsibilities of top management
Developing an ISMS
Educating members of your organization
Evaluating the effectiveness of the ISMS
Improving the policy
Identifying and classifying information assets
Structuring information asset classifications
Determining the roles for assets
Methods of identifying and protecting information assets
Retention policies
Securing information assets
Disposing of assets
Data remnants
Summary
Section 2: Closing the Gap: How to Protect the Organization
Chapter 3: Designing Secure Information Systems
Understanding the risks your organization faces
Threats, threat actors, and motivations
Vulnerabilities
System exploitation methods
Best practices in assessing and mitigating vulnerabilities
Hardware security
Software security
Network security
Physical security
Selecting appropriate controls/defense against the dark arts
Best practices in designing secure information systems
Secure design principles
Well-known controls and their mitigations
Considering alternative devices
Summary
Chapter 4: Designing and Protecting Network Security
Designing secure network architectures
Internet Protocol suite and the OSI model
Network components and protocols
Network devices and applications
Attacks, defense, and detection
Strategies for protecting network security
Creating a policy
Keep it simple
Business continuity and disaster recovery
Backup and restore procedures
Insider threat mitigations/third-party threats
Software and firmware updates
Ensuring secure communication
Cloud network security
Education and awareness
Security Operations Center
Chapter 5: Controlling Access and Managing Identity
Access control models and concepts
State machine model
Information flow model
Confidentiality models
Integrity models
Real-world access control models
Selecting and implementing authentication and authorization mechanisms
Authentication versus authorization
Authentication and security
Authorization
Identity and access management (IAM)
Leveraging identity services
Controlling physical access to assets
Physical access control
Electronic access control
Preventing exploitation
Summary
Section 3: Operationalizing Information Security
Chapter 6: Designing and Managing Security Testing Processes
Preparing for security assessments
Defining your requirements
Understanding the different types of security assessments
Automated assessments and scanning
Internal assessments
Third-party assessments
Best practices in performing security assessments
Interpreting results from security assessments
Summary
Chapter 7: Owning Security Operations
Effective strategies in provisioning resources and maintaining assets
Provisioning resources
Focusing on availability, disaster recovery, and business continuity
Defining, implementing, and testing disaster recovery processes
Managing business continuity design, planning, and testing
Implementing and managing physical security
Managing upgrades, patching, and applying security controls
Education
Change control
Security improvement program
Investigating events and responding to incidents
Defining your incident response plans
Performing security investigations
Implementing and utilizing detective controls
Using security monitoring to improve visibility
Security monitoring best practices
Establish requirements and define workflows
Define specific rules and ensure their effectiveness
Continuously improve your SIEM configuration and incident response policies
Summary
Chapter 8: Improving the Security of Software
Exploring software security paradigms
Buyer beware
Legal documentation
Understanding the secure development life cycle
Compatibility with various software development methodologies
Defining business and security requirements
Designing secure software
Testing plans for secure software
Securing software development
Testing the software
Utilizing the OWASP Top 10 Proactive Controls
Define security requirements
Leverage security frameworks and libraries
Secure database access
Encode and escape data
Validate all inputs
Implement digital identity
Enforce access controls
Protect data everywhere
Implement security logging and monitoring
Handle all errors and exceptions
Assessing software security
Reducing the risk from software developed by a third-party vendor
Improving the security of in-house software
Summary
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Leave a review - let other readers know what you think
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Infosec Strategies and Best Practices
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset