Chapter 1: The threat landscape
Chapter 2: Information and cyber security
Chapter 4: Regulatory and contractual requirements
4.1 International data privacy laws
4.2 Cyber security requirements for critical infrastructure
Chapter 5: Implementing cyber security
5.3 The IT Governance Cyber Resilience Framework (CRF)
Part 2: Threats and vulnerabilities
Chapter 6: The anatomy of threats
7.3 Technical threat example: TalkTalk data breach
8.4 Human threat example: WannaCry
9.2 Physical security and mobile devices
9.4 Physical threat example: KVM attacks
Chapter 10: Third-party threats
10.2 Third-party threat example: Target data breach
Chapter 11: An overview of the CRF processes
Chapter 12: Manage and protect
12.2 Information security policies
12.3 Physical and environmental security
12.4 Identity and access control
12.6 Configuration and patch management
12.9 Network and communications security
12.10 Security competence and training
12.11 Staff awareness training
12.12 Comprehensive risk management programme
12.13 Supply chain risk management
Chapter 13: Identify and detect
13.1 Threat and vulnerability intelligence
Chapter 14: Respond and recover
14.1 Incident response management
14.2 ICT continuity management
14.3 Business continuity management
15.1 Formal information security management programme
15.2 Continual improvement process
15.3 Board-level commitment and involvement
15.4 Governance structure and processes
15.6 External certification/validation
16.1 Determining the level of maturity to aim for
Part 4: Eight steps to implementing cyber security
Chapter 17: Introducing the IT Governance eight-step approach
Chapter 18: Step 1 – Start the project
Chapter 19: Step 2 – Determine requirements and objectives
19.1 Project vs cyber security objectives
Chapter 20: Step 3 – Determine the scope
Chapter 21: Step 4 – Define current and ideal target states
Chapter 22: Step 5 – Establish a continual improvement model
Chapter 23: Step 6 – Conduct a risk assessment
Chapter 24: Step 7 – Select and implement controls
Chapter 25: Step 8 – Measure and review performance
Chapter 26: Why you should consider reference frameworks
29.2 ISO 27017 – Cloud security
29.3 ISO 27035 – Information security incident management
29.4 ISO 27036 – Information security in the supply chain
29.5 ISO 27701 – Privacy management
Part 6: Conclusion and appendices
Appendix 1: IT and information asset checklist
Appendix 2: Template outline project plan
Appendix 3: Glossary of acronyms and abbreviations
GRC International Group resources
GRC International Group cyber security services
Cyber security training and staff awareness
Professional services and consultancy
18.191.174.111