Scribd
Upload
95 views6 pages

TOC Cybersecurity

This document provides an overview of effective cybersecurity. It contains 18 chapters that cover topics such as security governance, risk assessment, security management, people management, information management, physical asset management, system development, business application management, system access, system management, networks and communications, supply chain management, technical security management, threat and incident management, local environment management, business continuity, security monitoring and improvement. The document aims to provide best practices, concepts, and frameworks for establishing an effective cybersecurity program.

Uploaded by

The Path Finder
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
95 views6 pages

TOC Cybersecurity

This document provides an overview of effective cybersecurity. It contains 18 chapters that cover topics such as security governance, risk assessment, security management, people management, information management, physical asset management, system development, business application management, system access, system management, networks and communications, supply chain management, technical security management, threat and incident management, local environment management, business continuity, security monitoring and improvement. The document aims to provide best practices, concepts, and frameworks for establishing an effective cybersecurity program.

Uploaded by

The Path Finder
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

EFFECTIVE CYBERSECURITY

CONTENTS

About the Author

Preface

Chapter 1 Best Practices, Standards, and a Plan of Action


1.1 Defining Cyberspace and Cybersecurity
1.2 The Value of Standards and Best Practices Documents
1.3 The Standard of Good Practice for Information Security
1.4 The ISO Suite of Information Security Standards
1.5 NIST Cybersecurity Framework and Security Documents
1.6 The CIS Critical Security Controls for Effective Cyber Defense
1.7 COBIT 5 for Information Security
1.8 Payment Card Industry Data Security Standard
1.9 ITU-T Security Documents
1.10 Effective Cybersecurity
1.11 Key Terms and Review Questions
1.12 References

PART ONE PLANNING FOR CYBERSECURITY


Chapter 2 Security Governance
2.1 Security Governance and Security Management
2.2 Security Governance Principles and Desired Outcomes
2.3 Security Governance Components
2.4 Security Governance Evaluation
2.5 Security Governance Best Practices
2.6 Key Terms and Review Questions
2.7 References

Chapter 3 Information Risk Assessment


3.1 Risk Assessment Concepts
3.2 System Assessment Approaches
3.3 Asset Identification
3.4 Threat Identification
3.5 Control Identification
3.6 Vulnerability Identification
3.7 Consequences Identification
3.8 Risk Analysis
3.9 Risk Evaluation
3.10 Risk Treatment
3.11 Risk Assessment Best Practices
3.12 Key Terms and Review Questions
3.13 References
Chapter 4 Security Management
4.1 The Security Management Function
4.2 Security Policy
4.3 Acceptable Use Policy
4.4 Security Management Best Practices
4.5 Key Terms and Review Questions
4.6 References

PART TWO MANAGING THE CYBERSECURITY


FUNCTION

Chapter 5 People Management


5.1 Human Resource Security
5.2 Security Awareness and Education
5.3 Security Management Best Practices
5.4 Key Terms and Review Questions
5.5 References

Chapter 6 Information Management


6.1 Information Classification and Handling
6.2 Privacy
6.3 Document and Records Management
6.4 Sensitive Physical Information
6.5 Information Management Best Practices
6.6 Key Terms and Review Questions
6.7 References

Chapter 7 Physical Asset Management


7.1 Hardware Life Cycle Management
7.2 Office Equipment
7.3 Industrial Control Systems
7.4 Mobile Device Security
7.5 Physical Asset Management Best Practices
7.6 Key Terms and Review Questions
7.7 References

Chapter 8 System Development


8.1 System Development Life Cycle
8.2 Incorporating Security into the SDLC
8.3 System Development Management
8.4 System Development Best Practices
8.5 Key Terms and Review Questions
8.6 References

Chapter 9 Business Application Management


9.1 Application Management Concepts
9.2 Corporate Business Application Security
9.3 End User Developed Application Security
9.4 Business Application Management Best Practices
9.5 Key Terms and Review Questions
9.6 References

Chapter 10 System Access


10.1 System Access Concepts
10.2 User Authentication
10.3 Password-Based Authentication
10.4 Possession-Based Authentication
10.5 Biometric Authentication
10.6 Risk Assessment for User Authentication
10.7 Access Control
10.8 Customer Access
10.9 System Access Best Practices
10.10 Key Terms and Review Questions
10.11 References

Chapter 11 System Management


11.1 Server Configuration
11.2 Virtual Servers
11.3 Network Storage Systems
11.4 Service Level Agreements
11.5 Performance and Capacity Management
11.6 Backup
11.7 Change Management
11.8 System Management Best Practices
11.9 Key Terms and Review Questions
11.10 References

Chapter 12 Networks and Communications


12.1 Network Management Concepts
12.2 Firewalls
12.3 Virtual Private Networks and IP Security
12.4 Security Considerations for Network Management
12.5 Electronic Communications
12.6 Network and Communications Best Practices
12.7 Key Terms and Review Questions
12.8 References
Chapter 13 Supply Chain Management
13.1 Supply Chain Management Concepts
13.2 Supply Chain Risk Management
13.3 Cloud Computing
13.4 Cloud Security
13.5 Supply Chain Best Practices
13.6 Key Terms and Review Questions
13.7 References

Chapter 14 Technical Security Management


14.1 Security Architecture
14.2 Malware Protection Activities
14.3 Malware Protection Software
14.4 Identity and Access Management
14.5 Intrusion Detection
14.6 Information Leakage Protection
14.7 Digital Rights Management
14.8 Cryptographic Solutions
14.9 Cryptographic Key Management
14.10 Public Key Infrastructure
14.11 Supply Chain Best Practices
14.12 Key Terms and Review Questions
14.13 References

Chapter 15 Threat and Incident Management


15.1 Technical Vulnerability Management
15.2 Security Event Logging
15.3 Security Event Management
15.4 Threat Intelligence
15.5 Cyber Attack Protection
15.6 Security Incident Management Framework
15.7 Security Incident Management Process
15.8 Emergency Fixes
15.9 Forensic Investigations
15.10 Threat and Incident Management Best Practices
15.11 Key Terms and Review Questions
15.12 References

Chapter 16 Local Environment Management


16.1 Local Environment Security
16.2 Physical Security
16.3 Local Environment Management Best Practices
16.4 Key Terms and Review Questions
16.5 References

Chapter 17 Business Continuity


17.1 Business Continuity Concepts
17.2 Business Continuity Program
17.3 Business Continuity Readiness
17.4 Business Continuity Operations
17.5 Business Continuity Best Practices
17.6 Key Terms and Review Questions
17.7 References

PART THREE SECURITY ASSESSMENT


Chapter 18 Security Monitoring and Improvement
18.1 Security Audit
18.2 Security Performance
18.3 Security Monitoring and Improvement Best Practices
18.4 Key Terms and Review Questions
18.5 References

Glossary

References

You might also like