更新时间:2021-07-02 21:56:38
封面
版权信息
Credits
About the Author
About the Reviewers
www.PacktPub.com
Why subscribe?
Customer Feedback
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
Information and Data Security Fundamentals
Information security challenges
Evolution of cybercrime
The modern role of information security
IT security engineering
Information assurance
The CIA triad
Organizational information security assessment
Risk management
Information security standards
Policies
Training
Key components of an effective training and awareness program
Summary
Defining the Threat Landscape
What is important to your organization and who wants it?
Compliance
Hackers and hacking
Black hat hacker
White hat or ethical hacker
Blue hat hacker
Grey hat hacker
Penetration testing
Hacktivist
Script kiddie
Nation state
Cybercrime
Methods used by the attacker
Exploits
Hacker techniques
Methods of conducting training and awareness
Closing information system vulnerabilities
Vulnerability management
The case for vulnerability management
Preparing for Information and Data Security
Establishing an information security program
Don't start from scratch use a framework
Security program success factors
Executive or board support
Supporting the organization's mission
Rightsizing information security for the organization
Security awareness and training program
Information security built into SDLC
Information security program maturity
Information security policies
Information security program policy
Operational policy
System-specific policy
Standards
Procedures
Guidelines
Recommended operational policies
Planning policy
Access control policy
Awareness and training policy
Auditing and accountability policy
Configuration management policy
Contingency planning policy
Identification and authentication policy
Incident response policy
Maintenance policy
Media protection policy
Personnel security policy
Physical and environmental protection policy
Risk assessment policy
Security assessment policy
System and communications protection policy
System and information integrity policy
Systems and services acquisitions policy
Information Security Risk Management
What is risk?
Who owns organizational risk?
Risk ownership
What is risk management?
Where is your valuable data?
What does my organization have that is worth protecting?
Intellectual property trade secrets
Personally Identifiable Information – PII
Personal Health Information – PHI
