내용 |
Intro; TITLE PAGE; TABLE OF CONTENTS; FOREWORD; PREFACE; Something Completely Different; ABOUT THE AUTHOR; ACKNOWLEDGMENTS; CHAPTER 1: Understanding Risk; How Much Is It Worth to You?; Risk! Not Just a Board Game; CHAPTER 2: Everything You Always Wanted to Know About Tech (But Were Afraid to Ask Your Kids); In the Beginning ... ; Key Definitions; Note; CHAPTER 3: A Cybersecurity Primer; Cybersecurity Defined; The Meaning of Security; Measuring Cybersecurity's Success; Deter, Identify, Protect, Detect, Respond; Cybersecurity Controls and Defense in Depth; Defense in Depth; The Threats.
Threat Agents; Key Trends Influencing Threat Agents; The Nature of Hackers; Attack Process; Types of Attacks; A Brief Cyberglossary of Terms; CHAPTER 4: Management, Governance, and Alignment; Why Governance Matters; Strategy, Steering, and Standards; Critical Success Factors; CHAPTER 5: Your Cybersecurity Program: A High-Level Overview; Vision and Mission Statements; Culture and Strategy; Off to See the Wizard; What's at Risk?; Threat Assessment; At the Club House Turn!; Mitigating Risk; Incident-Response Planning; CHAPTER 6: Assets; Asset Classification; Asset Metadata.
Business-Impact Analysis; One Spreadsheet to Rule Them All; CHAPTER 7: Threats; Types of Threats; Threat Rankings; Threat Intelligence; Threat Modeling; CHAPTER 8: Vulnerabilities; Who Is Who in Vulnerabilities Tracking; Zero-Day Exploits; Vulnerabilities Mapping; Vulnerability Testing; Prioritizing Vulnerability Remediation; CHAPTER 9: Environments; On-Premises (Onsite) Computing Environments; Private-Cloud Computing Environments; Public-Cloud Computing Environments; Hybrid-Cloud Computing Environments; The Internet of Things (IoT); Distributed Workforces; CHAPTER 10: Controls.
Preventative Controls; Detective Controls; Corrective Controls; Compensatory Controls; Defense in Depth; People, Technology, and Operations; Communications; Policies, Standards, Procedures, and Guidelines; Regulatory Compliance: The European Example; Pulling It All Together; CHAPTER 11: Incident-Response Planning; Incident-Response Planning: Not Just a Good Idea-It's the Law!; Incident-Response Plan Phases; Preparing Your Incident-Response Plan; Identifying Incidents; Containing Incidents; Treating Incidents; Incident Recovery; Post-Incident Review; Do It All Over Again!; CHAPTER 12: People.
What's in It for Me?; Attitude Adjustment!; The Right Message, Delivered the Right Way; Cybersecurity-Awareness Training; CHAPTER 13: Living Cybersecure!; General Data Protection Regulation (GDPR), Privacy, and Regulators; Artificial Intelligence and Machine Learning; Blockchain; Quantum Computing; BIBLIOGRAPHY; APPENDIX: Clear and Present Danger; INDEX; END USER LICENSE AGREEMENT.
|