Resilient Cybersecurity 1st Edition by Mark Dunkerley ISBN 1835462510 9781835462515 by Mark Dunkerley instant download after payment.
Resilient Cybersecurity 1st Edition by Mark Dunkerley - Ebook PDF Instant Download/Delivery: 1835462510, 9781835462515
Full download Resilient Cybersecurity 1st Edition after payment
Product details:
ISBN 10: 1835462510
ISBN 13: 9781835462515
Author: Mark Dunkerley
Build a robust cybersecurity program that adapts to the constantly evolving threat landscape
Key Features
Gain a deep understanding of the current state of cybersecurity, including insights into the latest threats such as Ransomware and AI
Lay the foundation of your cybersecurity program with a comprehensive approach allowing for continuous maturity
Equip yourself and your organizations with the knowledge and strategies to build and manage effective cybersecurity strategies
Book Description
Building a Comprehensive Cybersecurity Program addresses the current challenges and knowledge gaps in cybersecurity, empowering individuals and organizations to navigate the digital landscape securely and effectively. Readers will gain insights into the current state of the cybersecurity landscape, understanding the evolving threats and the challenges posed by skill shortages in the field. This book emphasizes the importance of prioritizing well-being within the cybersecurity profession, addressing a concern often overlooked in the industry. You will construct a cybersecurity program that encompasses architecture, identity and access management, security operations, vulnerability management, vendor risk management, and cybersecurity awareness. It dives deep into managing Operational Technology (OT) and the Internet of Things (IoT), equipping readers with the knowledge and strategies to secure these critical areas. You will also explore the critical components of governance, risk, and compliance (GRC) within cybersecurity programs, focusing on the oversight and management of these functions. This book provides practical insights, strategies, and knowledge to help organizations build and enhance their cybersecurity programs, ultimately safeguarding against evolving threats in today's digital landscape.
What you will learn
Build and define a cybersecurity program foundation
Discover the importance of why an architecture program is needed within cybersecurity
Learn the importance of Zero Trust Architecture
Learn what modern identity is and how to achieve it
Review of the importance of why a Governance program is needed
Build a comprehensive user awareness, training, and testing program for your users
Review what is involved in a mature Security Operations Center
Gain a thorough understanding of everything involved with regulatory and compliance
Who this book is for
This book is geared towards the top leaders within an organization, C-Level, CISO, and Directors who run the cybersecurity program as well as management, architects, engineers and analysts who help run a cybersecurity program. Basic knowledge of Cybersecurity and its concepts will be helpful.
Resilient Cybersecurity 1st Table of contents:
- Who this book is for
- What this book covers
- To get the most out of this book
- Get in touch
- Current State
- An Evolving Digital World
- Increasing Reliance on Technology
- Digital Transformation
- The Evolving Landscape of Cybersecurity
- The Current Threat Landscape
- Common Cyber Threat Actors
- Types of Cyberattacks
- Ransomware in More Detail
- Other Types of Attacks
- Supply Chain Challenges
- Impact on Organizations
- Special Considerations for OT and IoT
- Emerging Threats – AI and Beyond
- The Importance of Statistics
- Key Reports and Findings
- IBM’s Cost of a Data Breach Report
- Verizon Data Breach Investigation Report (DBIR)
- CISO Perspectives and Challenges
- Federal Bureau of Investigation Internet Crime Report
- Additional Resources and Staying Updated
- Breaches Continue to Rise
- Identity Theft Resource Center (ITRC)
- Wikipedia’s List of Data Breaches
- Consumer Impact and Awareness
- Assumption of Compromise and Defensive Measures
- Skillset Challenges
- Common Cybersecurity Roles
- Obsolete, Persistent, and Emerging Roles in Cybersecurity
- High-Level Cybersecurity Organization Structure
- Shortage of Cybersecurity Expertise
- ICS2 2023 Cybersecurity Workforce Study
- National Cyber Workforce and Education Strategy (NCWES)
- Addressing the Talent Gap with Outsourcing
- Retaining Top Performers
- Methods of Staying Current
- Challenges in the Hiring Process
- Innovative Hiring Practices
- Changing the Negative Perception of Cybersecurity
- Encouraging Collaboration and Mentorship
- Prioritizing Well-Being
- Data on Well-Being and Burnout
- Statistics on Mental Health in Cybersecurity
- Strategies for Promoting Well-Being
- Strategies for Individuals and Leaders
- Summary
- Join our community on Discord!
- Setting the Foundations
- Learn the Business
- Understanding the Business Environment
- Embracing Organizational Principles and Culture
- Business Relationships
- Navigating the Business
- Everything Is About Risk
- What about Finances?
- Building Blocks for Your Cybersecurity Program
- Cybersecurity Architecture
- Identity and Access Management
- Cybersecurity Operations
- Vulnerability Management
- Cybersecurity Awareness, Training, and Testing
- Vendor Risk Management
- Proactive Services
- Operations Technology (OT) and the Internet of Things (IoT)
- Governance, Risk, and Compliance (GRC)
- The Cyber Mindmap
- Defining the Cybersecurity Organization
- Roles and Responsibilities
- Outsourcing
- Change Management
- Communications
- Summary
- Building Your Roadmap
- The Importance of a Roadmap
- Program and Project Management
- Assessing the Current State
- Learning the Business
- Non-Technical Assessment
- Technical Assessment
- Bringing It Together
- Immediate Short-Term Impact (2–4 Months)
- Continue To Learn The Business And Assess The Current Risk
- Define the Strategy
- Build your desired Organizational Structure
- Select a Framework and Architecture
- Identity and Access Management Fundamentals
- Penetration Testing
- Look to implement 24/7/365 Security Monitoring
- Visibility of Assets
- Vulnerability Scanning
- User Awareness, Training, and Testing
- Cybersecurity Insurance
- Risk Register
- Email Security Review and Hardening
- Patching Cadence Review and Improvements
- Is there any Operational Technology (OT) or Internet of Things (IoT) to be reviewed?
- Short-Term Impact (5–12 Months)
- Rolled-over Items from the 2–4 Months Roadmap
- Assessments, Audits and Certifications
- Policy Reviews and User Acceptance
- Data Loss Prevention and Information Protection
- Business Continuity Planning, Disaster Recovery Panning and the Cybersecurity Incident Response Plan
- Tabletop Exercises
- Current Cybersecurity Portfolio Review
- Cybersecurity Program and Modernization
- Vendor Risk Management Review
- Application and Web Testing, including a SecDevOps Review
- Integrate with the Architecture Review Process
- Reporting Out
- Long-Term Impact (1–3+ Years)
- Rolled-over Items from the 5–12 Months Roadmap
- Formalize and Mature the GRC Program
- Mature User Awareness, Training, and Testing
- Identity and Access Management (IAM) Enhancement
- Mature Vulnerability Management
- Mature Vendor Risk Management
- Mature Security Operations
- Ongoing Assessments, Audits, and Certificates
- Focus on Proactive Services
- Ongoing Cybersecurity Portfolio Review and Modernization
- OT and IoT Program Maturity
- Continuous Improvement
- Summary
- Join our community on Discord!
- Solidifying Your Strategy
- The Importance of a Strategy
- What is your Architecture Strategy?
- Architecture Roles
- Alignment with Broader Architecture Strategies
- A Comprehensive View
- The Need to Modernize
- Core Components
- Cloud First
- On-Premises Data Center
- Cloud Data Center
- Hybrid Data Center
- Why a Cybersecurity Framework?
- National Institute of Standards and Technology (NIST)
- International Organization for Standardization (ISO)
- Managing your Product and Vendor Portfolio
- Resource Management (In-House versus Outsourcing)
- Summary
- Join our community on Discord!
- Cybersecurity Architecture
- Cybersecurity within Architecture
- Understanding IT Architecture
- Understanding Security Architecture
- Importance of Embedding Cybersecurity within Architecture
- Benefits of Embedding Cybersecurity within Architecture
- Detailed Architecture Review Process
- Required Architecture Diagrams
- Cloud Services Architecture
- Cybersecurity Architecture Documentation
- Architecture Review Process
- The Strategy, Scope, And Goals
- Committees and Teams
- Process Logistics
- Foundation Setup
- Meeting Schedules
- Change Management
- Project Management
- Lifecycle Process
- Intake Process
- A complete Checklist
- Architecture documentation
- Vendor specific documentation
- Your Cybersecurity Architecture Foundation
- Zero-Trust Architecture (ZTA)
- ZTA Models
- CISA Zero Trust Model
- Microsoft Zero Trust Model
- ZTA Pillars
- ZTA Maturity Model
- Technical Architecture
- Following a Baseline
- Building Baseline Controls
- Identity Architecture
- Endpoint architecture
- Endpoint Management and Advanced Protection
- Data architecture
- Data Inventory and Classification
- Data Protection
- Data Governance and Monitoring
- Regulatory and Legal Considerations
- Application Architecture
- Authentication and Access Control
- Update Management
- Infrastructure and Business Continuity
- Advanced Components and Integration
- Application Security and Protection
- Governance of Applications
- Infrastructure architecture
- Infrastructure Protection
- Infrastructure Management
- Infrastructure Security
- Advanced Security Requirements
- Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)
- Network architecture
- Challenges with Network Management
- Network Vulnerabilities
- Network Baselines
- Key Technologies for Network Security
- Network Management
- Collaboration Architecture
- Summary
- Join our community on Discord!
- Identity and Access Management
- Identity and Access Management Overview
- Identification
- Authentication
- Authorization
- Accountability
- Modernizing Your Identity Architecture
- Identity and Access Management Statistics
- Legacy Identity and Access Management
- The Need to Modernize
- Identity and Access Management Modernization Strategy
- Identity and Access Management Modernization Roadmap
- Account and Access Management
- Identity Life Cycle Process
- HR and Identity Management
- Directory Services
- Hybrid Identities
- Cloud Identities
- Group Management and RBAC
- Service Accounts
- External Access
- Privileged Access
- Governance, Reporting, and Auditing
- Securing Your Identities
- Directory Services Protection
- Privileged Access Strategy
- Password Management
- Password Vaulting
- MFA
- Non-User Accounts
- SSO
- Privileged Accounts
- Local Administrative Access
- PAM, PIM, and JIT
- PoLP and JEA
- SoD
- Insider Threats
- Physical Security
- Enhanced Identity Security
- Biometrics
- Phishing-Resistant MFA
- Passwordless
- Conditional-Based Policies
- Risk-Based Protection
- SIEM Integration
- Summary
- Join our community on Discord!
- Cybersecurity Operations
- An Overview of Cybersecurity Operations
- Security Operations Center (SOC)
- Threat Detection
- Incident Management and Response
- Artificial Intelligence (AI)
- Security Operations Center (SOC)
- Cybersecurity Operations Model
- Traditional Security Operations Center (SOC)
- Security Operations Center as a Service (SOCaaS)
- Managed Detection and Response (MDR)
- Managed Security Services Provider (MSSP)
- Hybrid Model
- SOC Organization Structure
- Log Collection, Analysis, and Automation
- Security Information and Event Management (SIEM)
- Security Orchestration, Automation, and Response (SOAR)
- Extended Detection and Response (XDR)
- Processes and SOPs
- SLAs and Key Metrics
- Governance
- Threat Detection
- Asset Management and Visibility
- Digital Asset Monitoring
- Extended Detection and Response (XDR)
- Cloud Access Security Broker (CASB)
- Threat Intelligence
- MITRE ATT&CK
- Threat Hunting
- Incident Management and Response
- Incident Handling and Severity
- Incident Reporting Methods
- Incident Categorization
- Severity Assessment
- Incident Investigation
- Root Cause Analysis (RCA)
- Digital Forensics Incident Response (DFIR)
- SOC Analyst Tools
- Business Continuity Planning (BCP)
- Disaster Recovery Planning (DRP)
- Cybersecurity Incident Response Plan (CIRP)
- Summary
- Join our community on Discord!
- Vulnerability Management
- Managing Your Vulnerability Program
- Building Blocks for Your Program
- Program Management and Governance
- Asset Management
- Vulnerability Discovery and Alerting
- Vulnerability Overview
- Vulnerability Scanning
- External Attack Surface Monitoring
- Vulnerability Alerting
- Vulnerability Management System
- SOC
- Threat Intel
- External Sources
- Vendors
- Other
- Vulnerability Tracking and Remediation
- Tracking Your Vulnerabilities
- Scoring
- Vulnerability Remediation
- Prioritization
- Modernizing Your Program
- Update Management and Email Protection
- Update Deployment
- Windows
- Other OSes
- Browsers
- Applications
- Email Vulnerability Management
- Other Vulnerability Management Considerations
- Hardware Vulnerabilities
- Virtualization Infrastructure
- Network Infrastructure
- Cybersecurity Testing
- Auditing and Assessments
- OT & IoT
- Other Activities
- Summary
- Join our community on Discord!
- User Awareness, Training, and Testing
- Why the Human Element is the Most Important
- Building a User Awareness, Training, and Testing Program
- Security Culture and Maturity
- Defining Your Program
- Ongoing Program Management
- Program Management and Governance
- User Awareness
- Awareness Channels
- Portals
- Email
- Newsletters
- User Awareness, Training, and Testing Platform
- Other Awareness Channels
- Cybersecurity Awareness Month
- Policy Awareness
- User Awareness Content
- Current Trends
- User Training and Testing
- User Training
- Training Schedule
- Training Assignment Groups
- Training Content
- New Hires
- Compromised User
- Role-Based
- User Testing
- Testing Schedule
- Testing Assignment Groups
- Testing Types
- Expanding beyond the Traditional Channels of Awareness
- Personal Awareness
- Real-Life Examples
- Consumer Statistics
- Personal Protection
- External Speakers
- Rewards and Recognition
- Gamification
- Quarterly Cybersecurity Town Halls
- Cybersecurity Awareness Week
- Cybersecurity Champions
- Branding
- Mentoring and Development
- Summary
- Join our community on Discord!
- Vendor Risk Management
- Understanding Vendor Risk Management
- Types of Risk
- Vendor Lifecycle Management
- Current Landscape
- Cybersecurity Risk
- Supply Chain Risk
- Hardware Compatibility and Certification
- Developing a Cybersecurity Vendor Risk Management Program
- Policy and Procedures
- Roles and Responsibilities
- Vendor Management
- Cybersecurity Vendor Risk Scoring
- Questionnaires
- Tiering Vendors
- Requirements
- Information Collection
- Cybersecurity Questionnaire
- Third-Party Audit Report
- Third-Party Testing Results
- Information Security Management Program Documents
- Business Continuity Planning (BCP), Cybersecurity Incident Response Plan (CIRP), & Disaster Recovery (DR) Plans
- Other Supporting Audit, Risk, and Security Documentation
- Cybersecurity Vendor Risk Rating Platform Detailed Report
- Risk Management
- Governance and Reporting
- Integrating a Process Across the Business
- Review Process
- Escalation Process
- Cybersecurity Incident Process
- Training
- Contract Management
- Managing Your Contracts
- Types of Contracts
- Insurance Requirements
- Managing Your Vendors and Ongoing Monitoring
- Continuous Monitoring
- Annual Reviews
- Business Continuity Planning (BCP)
- Summary
- Join our community on Discord!
- Proactive Services
- Why Proactive Services?
- Cybersecurity Testing
- Types of Testing
- Penetration Testing
- Executing a Penetration Test
- Rules of Engagement
- Reviewing the Findings
- Application Testing
- Physical Security Testing
- Other Testing Activities
- Incident Response Planning
- Building an Incident Response Plan
- Introduction
- Purpose and Scope
- Roles and Responsibilities
- Communications
- Incident Response and Recovery Process
- Lessons Learned
- Appendix
- Playbooks
- Tabletop Exercises
- What Is a Tabletop Exercise?
- Planning a Tabletop Exercise
- Executing a Tabletop Exercise
- Final Report and Remediation
- Other Proactive Services
- Threat Briefs
- Threat Hunts
- Incident Response Training
- Disclosure Programs
- Ransomware Best Practices
- Other
- Summary
- Join our community on Discord!
- Operational Technology and the Internet of Things
- What Are OT and IoT?
- OT
- IoT
- Why Securing This Technology Is So Important
- OT Statistics
- IoT Statistics
- A Dedicated Program
- Governance, Risk, and Compliance
- Cybersecurity Architecture
- Identity and Access Management
- Cybersecurity Operations
- Cybersecurity Awareness, Training, and Testing
- Vendor Risk Management
- Vulnerability Management
- Proactive Services
- Protecting OT and IoT Environments
- OT Malware
- MITRE ATT&CK
- ICS Advisories
- Best Practices
- Responding to OT and IoT Cybersecurity Incidents
- BCP and DRP
- Incident Response Plan
- Tabletop Exercises
- Summary
- Join our community on Discord!
- Governance Oversight
- The Importance of Program Governance
- Program Structure and Governance
People also search for Resilient Cybersecurity 1st:
discuss the importance of a resilient cybersecurity posture
resilient cybersecurity pdf
resilient cybersecurity mark dunkerley
resilient cybersecurity packt
resilient cybersecurity book
cybersecurity and cyber resilient supply chains
Tags: Mark Dunkerley, Resilient, Cybersecurity
