Muutke küpsiste eelistusi

Business Recovery and Continuity in a Mega Disaster: Cybersecurity Lessons Learned from the COVID-19 Pandemic [Pehme köide]

(Apollo Biometrics, Inc., Chicago, Illinois, USA)
  • Formaat: Paperback / softback, 214 pages, kõrgus x laius: 234x156 mm, kaal: 380 g, 3 Line drawings, black and white; 3 Illustrations, black and white
  • Ilmumisaeg: 21-Apr-2022
  • Kirjastus: CRC Press
  • ISBN-10: 0367685736
  • ISBN-13: 9780367685737
Teised raamatud teemal:
Business Recovery and Continuity in a Mega Disaster: Cybersecurity Lessons Learned from the COVID-19 PandemicSuurem pilt
  • Formaat: Paperback / softback, 214 pages, kõrgus x laius: 234x156 mm, kaal: 380 g, 3 Line drawings, black and white; 3 Illustrations, black and white
  • Ilmumisaeg: 21-Apr-2022
  • Kirjastus: CRC Press
  • ISBN-10: 0367685736
  • ISBN-13: 9780367685737
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780367685737.html
Märksõnad:
The COVID-19 pandemic has had so many unprecedented consequences. The great global shift from office work to remote work is one such consequence, with which many information security professionals are struggling. Office workers have been hastily given equipment that has not been properly secured or must use personal devices to perform office work. The proliferation of videoconferencing has brought about new types of cyber-attacks. When the pandemic struck, many organizations found they had no, or old and unworkable, business continuity and disaster recovery plans.

Business Recovery and Continuity in a Mega Disaster: Cybersecurity Lessons Learned from the COVID-19 Pandemic reviews the COVID-19 pandemic and related information security issues. It then develops a series of lessons learned from this reviews and explains how organizations can prepare for the next global mega disaster. The following presents some of the key lessons learned:





The lack of vetting for third party suppliers and vendors The lack of controls surrounding data privacy, especially as it relates to the personal identifiable information (PPI) data sets The intermingling of home and corporate networks The lack of a secure remote workforce The emergence of supply chain attacks (e.g., Solar Winds)

To address the issues raised in these lessons learned, CISOs and their security teams must have tools and methodologies in place to address the following:





The need for incident response, disaster recovery, and business continuity plans The need for effective penetration testing The importance of threat hunting The need for endpoint security The need to use the SOAR model The importance of a zero-trust framework

This book provides practical coverage of these topics to prepare information security professionals for any type of future disaster.

The COVID-19 pandemic has changed the entire world to unprecedented and previously unimaginable levels. Many businesses, especially in the United States, were completely caught off guard, and they had no concrete plans put into place, from a cybersecurity standpoint, for how to deal with this mega disaster. This how-to book fully prepares CIOs, CISOs, and their teams for the next disaster, whether natural or manmade, with the various lessons that have been learned thus far from the COVID-19 pandemic.
Acknowledgments xiii
Author xv
1 Introduction
1(34)
Introduction
1(6)
The Molecular Biology of the COVID-19 Virus
7(1)
The Background
7(1)
The Key Regions Found in the Novel Corona Virus
8(2)
The Physiochemical Characteristics of the ORFlab Polyprotein
10(4)
Special Interest in the Region 4406-5900 of the ORFlab Polyprotein of the Novel COVID-19 Virus
14(1)
The Specialized Study of the Structural Component of the Genomic Region 4406-5900
14(1)
Three-Dimensional Predictions of the Genomic Region 4406-5900
15(1)
An Analysis of the Novel COVID-19 Virus and the SARS Corona Virus Spike Proteins
16(2)
Determining the Chemicals for a Vaccine Based upon the Comparison Level of the RNA Polymerase of the Novel COVID-19 Virus
18(2)
Chemicals
20(1)
Remdesivir
20(1)
Guanosine Triphosphate
20(1)
Uridine Triphosphate
20(1)
IDX-184
20(1)
Sofosbuvir
21(1)
Ribavirin
21(1)
The Results of the Docking Studies
21(1)
Determining the Criterion for an Effective Booster Vaccine
22(1)
A Comparison of the ORFlab Polyprotein against the Human Proteome
22(1)
A Closer Examination of the Antigenic Regions
23(1)
A Review of the EMBOSS ANTIGENIC Technique and Its Results
23(2)
Other Possible Treatments for the Novel COVID-19 Virus
25(1)
Zingiber officinale
26(1)
Allium sativum
26(1)
Tinospora cordifolia
27(1)
Ocimum tenuiflorum, Tulsi, and Withania somnifera, Ashwagandha
27(1)
The Use of Plasma
28(1)
The Development of Testing Kits
29(4)
Reference
33(2)
2 The Cyber Lessons That Have Been Learned from COVID-19
35(72)
The Macro Issues
36(1)
The Impacts
36(4)
The Slow Internet Speed
40(1)
How to Make the Most of Your Current Bandwidth
41(2)
The Lack of a Cybersecurity Workforce
43(1)
What Is the Solution???
43(4)
The Poor Performances of the Virtual Private Network
47(1)
The Inherent Weaknesses of the Firewall
47(2)
The Next-Generation Firewall
49(2)
The Lack of Understanding of Cybersecurity Risk
51(1)
What Exactly Is Cyber Risk?
52(1)
The Various Cyber Risk Models
53(2)
How to Share Cyber Risk in Your Company
55(2)
The Lack of Understanding Cyber Resiliency
57(1)
An Example of Cyber Resiliency
58(1)
How the Definition of Cyber Resiliency Was Met
59(1)
What Is the Difference between Cyber Resiliency & Cyber Security?
59(1)
The NIST Special Publication 800-160 Volume 2
60(1)
The Lack of Vetting of External, Third-Party Suppliers
61(1)
The Types of Third-Party Risks
62(1)
How to Manage Third-Party Risks
63(2)
The Importance of Vendor Compliance Management
65(1)
What Is Vendor Compliance?
65(1)
The Components
66(3)
The Lack of Understanding of Data Privacy
69(1)
What Is Data Privacy?
69(1)
Data Privacy versus Data Security
70(1)
The Key Components of Data Privacy
71(1)
The Intermingling of Home and Corporate Networks
72(1)
What Is the SASE?
73(1)
Examples of How SASE Would Be Used
73(2)
The Benefits of Using SASE
75(1)
How to Keep Your IT Security Team Motivated
76(1)
How to Keep Your Team on Their A-Game
77(3)
The Lack of a Secure Remote Workforce
80(1)
The Top Ways to Ensure Cybersecurity
80(3)
The Lack of Security Awareness Training for Employees
83(1)
The Components
83(3)
The Dangers of the Dark Web
86(1)
What Is the Dark Web?
86(1)
The Deep Web
86(2)
The Dark Web
88(2)
How to Access the Dark Web
90(1)
How the Whole Process Works
91(1)
The Challenges for Law Enforcement
92(2)
What Is Actually Down There
94(1)
The Other Search Engines
94(1)
The Available Resources Worth Taking a Look at
95(2)
The Communication Services
97(1)
The Difficulties That Law Enforcement Has on the Dark Web
98(2)
The Emergence of Supply Chain Attacks - Solar Winds
100(1)
How IT Was All Triggered
100(3)
What Has Been Learned?
103(2)
References
105(2)
3 How to Prepare for the Next Pandemic
107(90)
Introduction
107(1)
The Need for an Incident Response Plan
108(1)
The Incident Response Plan
109(2)
The Risks and the Needs Associated Going Offline
111(2)
The Benefits and the Needs for Fast Time to Detect and Time to Respond Periods
113(3)
The Importance of Communications in Incident Response
116(3)
The Incident Response Communications (Crisis Communications) Plan
119(4)
How to Report a Security Incident to Internal Stakeholders
123(2)
How to Report a Security Incident to External Stakeholders
125(2)
The Need for a Disaster Recovery Plan
127(2)
The Definition of a Disaster Recovery Plan
129(1)
The Categories of Disaster
130(1)
The Benefits of a Disaster Recovery Plan
131(2)
The Types of Disaster Recovery Plans
133(2)
The Components of a Disaster Recovery Plan
135(3)
The Need for a Business Continuity Plan
138(1)
The Alarming Statistics of the Lack of Proper BC Planning
139(1)
The Components That Go into a Business Continuity Plan
140(7)
The Need for Effective Penetration Testing
147(1)
The Red Team
148(1)
The Blue Team
149(2)
The Purple Team
151(2)
The Different Types of Penetration Testing
153(1)
The External Penetration Test
153(1)
What Is It?
153(1)
The Stages of External Penetration Testing
154(2)
What Is Web Application Testing?
156(1)
The Components of Web App Penetration Testing
157(3)
Understanding the Importance of the VAPT
160(1)
The Components
160(1)
The Causes for the Vulnerabilities to Exist
161(1)
The Types of Vulnerability Testing
162(1)
Dark Web Monitoring
163(1)
What Is the Dark Web?
163(1)
The Importance and Benefits of It
164(1)
The Benefits
165(1)
The Differences between a Vulnerability Assessment and a Penetration Test
166(1)
Breaking Down What Vulnerability Scanning and Penetration Testing Are
167(1)
Vulnerability Assessments
167(1)
Penetration Testing
168(2)
Key Takeaways
170(1)
The Importance of Threat Hunting
171(1)
What Is Threat Hunting?
171(1)
A Formal Definition of Proactive Threat Hunting
172(3)
The Process of Proactive Threat Hunting and Its Components
175(1)
The Need for Endpoint Security
176(1)
The Importance for Endpoint Security
177(1)
The Best Practices
177(4)
The Need for the SOAR Methodology
181(1)
What Is SOAR All About?
182(1)
A Deep Dive into SOAR
183(1)
The Strategic Benefits of SOAR
184(1)
The Need for the Use of the SIEM
185(1)
The SIEM
186(1)
The Security Stack
186(1)
How a SIEM Works
187(1)
The Functionalities of a SIEM
188(1)
The Zero Trust Framework
188(1)
What Exactly Is Zero Trust?
189(1)
How to Implement the Zero Trust Framework
190(2)
The Advantages
192(2)
References
194(3)
4 Conclusions
197(4)
Index 201
Ravi Das is a Business Development Specialist for The AST Cybersecurity Group, Inc., a leading Cybersecurity content firm located in the Greater Chicago area, and Technosoft Cyber, LLC, a consultancy devoted to offering Cybersecurity services to the Small and Medium sized business sector. Ravi holds a Master of Science of Degree in Agribusiness Economics (Thesis in International Trade), and Master of Business Administration in Management Information Systems.

He has authored 8 books, with one more upcoming on how to create and launch a Cybersecurity Consultancy.