This book demonstrates how information security requires a deep understanding of organizations assets, threats, and processes, combined with security measures that can best protect their information security. In today’s digital world, a rigorous security approach is central to defend organizations digital systems, networks, and infrastructure resources from malicious threat incidents. Thus, the book demonstrates how information security requires a deep understanding of organizations assets, threats, and processes, combined with security measures that can best protect their information security. It provides step-by-step guidance on how to analyze organizational processes from a security perspective, while also introducing international security concepts and techniques with their requirements designing security strategies. Hence, this interdisciplinary book is intended for business and technology audiences as a professional book in the context of security trends, principles, methods, techniques, applications and best practices to help the reader mastering the material required defending against malicious threat risk incidents.
Organizations must first understand the particular threats that an organization may be prone to, including different types of security attacks, social engineering, and fraud incidents, as well as addressing applicable regulation standards. This international edition covers relevant international security standards for business application sectors and provide security controls and security planning. Security planning includes information security, network and physical security, incident response and metrics, to achieve business continuity, which include data privacy, cloud security, zero trust, secure software requirements and lifecycle, security by design and default, and artificial intelligence in security. To deal with this complexity this book includes a section on security maturity maturity level analysis.
This book targets professionals in business, IT, security, software development or security risk analysis as a reference book and advanced-level computer science students as a secondary textbook, to develop an own security plan. This book also enables computer science, information technology, or business students to implement a case study or a best practice example or a strategic security planning for an application domain of their choosing.
Introduction.
Chapter 1 Digitalization and Cybersecurity.- 1.1
Digitalization in Digital Transformation.- 1.2 Challenges in Digital
Transformation.- 1.3 Cybersecurity.- 1.3.1 Cybersecurity Situational
Awareness.- 1.3.2 Cybersecurity Risk Assessment.- 1.3.3 Cybersecurity
Risk-Management.- 1.3.3.1 Cybersecurity Maturity Level Model.- 1.4 OT
Security.- 1.5 CIA Triad.- 1.5.1 Linking CIA Triad Principles to NIST
Incident Response Lifecycle.- 1.6 Cybersecurity is still Paramount.- 1.7
Exercises.- 1.8 References.
Chapter 2 Network and Information Security
NIS2.- 2.1 Network and Information Security (NIS2).- 2.2
Chapter I General
Provisions (Articles 1-6).- 2.3
Chapter II Coordinated Cybersecurity
Frameworks (Articles 7-13).- 2.4
Chapter III Cooperation at EU and
International Level (Articles 14-19).- 2.5
Chapter IV Cybersecurity
Risk-Management Measures and Reporting Obligations (Articles 20-25).- 2.6
Chapter VI Jurisdiction and Registration (Articles 26-28).- 2.7
Chapter VI
Information Sharing (Articles 29-30).- 2.8
Chapter VII Supervision and
Enforcement (Articles 31-37).- 2.9
Chapter VIII Delegated and Implementation
Acts (Articles 38-39).- 2.10
Chapter IX Final Provisions (Articles 40-42).-
2.11 Annexes.- 2.12 Exercises.- 2.13 References.
Chapter 3 Application
Domain Cybersecurity Activities.- 3.1 Risk-Management and Effectiveness
Assessment of Risk-Management Measures.- 3.1.1 Risk Identification and
Documentation.- 3.1.2 Risk Quantification and Documentation.- 3.1.3 Risk
Assessment and Documentation.- 3.1.4 Cybersecurity and Data Risk-Management
Approach.- 3.1.5 Contingency Planning as part of Risk-Governance.- 3.2
Cybersecurity Frameworks and Criteria.- 3.2.1 NIST Cybersecurity Framework
(NIST CSF).- 3.2.1.1 NIST CSF Core Functions.- 3.2.1.2 NIST CSF Profiles.-
3.2.1.3 NIST CSF Tiers.- 3.2.3 MITRE ATT & CK.- 3.2.3.1 MITRE ATT & CK
Model.- 3.2.4 CIS Critical Security Controls.- 3.2.5 ISO/IEC 27 K.- 3.2.6
Difference between NIS CSF and ISO/IEC 27K.- 3.2.7 Maturity Models after ISO
9004:2008/2015.- 3.3 Cybersecurity Maturity Model (CMM, CMMI): A Behavior and
Process Model.- 3.3.1 Classification of Capability- and Maturity Models.- 3.4
Exercises.- 3.5 References.
Chapter 4 Application Domain Network and
Information Security.- 4.1 Network and Information Security (NIS2).- 4.2
Compliance and Regulatory Pressure.- 4.3 Liability.- 4.4 NIS2 Article 21.2.-
4.4.1 Mandatory Cybersecurity Measures.- 4.4.2 Standards in Cybersecurity
Risk-Management.- 4.5 Preparing for NIS2.- 4.6 Business Continuity Plan
(BCP).- 4.6.1 BCP Component Risk and Impact Analysis.- 4.6.2 BCP Component
Recovery Schedule.- 4.6.2.1 Recovery Point Objective (RPO).- 4.6.2.2 Recovery
Time Objective (RTO).- 4.6.2.3 Maximum Tolerable Downtime (MtD).- 4.7
Emergency Communication Plan (ECOP).- 4.7.1 Important to do´s for ECOP A
Cookbook.- 4.7.2 ECOP Topics BCM, RPO, RTO, MtD.- 4.7.3 Summarizing ECOP
Action Needs.- 4.8 Exercises.- 4.9 References.
Chapter 5 EU Network and
Information Security Directive (NIS2).- Conclustions.
Dietmar P. F. Möller, is a retired full professor of the University of Hamburg (UHH), Germany, and the Clausthal University of Technology (TUC), Germany, and an Adjunct Professor of the University of Nebraska-Lincoln (UNL), U.S.A. He was an author of several other Springer book titles, including Guide to Cybersecurity in Digital Transformation Trends, Methods, Technologies, Applications and Best Practices.
Lisainfo e-raamatute kohta