Muutke küpsiste eelistusi

E-raamat: A Guide to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0)

4.50/5 (4 hinnangut Goodreads-ist)
(International Cyber Security Education Coalition/MCISSE, Belleville, Michigan, USA), (Lawrence Technological University, USA), (Oakland Community College, USA)
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 58,49 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
A Guide to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0)Suurem pilt
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

A Guide to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0) presents a comprehensive discussion of the tasks, knowledge, skill, and ability (KSA) requirements of the NICE Cybersecurity Workforce Framework 2.0. It discusses in detail the relationship between the NICE framework and the NISTs cybersecurity framework (CSF), showing how the NICE model specifies what the particular specialty areas of the workforce should be doing in order to ensure that the CSFs identification, protection, defense, response, or recovery functions are being carried out properly.

The authors construct a detailed picture of the proper organization and conduct of a strategic infrastructure security operation, describing how these two frameworks provide an explicit definition of the field of cybersecurity. The book is unique in that it is based on well-accepted standard recommendations rather than presumed expertise. It is the first book to align with and explain the requirements of a national-level initiative to standardize the study of information security. Moreover, it contains knowledge elements that represent the first fully validated and authoritative body of knowledge (BOK) in cybersecurity.

The book is divided into two parts: The first part is comprised of three chapters that give you a comprehensive understanding of the structure and intent of the NICE model, its various elements, and their detailed contents. The second part contains seven chapters that introduce you to each knowledge area individually. Together, these parts help you build a comprehensive understanding of how to organize and execute a cybersecurity workforce definition using standard best practice.
Foreword xv
Preface xvii
Acknowledgments xxiii
Section I Cybersecurity: Defining Competencies For The Cybersecurity Workforce And Two Frameworks
1 Introduction: Defining the Cybersecurity Workforce
3(48)
Chapter Objectives
3(1)
Cybersecurity: Failure Is Not an Option
3(1)
Six Blind Men and an Elephant
4(1)
Cybersecurity: An Emerging Field
5(2)
Two Common Sense Factors That Make Cybersecurity Different
7(1)
Instilling Order in a Virtual World
8(2)
Combining Effort with Intent in Order to Get a Complete Solution
10(1)
Cybersecurity: Finding the Right Set of Activities
11(2)
Changing Times, Changing Players: The Stakes Get Higher
13(1)
Definitive Step to Ensure Best Practice in Cybersecurity
14(1)
National Initiative for Cybersecurity Education Initiative
15(1)
National Cybersecurity Workforce Framework (v2.0)
16(4)
Knowledge Area 1: Securely Provision
20(4)
Knowledge Area 2: Operate and Maintain
24(4)
Knowledge Area 3: Protect and Defend
28(3)
Knowledge Area 4: Investigate
31(3)
Knowledge Area 5: Collect and Operate
34(3)
Knowledge Area 6: Analyze
37(3)
Knowledge Area 7: Oversee and Govern
40(4)
Chapter Summary
44(4)
Key Concepts
48(1)
Key Terms
48(1)
References
49(2)
2 Creating Standard Competencies for Cybersecurity Work
51(56)
Chapter Objectives
51(1)
The NICE Workforce Model
51(3)
Structure and Intent of the NICE Workforce Framework
54(3)
The NICE Framework Listing of Tasks for Each Specialty Area
57(1)
Knowledge Area 1: Securely Provision
57(9)
Knowledge Area 2: Operate and Maintain
66(4)
Knowledge Area 3: Protect and Defend
70(4)
Knowledge Area 4: Investigate
74(3)
Knowledge Area 5: Collect and Operate
77(1)
Knowledge Area 6: Analyze
78(1)
Knowledge Area 7: Oversee and Govern
79(7)
Implementing the Framework in Practice
86(2)
Adapting the NICE Framework to an Organization
88(2)
Planning: Converting Theory into Practice
90(2)
Mapping the NICE Specialty Areas to Business Purposes
92(2)
Deciding on Which Specialty Area to Employ in a Concrete Solution
94(2)
Tailoring a Solution from the Concept
96(2)
Tailoring Specialty Area Tasks to Specific Application
98(2)
Three Factors That Ensure Proper Application of the Model
100(2)
Context
100(1)
Scope
101(1)
Availability of Resources
102(1)
Chapter Summary
102(2)
Key Terms
104(2)
References
106(1)
3 Implementing Standard Cybersecurity
107(28)
Chapter Objectives
107(1)
Why It Is Difficult to Protect Our Critical Information Infrastructure
107(3)
Background: A System of Best Practices
110(1)
Distinction between This and Other Standards
110(2)
Benefits
112(1)
Relationship between the CSF and the NICE Framework
112(2)
Standard Practice Approach to Implementation
114(1)
Overview of the NIST Framework for Improving Critical Infrastructure Cybersecurity
115(3)
Benefits of Adopting the Cybersecurity Framework
118(1)
The Cybersecurity Framework Core
118(6)
Functions
119(1)
Categories
120(1)
Subcategories
120(1)
Information Resources
120(4)
The Cybersecurity Framework Implementation Tiers
124(2)
The Framework Profile
126(1)
The Cybersecurity Framework Is Descriptive and Not Prescriptive
127(2)
Structure of the Book's Presentation of the NICE and Cybersecurity Framework
129(1)
Chapter Summary
130(1)
Key Terms
131(1)
References
131(4)
Section II The Nice Cybersecurity Workforce Framework And How It Maps To The CFS Framework
4 Securely Provision
135(86)
Chapter Objectives
135(1)
Securely Provision Category Overview
136(1)
Specialty Area 1: Secure Acquisition
137(7)
Supply Chain Risk Management Implications
140(1)
Factoring Secure Acquisition Workforce Tasks into the Cybersecurity Framework Functions
141(1)
Underlying Knowledge, Skill, and Ability Requirements for Secure Acquisition
142(2)
Specialty Area 2: Secure Software Engineering
144(17)
Construction
146(2)
Verification
148(1)
Deployment
149(2)
Factoring Secure Software Engineering Workforce Tasks into the Cybersecurity Framework Functions
151(4)
Identify/Asset Management
151(1)
Identify/Business Environment
151(3)
Identify/Governance
154(1)
Identify/Risk Assessment
154(1)
Protect
154(1)
Underlying Knowledge, Skill, and Ability Requirements for Secure Software Engineering
155(6)
Specialty Area 3: Systems Security Architecture
161(7)
Contextual Security Architecture
163(1)
Conceptual Security Architecture
164(1)
Logical Security Architecture
165(1)
Physical Security Architecture
166(1)
Factoring Systems Security Architecture Workforce Tasks into the Cybersecurity Framework Functions
167(1)
Underlying Knowledge, Skill, and Ability Requirements for Systems Security Architecture
168(1)
Specialty Area 4: Technology Research and Development
168(10)
Factoring Technology Research and Development Workforce Tasks into the Cybersecurity Framework Functions
176(2)
Underlying Knowledge, Skill, and Ability Requirements for Technology Research and Development
178(1)
Specialty Area 5: Systems Requirements Planning
178(17)
Stakeholder Requirements Definition
183(1)
System Requirements Analysis
184(1)
Configuration Management
185(1)
Security Control Formulation and Implementation
186(1)
Factoring Systems Requirements Planning Workforce Tasks into the Cybersecurity Framework Functions
187(1)
Underlying Knowledge, Skill, and Ability Requirements for Systems Requirements Planning
188(7)
Specialty Area 6: Test and Evaluation
195(5)
Test Readiness
195(1)
Functional and Security Testing
195(1)
Qualification Testing
196(1)
Factoring Test and Evaluation Workforce Tasks into the Cybersecurity Framework Functions
197(1)
Penetration Testing
197(1)
System Monitoring Tool Testing
198(1)
Underlying Knowledge, Skill, and Ability Requirements for Test and Evaluation
198(2)
Specialty Area 7: Systems Development
200(16)
Risk Assessment
203(1)
Selection and Documentation of Security Controls
204(1)
Security Architecture Design
205(1)
Supporting Document
205(1)
Factoring Systems Development Workforce Tasks into the Cybersecurity Framework Functions
206(1)
Underlying Knowledge, Skill, and Ability Requirements for Systems Development
207(9)
Chapter Summary
216(1)
Key Terms
217(2)
References
219(2)
5 Operate and Maintain
221(52)
Chapter Objectives
221(1)
Operate and Maintain Knowledge Area Overview
222(3)
Specialty Area 1: Data Administration
225(2)
Factoring Data Administration Workforce Tasks into the Cybersecurity Framework Functions
227(2)
Underlying Knowledge, Skill, and Ability Requirements for Data Administration
229(4)
Specialty Area 2: Customer Service and Technical Support
233(1)
Factoring Customer Service and Technical Support Workforce Tasks into the Cybersecurity Framework Functions
234(2)
Identify
236(1)
Protect
236(1)
Underlying Knowledge, Skill, and Ability Requirements for Customer Service and Technical Support
236(1)
Specialty Area 3: Network Services
237(5)
Design
241(1)
Network Technologies
241(1)
Operational Engineering
241(1)
Maintenance and Troubleshooting
241(1)
Embracing the Value of Outsourcing Network Services Tasks
242(1)
Factoring Network Services Workforce Tasks into the Cybersecurity Framework Functions
242(4)
Network Integrity Protection
243(1)
Communication and Control Network Protection
243(2)
Establishment of a Baseline Network Operations and Data Flows
245(1)
Continuous Security Monitoring
246(1)
Underlying Knowledge, Skill, and Ability Requirements for Network Services
246(2)
Specialty Area 4: System Administration
248(6)
Factoring System Administration Workforce Tasks into the Cybersecurity Framework Functions
254(1)
Underlying Knowledge, Skill, and Ability Requirements for System Administration
255(2)
Specialty Area 5: Systems Security Analysis
257(4)
Factoring Systems Security Analysis Workforce Tasks into the Cybersecurity Framework Functions
261(1)
Underlying Knowledge, Skill, and Ability Requirements for Systems Security Analysis
262(3)
Chapter Summary
265(7)
Key Terms
272(1)
References
272(1)
6 Protect and Defend: Description of Standard Roles and KSAs
273(62)
Chapter Objectives
273(1)
Introduction to the Protect and Defend General Knowledge Area
273(1)
Specialty Area 1: Enterprise Network Defense Analysis
274(23)
Factoring Enterprise Network Defense Analysis Workforce Tasks into the Cybersecurity Framework Functions
276(10)
Continuous Monitoring to Protect and Detect
279(2)
Intrusion Detection and Prevention Technologies
281(2)
Intrusion Detection and Protection Methodologies
283(1)
Network Alerts
284(1)
Malware
285(1)
Underlying Knowledge, Skill, and Ability Requirements for Enterprise Network Defense Analysis
286(11)
Ethical Hacking: Hardening Checks and Penetration Testing
295(2)
Technical Tools
297(1)
Specialty Area 2: Incident Response
297(17)
Factoring Incident Response Workforce Tasks into the Cybersecurity Framework Functions
299(10)
Building the Team
302(2)
Incident Response Policy
304(1)
Incident Response Plan
304(1)
Preparing to Handle Incidents
305(1)
Incident Detection and Analysis
306(1)
Incident Documentation
306(1)
Incident Prioritization
307(1)
Incident Notification
307(1)
Containment Strategies
308(1)
Evidence Collection and Retention
308(1)
Information Sharing
309(1)
After-Action Reviews
309(1)
Underlying Knowledge, Skill, and Ability Requirements for Incident Response
310(4)
Specialty Area 3: Enterprise Network Defense Infrastructure Support
314(3)
Factoring Enterprise Network Defense Infrastructure Support Workforce Tasks into the Cybersecurity Framework Functions
314(2)
Underlying Knowledge, Skill, and Ability Requirements for Enterprise Network Defense Infrastructure Support
316(1)
Specialty Area 4: Vulnerability Assessment and Management
317(7)
Factoring Vulnerability Assessment and Management Workforce Tasks into the Cybersecurity Framework Functions
321(2)
Underlying Knowledge, Skill, and Ability Requirements for Vulnerability Assessment and Management
323(1)
Chapter Summary
324(9)
Key Terms
333(1)
Reference
334(1)
7 Investigate
335(42)
Chapter Objectives
335(2)
Specialty Area 1: Digital Forensics
337(29)
Organizing the Tasks of Digital Forensics Using Cybersecurity Framework Functions
338(1)
Factoring Workforce Tasks into the Cybersecurity Framework Categories
338(7)
Identification/Analysis Tasks
339(5)
Protection and Recovery Tasks
344(1)
Underlying Knowledge, Skill, and Ability Requirements for Digital Forensics
345(9)
Digital Forensics KSAs
352(2)
Application: Organizing a Digital Forensics Function Based on the CSF
354(12)
Identification: Ensuring an Accurate Picture
355(2)
Identification: Analyzing Data and Recording Results for Future Reference
357(1)
Protect and Recover: Writing a Forensic Recovery and Analysis Plan
358(1)
Protecting and Recovering: Setting Up an Effective Communication Process
359(2)
Recovery: Reconstructing Events
361(1)
Characterizing the Incident
361(1)
Identifying the Sources of Data
362(1)
Evidence-Handling Protocols
363(1)
Analysis and Reporting Phases
363(1)
Practical Management Considerations
363(1)
Ensuring a Capable Workforce
364(1)
Ensuring Correctness through Routine Evaluations
365(1)
Specialty Area 2: Cyber Investigation
366(7)
Application: Organizing a Digital Forensics Function Based on the CSF
368(5)
Chapter Summary
373(2)
Key Terms
375(1)
References
376(1)
8 Collect and Operate and Analyze General Knowledge Areas
377(48)
Chapter Objectives
377(1)
Introduction to the Knowledge Areas of the Intelligence Community
377(5)
Specialty Areas: Collect and Operate and Analyze
382(2)
Collect and Operate
382(1)
Collection Operations
382(1)
Cyber Operations
382(1)
Cyber Operations Planning
382(1)
Analyze
383(1)
Threat Analysis
383(1)
All-Source Intelligence
383(1)
Exploitation Analysis
384(1)
Targets
384(1)
Body of Knowledge for Collect and Operate and Analyze
384(21)
Addressing US Interests in Assessments
385(1)
Access and Credibility
385(1)
Articulation of Assumptions
385(1)
Outlook
385(1)
Facts and Sourcing
385(8)
Analytic Expertise
393(1)
Effective Summary
393(1)
Implementation Analysis
393(1)
Conclusions
393(1)
Tradecraft and Counterintelligence
393(12)
Implementing the Collect and Operate and Analyze Areas
405(2)
Performing Collection and Operations and Analysis Work
407(9)
The Intelligence Process
408(2)
Planning and Direction
410(1)
Information Capture and Data Collection
410(1)
Information Processing and Exploitation Analysis
411(1)
Intelligence Assessment and Reporting
412(2)
Dissemination and Integration
414(2)
Chapter Summary
416(7)
The Body of Knowledge for Collect and Operate and Analyze
418(3)
Addressing US Interests in Assessments
418(1)
Access and Credibility
419(1)
Articulation of Assumptions
419(1)
Outlook
419(1)
Facts and Sourcing
419(1)
Analytic Expertise
419(1)
Effective Summary
419(1)
Implementation Analysis
420(1)
Conclusions
420(1)
Tradecraft and Counterintelligence
420(1)
The Intelligence Process
421(2)
Key Terms
423(1)
References
424(1)
9 Oversee and Govern
425(84)
Chapter Objectives
425(1)
Introduction
425(3)
Specialty Area 1: Legal Advice and Advocacy
428(6)
Factoring Legal Advice and Advocacy Workforce Tasks into the Cybersecurity Framework Categories
428(3)
Identify Tasks
428(2)
Respond Tasks
430(1)
Underlying Knowledge, Skill, and Ability Requirements for Legal Advice and Advocacy Specialty Area
431(3)
Specialty Area 2: Strategic Planning and Policy Development
434(17)
Factoring Strategic Planning Workforce Tasks into the Cybersecurity Framework Categories
436(14)
Roles and Responsibilities
439(1)
Security Frameworks
440(3)
Risk Management
443(1)
Information Assurance Policy and Security Control Libraries
443(7)
Underlying Knowledge, Skill, and Ability Requirements for Strategic Planning and Policy Development Specialty Area
450(1)
Specialty Area 3: Training, Education, and Awareness
451(13)
Factoring Training, Education, and Awareness Workforce Tasks into the Cybersecurity Framework Categories
454(7)
Awareness
456(1)
Training
457(1)
Education
457(1)
Needs Assessment
457(1)
Training, Education, and Awareness Strategic Plan
458(1)
Curriculum and Course Learning Module Development
458(2)
Implementation Plan
460(1)
Evaluating the Training, Education, and Awareness Program
460(1)
Underlying Knowledge, Skill, and Ability Requirements for Training, Education, and Awareness Specialty Area
461(3)
Specialty Area 4: Information Systems and Security Operations
464(10)
Factoring Information Systems and Security Operations Workforce Tasks into the Cybersecurity Framework Categories
465(8)
Risk Assessment
468(1)
Risk Tolerance
468(1)
Establish Organization Boundaries
469(1)
System Security Classification
469(1)
Security Controls
470(2)
Evaluation and Continuous Monitoring
472(1)
Underlying Knowledge, Skill, and Ability Requirements for Information Systems and Security Operations Specialty Area
473(1)
Specialty Area 5: Security Program Management
474(14)
Factoring Security Program Management Workforce Tasks into the Cybersecurity Framework Categories
478(5)
Financial Leadership
481(1)
Enterprise Continuity of Operations Plan
482(1)
Evaluation and Validation
482(1)
Underlying Knowledge, Skill, and Ability Requirements for Security Program Management Specialty Area
483(5)
Specialty Area 6: Risk Management
488(5)
Factoring Risk Management Workforce Tasks into the Cybersecurity Framework Categories
488(5)
Risk Management Process
491(2)
Underlying Knowledge, Skill, and Ability Requirements for Risk Management Specialty Area
493(1)
Specialty Area 7: Knowledge Management
493(9)
Factoring Knowledge Management Workforce Tasks into the Cybersecurity Framework Categories
497(4)
Underlying Knowledge, Skill, and Ability Requirements for Knowledge Management Specialty Area
501(1)
Chapter Summary
502(4)
Key Terms
506(1)
References
507(2)
10 Applying the NICE Model to the Real World
509(20)
Chapter Objectives
509(1)
Why Cybersecurity Needs a Standard of Practice
509(1)
Three Problems with Cybersecurity
510(11)
Requirement for Best Practice Advice
512(1)
Best Practice and Strategy
513(1)
Applying the NICE Workforce Framework (v2.0) to the Real World
514(2)
Tailoring a Security Architecture to Fit Each Organizational Need
516(1)
Steps for Creating a Substantive Security Solution
516(5)
Chapter Summary
521(5)
Key Terms
526(1)
Reference
527(2)
Index 529
Daniel P Shoemaker, PhD, is principal investigator and senior research scientist at the University of Detroit Mercys Center for Cyber Security and Intelligence Studies. Dan has served 30 years as a professor at UDM with 25 of those years as department chair. He served as a co-chair for both the Workforce Training and Education and the Software and Supply Chain Assurance Initiatives for the Department of Homeland Security, and was a subject matter expert for the NICE Cybersecurity Workforce Framework 2.0. Dan has coauthored six books in the field of cybersecurity and has authored more than one hundred journal publications. Dan earned his PhD from the University of Michigan.

Anne Kohnke, PhD, is an assistant professor of IT at Lawrence Technological University and teaches courses in both the information technology and organization development/change management disciplines at the bachelor through doctorate levels. Anne started as an adjunct professor in 2002 and joined the faculty full time in 2011. Her IT career started in the mid-1980s on a help desk, and over the years, Anne developed technical proficiency as a database administrator, network administrator, systems analyst, and technical project manager. After a decade, Anne was promoted to management and worked as an IT director, vice president of IT and chief information security officer (CISO). Anne earned her PhD from Benedictine University.

Ken Sigler is a faculty member of the Computer Information Systems (CIS) program at the Auburn Hills campus of Oakland Community College in Michigan. His primary research is in the areas of software management, software assurance, and cloud computing. He developed the colleges CIS program option entitled "Information Technologies for Homeland Security." Until 2007, Ken served as the liaison for the college to the International Cybersecurity Education Coalition (ICSEC), of which he is one of three founding members. Ken is a member of IEEE, the Distributed Management Task Force (DMTF), and the Association for Information Systems (AIS).
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97813153599606e.html
Märksõnad: