Muutke küpsiste eelistusi

E-raamat: Modern Vulnerability Management: Predictive Cybersecurity

4.33/5 (6 hinnangut Goodreads-ist)
,
  • Formaat: 265 pages
  • Ilmumisaeg: 31-Jan-2023
  • Kirjastus: Artech House Publishers
  • ISBN-13: 9781630819392
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 87,75 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Modern Vulnerability Management: Predictive CybersecuritySuurem pilt
  • Formaat: 265 pages
  • Ilmumisaeg: 31-Jan-2023
  • Kirjastus: Artech House Publishers
  • ISBN-13: 9781630819392
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

This book comprehensively covers the principles of Risk-based vulnerability management (RBVM) one of the most challenging tasks in cybersecurity -- from the foundational mathematical models to building your own decision engine to identify, mitigate, and eventually forecast the vulnerabilities that pose the greatest threat to your organization. You will learn: how to structure data pipelines in security and derive and measure value from them; where to procure open-source data to better your organizations pipeline and how to structure it; how to build a predictive model using vulnerability data; how to measure the return on investment a model in security can yield; which organizational structures and policies work best, and how to use data science to detect when they are not working in security; and ways to manage organizational change around data science implementation.

 

Youll also be shown real-world examples of how to mature an RBVM program and will understand how to prioritize remediation efforts based on which vulnerabilities pose the greatest risk to your organization. The book presents a fresh approach, rooted in risk management, and taking advantage of rich data and machine learning, helping you focus more on what matters and ultimately make your organization more secure with a system commensurate to the scale of the threat.

 

This is a timely and much-needed book for security managers and practitioners who need to evaluate their organizations and plan future projects and change. Students of cybersecurity will also find this a valuable introduction on how to use their skills in the enterprise workplace to drive change.
Foreword xi
Acknowledgments xv
1 The State Of The Vulnerability Landscape
1(14)
1.1 The Security Canon: Fundamental Cybersecurity Terminology
4(4)
1.1.1 Common Vulnerabilities and Exposures
5(2)
1.1.2 National Vulnerability Database
7(1)
1.1.3 Common Vulnerability Scoring System
7(1)
1.1.4 Common Weakness Enumeration
7(1)
1.1.5 Common Platform Enumeration
7(1)
1.2 Security Metrics: The New Guard
8(7)
References
13(2)
2 Data Science To Define Risk
15(10)
2.1 Risk Management History and Challenges
15(10)
2.1.1 The Birth of Operations Research
16(2)
2.1.2 The Scale of Cybersecurity
18(2)
2.1.3 Origins of the Risk-Based Approach to Vulnerability Management
20(4)
References
24(1)
3 Decision Support: Tapping Mathematical Models And Machine Learning
25(22)
3.1 Mathematical Modeling
26(12)
3.1.1 Mathematical Scale
27(2)
3.1.2 Statistics
29(3)
3.1.3 Game Theory
32(2)
3.1.4 Stochastic Processes
34(3)
3.1.5 OODA Loops
37(1)
3.2 Machine Learning for Cybersecurity
38(9)
3.2.1 Supervised Models
39(1)
3.2.2 Unsupervised Models
40(5)
References
45(2)
4 How To Build A Decision Engine To Forecast Risk
47(56)
4.1 The Data
48(17)
4.1.1 Definitions vs Instances
50(5)
4.1.2 Vulnerability Data
55(5)
4.1.3 Threat Intel Sources
60(2)
4.1.4 Asset Discovery and Categorization: Configuration Management Database
62(2)
4.1.5 Data Validation
64(1)
4.2 Building a Logistic Regression Model
65(14)
4.2.1 Data Sources and Feature Engineering
66(3)
4.2.2 Testing Model Performance
69(3)
4.2.3 Implementing in Production
72(7)
4.3 Designing a Neural Network
79(24)
4.3.1 Preparing the Data
79(3)
4.3.2 Developing a Neural Network Model
82(2)
4.3.3 Hyperparameter Exploration and Evaluation
84(11)
4.3.4 Scoring
95(5)
4.3.5 Future Work
100(1)
References
101(2)
5 Measuring Performance
103(38)
5.1 Risk vs Performance
104(1)
5.2 What Makes a Metric "Good"?
105(6)
5.2.1 Seven Characteristics of Good Metrics
106(2)
5.2.2 Evaluating Metrics Using the Seven Criteria
108(2)
5.2.3 More Considerations for Good Metrics
110(1)
5.3 Remediation Metrics
111(7)
5.3.1 Mean-Time-Tos
111(1)
5.3.2 Remediation Volume and Velocity
112(2)
5.3.3 R Values and Average Remediation Rates
114(4)
5.4 Why Does Performance Matter?
118(1)
5.5 Measuring What Matters
119(22)
5.5.1 Coverage and Efficiency
119(4)
5.5.2 Velocity and Capacity
123(9)
5.5.3 Vulnerability Debt
132(3)
5.5.4 Remediation SLAs
135(4)
References
139(2)
6 Building A System For Scale
141(18)
6.1 Considerations Before You Build
141(5)
6.1.1 Asset Management Assessment
143(1)
6.1.2 Where Your Organization Is Going
144(1)
6.1.3 Other Tools as Constraints
145(1)
6.2 On Premise vs Cloud
146(1)
6.3 Processing Considerations
147(3)
6.3.1 Speed of Decisions and Alerts
147(2)
6.3.2 SOC Volume
149(1)
6.4 Database Architecture
150(4)
6.4.1 Assets Change Faster Than Decisions
151(1)
6.4.2 Real-Time Risk Measurement
152(2)
6.5 Search Capabilities
154(2)
6.5.1 Who Is Searching?
154(2)
6.6 Role-Based Access Controls
156(3)
7 Aligning Internal Process And Teams
159(22)
7.1 The Shift to a Risk-Based Approach
160(4)
7.1.1 Common Goals and Key Risk Measurements
160(2)
7.1.2 Case Study: More Granular Risk Scores for Better Prioritization
162(2)
7.2 Driving Down Risk
164(4)
7.2.1 Aligning Teams with Your Goals
165(1)
7.2.2 The Importance of Executive Buy-In
166(1)
7.2.3 Reporting New Metrics
167(1)
7.2.4 Gamification
167(1)
7.3 SLA Adherence
168(5)
7.3.1 High-Risk vs Low-Risk Vulnerabilities
169(1)
7.3.2 When to Implement or Revise SLAs
170(2)
7.3.3 What to Include in Your SLA
172(1)
7.4 Shifting from Security-Centric to IT Self-Service
173(4)
7.4.1 How to Approach Change Management
174(1)
7.4.2 Enabling Distributed Decision-Making
175(2)
7.4.3 Signs of Self-Service Maturity
177(1)
7.5 Steady-State Workflow
177(2)
7.5.1 The Limits of Remediation Capacity
177(1)
7.5.2 Media-Boosted Vulnerabilities
178(1)
7.5.3 Exception Handling
179(1)
7.6 The Importance of Process and Teams
179(2)
8 Real-World Examples
181(6)
8.1 A Word from the Real World
181(6)
8.1.1 Vulnerability Discovery
182(1)
8.1.2 Vulnerability Assessment and Prioritization
182(1)
8.1.3 Vulnerability Communication
183(1)
8.1.4 Vulnerability Remediation
184(1)
8.1.5 What Success Looks Like
184(3)
9 The Future Of Modern VM
187(16)
9.1 Steps Toward a Predictive Response to Risk
188(3)
9.1.1 Passive Data Collection
190(1)
9.2 Forecasting Vulnerability Exploitation with the Exploit Prediction Scoring System
191(3)
9.3 Support from Intelligent Awareness
194(2)
9.4 The Rise of XDR
196(2)
9.5 The Other Side of the Coin: Remediation
198(2)
9.6 The Wicked Problem of Security Advances
200(3)
References
201(2)
Glossary 203(4)
About The Authors 207(2)
Index 209
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97816308193922e.html
Märksõnad: