|
Chapter 1 What Is the Cybersecurity Epidemic? |
|
|
1 | (6) |
|
Why Is Cybersecurity Such A Big Deal? |
|
|
1 | (1) |
|
What Does Organized Computer Hacking Look Like? |
|
|
2 | (1) |
|
What Does This Mean For The Average Business? |
|
|
3 | (2) |
|
|
|
3 | (1) |
|
Suspended Business Operations |
|
|
4 | (1) |
|
|
|
4 | (1) |
|
|
|
4 | (1) |
|
|
|
4 | (1) |
|
|
|
5 | (1) |
|
|
|
5 | (2) |
|
Chapter 2 What Am I Defending My Company from? |
|
|
7 | (8) |
|
|
|
7 | (2) |
|
|
|
8 | (1) |
|
Advanced Persistent Threats |
|
|
8 | (1) |
|
|
|
9 | (1) |
|
Who Are The Threat Actors? |
|
|
9 | (2) |
|
|
|
9 | (2) |
|
What Exactly Do The Hackers Want? |
|
|
11 | (3) |
|
|
|
14 | (1) |
|
Chapter 3 How to Get Started with Your Cybersecurity Program |
|
|
15 | (10) |
|
What Is A Cybersecurity Program? |
|
|
15 | (2) |
|
How To Get Started Creating Your Cybersecurity Program? |
|
|
17 | (2) |
|
Types Of Security Controls |
|
|
19 | (4) |
|
|
|
19 | (1) |
|
|
|
19 | (1) |
|
|
|
20 | (1) |
|
|
|
21 | (1) |
|
|
|
22 | (1) |
|
|
|
23 | (2) |
|
Chapter 4 Why Do You Need Cyber Insurance? |
|
|
25 | (8) |
|
|
|
25 | (1) |
|
What Does Cyber Insurance Cover? |
|
|
26 | (1) |
|
What Are The Types Of Cyber Insurance? |
|
|
26 | (1) |
|
What To Look For When Buying Cyber Insurance |
|
|
27 | (1) |
|
How Do Cyber Insurers Assess Companies? |
|
|
28 | (2) |
|
How To Make A Business Case For Cyber Insurance |
|
|
30 | (1) |
|
|
|
30 | (3) |
|
Chapter 5 Compliance Regulations You Need to Be Aware of |
|
|
33 | (8) |
|
Why Is Meeting Compliance Important? |
|
|
34 | (2) |
|
|
|
36 | (4) |
|
|
|
40 | (1) |
|
Chapter 6 How to Be Prepared for Insider Threats |
|
|
41 | (6) |
|
The Principle Of Least Privilege |
|
|
42 | (1) |
|
|
|
42 | (1) |
|
|
|
43 | (1) |
|
Develop A Good Employee Termination Procedure |
|
|
43 | (1) |
|
|
|
44 | (1) |
|
Have Proper Backups And Recovery Processes |
|
|
44 | (1) |
|
Keep Track Of Employee Access |
|
|
44 | (1) |
|
Monitor Your Network For Suspicious Activity |
|
|
44 | (1) |
|
Have Well-Developed Policies For Proper User Behavior |
|
|
45 | (1) |
|
|
|
45 | (1) |
|
Security Awareness Training |
|
|
45 | (1) |
|
|
|
46 | (1) |
|
Chapter 7 How to Build an Effective Incident Response Team |
|
|
47 | (18) |
|
Nist Incident Response Lifecycle |
|
|
47 | (2) |
|
Incident Response Lifecycle SP 800-61 |
|
|
47 | (2) |
|
Building Out The Incident Response Team |
|
|
49 | (3) |
|
Roles and Responsibilities |
|
|
49 | (2) |
|
Documentation and Playbooks |
|
|
51 | (1) |
|
How To Interview For Your Incident Response Team |
|
|
52 | (2) |
|
30 Sample Interview Questions |
|
|
54 | (7) |
|
|
|
54 | (3) |
|
|
|
57 | (2) |
|
|
|
59 | (2) |
|
|
|
61 | (2) |
|
|
|
63 | (2) |
|
Chapter 8 How to Pitch for a Quality Cybersecurity Budget |
|
|
65 | (8) |
|
|
|
65 | (1) |
|
Four Areas Of Roi In Cybersecurity |
|
|
66 | (1) |
|
Tips For Communicating Roi To Upper Management |
|
|
67 | (1) |
|
Have Accurate Accounting For Your Team |
|
|
68 | (1) |
|
Using Industry Statistics |
|
|
69 | (2) |
|
|
|
71 | (2) |
|
Chapter 9 Why You Need Continuous Security Validation |
|
|
73 | (8) |
|
Why Continuous Security Validation Is Important |
|
|
73 | (3) |
|
Emulation versus Simulation |
|
|
75 | (1) |
|
How To Implement Security Validation Using Bug Bounty Programs |
|
|
76 | (3) |
|
|
|
76 | (2) |
|
Types of Bug Bounty Programs |
|
|
78 | (1) |
|
Why You Should Still Do Manual Tests |
|
|
79 | (1) |
|
|
|
79 | (2) |
|
Chapter 10 The Importance of Routine Simulations |
|
|
81 | (8) |
|
Types Of Situations You Need To Prepare For |
|
|
82 | (2) |
|
Types Of Security Testing/Simulations That You Can Do |
|
|
84 | (1) |
|
|
|
84 | (1) |
|
|
|
84 | (1) |
|
|
|
84 | (1) |
|
|
|
84 | (1) |
|
|
|
85 | (1) |
|
Levels Of Security Testing |
|
|
85 | (1) |
|
|
|
85 | (1) |
|
|
|
85 | (1) |
|
Single Machine Boot Verification |
|
|
85 | (1) |
|
|
|
85 | (1) |
|
|
|
85 | (1) |
|
Disaster Recovery Testing Best Practices |
|
|
86 | (1) |
|
|
|
86 | (1) |
|
Use the Feedback from the Simulations |
|
|
86 | (1) |
|
|
|
86 | (1) |
|
|
|
86 | (1) |
|
|
|
87 | (2) |
|
Chapter 11 The Six Steps to Preparing for a Cybersecurity Incident |
|
|
89 | (8) |
|
Incident Handler Communication |
|
|
90 | (2) |
|
Hardware And Software Analysis |
|
|
92 | (1) |
|
Hardening Your Systems For Preventing Incidents |
|
|
93 | (4) |
|
|
|
93 | (2) |
|
|
|
95 | (2) |
|
Chapter 12 How to Analyze a Potential Cybersecurity Incident |
|
|
97 | (6) |
|
|
|
97 | (2) |
|
Examples of Indicators of Compromise, Courtesy of Dark Reading |
|
|
98 | (1) |
|
Understand The Scope And Severity |
|
|
99 | (1) |
|
Understand Who You Need To Communicate With |
|
|
100 | (1) |
|
Identify Notification Requirements |
|
|
100 | (1) |
|
|
|
101 | (2) |
|
Chapter 13 Steps to Containing a Cybersecurity Incident |
|
|
103 | (4) |
|
Isolate Any Infected Accounts And Machines |
|
|
103 | (2) |
|
|
|
105 | (2) |
|
Chapter 14 How to Eradicate and Recover from a Cybersecurity Incident |
|
|
107 | (6) |
|
|
|
107 | (1) |
|
How To Clean Malware Off Of A Machine |
|
|
107 | (3) |
|
|
|
108 | (1) |
|
Step 1 Disconnect from the Internet |
|
|
108 | (1) |
|
Step 2 Make an Image of the Machine in Its Original State |
|
|
108 | (1) |
|
|
|
108 | (1) |
|
Step 4 Refrain from Logging into any Accounts |
|
|
108 | (1) |
|
Step 5 Clear Your Cache and Delete Temporary Files |
|
|
109 | (1) |
|
Step 6 Malware Removal Techniques |
|
|
109 | (1) |
|
|
|
110 | (3) |
|
|
|
110 | (3) |
|
Chapter 15 What to Do If You Don't Have the Internal Expertise You Need |
|
|
113 | (8) |
|
Potential Benefits Of Outsourcing Cybersecurity |
|
|
114 | (1) |
|
Potential Cons Of Outsourcing Cybersecurity |
|
|
115 | (1) |
|
How To Outsource Cybersecurity Effectively |
|
|
115 | (1) |
|
Cybersecurity Operations You Should Consider Outsourcing |
|
|
116 | (3) |
|
|
|
119 | (2) |
|
Chapter 16 How to Handle Third-Party Vendors That Have Suffered a Data Breach |
|
|
121 | (6) |
|
How You Can Mitigate Your Third-Party Risks |
|
|
123 | (2) |
|
|
|
125 | (2) |
|
Chapter 17 How to Remove Data Leaks Once They Are on the Internet |
|
|
127 | (10) |
|
How To Remove Data Leaks On Github |
|
|
128 | (1) |
|
|
|
128 | (1) |
|
|
|
128 | (1) |
|
|
|
128 | (1) |
|
|
|
129 | (1) |
|
|
|
129 | (1) |
|
|
|
129 | (1) |
|
How To Get A Github Data Leak Removed |
|
|
129 | (1) |
|
How To Prevent Data Leaks On Github |
|
|
130 | (1) |
|
|
|
130 | (1) |
|
|
|
131 | (1) |
|
Use a Monitoring Service or Tool |
|
|
131 | (1) |
|
What Happens If Someone Posts Your Company's Data Online? |
|
|
131 | (1) |
|
Contact the Owner of the Forum/Website |
|
|
131 | (1) |
|
Submit a Request with Google |
|
|
132 | (1) |
|
Report the Website to Law Enforcement or the Web Hosting Provider |
|
|
132 | (1) |
|
How To Prevent Someone From Posting Your Data Online |
|
|
132 | (2) |
|
|
|
132 | (1) |
|
Anonymize Client Information |
|
|
133 | (1) |
|
What Happens If Someone Steals My Domain? |
|
|
134 | (1) |
|
What To Do About A Squatted Domain |
|
|
134 | (1) |
|
How To Prevent Domain Squatting |
|
|
135 | (1) |
|
Register the Domain Before You Need It |
|
|
135 | (1) |
|
|
|
135 | (1) |
|
Purchase Domain Ownership Protection |
|
|
135 | (1) |
|
|
|
135 | (1) |
|
|
|
135 | (1) |
|
|
|
136 | (1) |
|
Chapter 18 How to Address the Public During a Data Breach |
|
|
137 | (4) |
|
Understand Your Reporting Obligations |
|
|
138 | (1) |
|
How To Deal With The Media |
|
|
138 | (2) |
|
|
|
140 | (1) |
|
Chapter 19 How to Handle Disgruntled Customers During a Data Breach |
|
|
141 | (4) |
|
|
|
144 | (1) |
|
Chapter 20 When Should I Get Law Enforcement Involved? |
|
|
145 | (6) |
|
Law Enforcement Versus Private Consultants |
|
|
148 | (1) |
|
When Do You Have A Legal Obligation To Report A Data Breach To The Police? |
|
|
148 | (1) |
|
|
|
148 | (3) |
|
Chapter 21 Public Authorities You Should Notify Throughout a Data Breach |
|
|
151 | (8) |
|
Us Department Of Health And Human Services |
|
|
151 | (1) |
|
Breaches Affecting Fewer Than 500 Individuals |
|
|
152 | (1) |
|
Breaches Affecting 500 Or More Individuals |
|
|
152 | (1) |
|
Reporting A Data Breach To Ico |
|
|
153 | (1) |
|
When Do You Need To Notify Individuals About A Data Breach? |
|
|
154 | (1) |
|
When Do You Need To Report A Breach? |
|
|
155 | (1) |
|
How To Submit A Breach Report To The Opc And Affected Individuals |
|
|
156 | (1) |
|
|
|
157 | (2) |
|
|
|
159 | (14) |
|
Top 10 Key Cybersecurity Concepts To Remember |
|
|
159 | (10) |
|
Personally Identifiable Information (PII) |
|
|
159 | (1) |
|
|
|
159 | (1) |
|
The Principle of Least Privilege |
|
|
160 | (1) |
|
The Incident Response Lifecycle |
|
|
160 | (1) |
|
Quantifying the ROI of Cybersecurity |
|
|
160 | (2) |
|
Security Simulations to Prepare for a Hack |
|
|
162 | (1) |
|
Remember Third-Party Risks |
|
|
163 | (1) |
|
Compliance and Notification Requirements |
|
|
164 | (3) |
|
What Do You Need in an Incident Response Team? |
|
|
167 | (2) |
|
|
|
169 | (1) |
|
|
|
169 | (1) |
|
|
|
170 | (3) |
| Sources |
|
173 | (2) |
| Index |
|
175 | |
Rohkem infot Taylor & Francis e-raamatute kohta