Cyber Resilience: Defence-in-depth principles
We live in a world where technology and vast quantities of data play a considerable role in everyday life, both personal and professional.

For the foreseeable future (and perhaps beyond), the growth and prominence of data in business shows no signs of slowing down, even if the technology in question will likely change in ways perhaps unimaginable today. Naturally, all this innovation brings huge opportunities and benefits to organisations and people alike. However, these come at more than just a financial cost.

In the world as we know it, you can be attacked both physically and virtually. For today’s organisations, which rely so heavily on technology – particularly the Internet – to do business, the latter attack is the far more threatening of the two. The cyber threat landscape is complex and constantly changing. For every vulnerability fixed, another pops up, ripe for exploitation. Worse, when a vulnerability is identified, a tool that can exploit it is often developed and used within hours – faster than the time it normally takes for the vendor to release a patch, and certainly quicker than the time many organisations take to install that patch.

This book has been divided into two parts:

  • Part 1: Security principles.
  • Part 2: Reference controls.

Part 1 is designed to give you a concise but solid grounding in the principles of good security, covering key terms, risk management, different aspects of security, defence in depth, implementation tips, and more. This part is best read from beginning to end.

Part 2 is intended as a useful reference, discussing a wide range of good-practice controls (in alphabetical order) you may want to consider implementing. Each control is discussed at a high level, focusing on the broader principles, concepts and points to consider, rather than specific solutions. Each control has also been written as a stand-alone chapter, so you can just read the controls that interest you, in an order that suits you.

1144915781
Cyber Resilience: Defence-in-depth principles
We live in a world where technology and vast quantities of data play a considerable role in everyday life, both personal and professional.

For the foreseeable future (and perhaps beyond), the growth and prominence of data in business shows no signs of slowing down, even if the technology in question will likely change in ways perhaps unimaginable today. Naturally, all this innovation brings huge opportunities and benefits to organisations and people alike. However, these come at more than just a financial cost.

In the world as we know it, you can be attacked both physically and virtually. For today’s organisations, which rely so heavily on technology – particularly the Internet – to do business, the latter attack is the far more threatening of the two. The cyber threat landscape is complex and constantly changing. For every vulnerability fixed, another pops up, ripe for exploitation. Worse, when a vulnerability is identified, a tool that can exploit it is often developed and used within hours – faster than the time it normally takes for the vendor to release a patch, and certainly quicker than the time many organisations take to install that patch.

This book has been divided into two parts:

  • Part 1: Security principles.
  • Part 2: Reference controls.

Part 1 is designed to give you a concise but solid grounding in the principles of good security, covering key terms, risk management, different aspects of security, defence in depth, implementation tips, and more. This part is best read from beginning to end.

Part 2 is intended as a useful reference, discussing a wide range of good-practice controls (in alphabetical order) you may want to consider implementing. Each control is discussed at a high level, focusing on the broader principles, concepts and points to consider, rather than specific solutions. Each control has also been written as a stand-alone chapter, so you can just read the controls that interest you, in an order that suits you.

23.99 In Stock
Cyber Resilience: Defence-in-depth principles

Cyber Resilience: Defence-in-depth principles

Cyber Resilience: Defence-in-depth principles
Add to Wishlist
Cyber Resilience: Defence-in-depth principles

Cyber Resilience: Defence-in-depth principles

Overview

We live in a world where technology and vast quantities of data play a considerable role in everyday life, both personal and professional.

For the foreseeable future (and perhaps beyond), the growth and prominence of data in business shows no signs of slowing down, even if the technology in question will likely change in ways perhaps unimaginable today. Naturally, all this innovation brings huge opportunities and benefits to organisations and people alike. However, these come at more than just a financial cost.

In the world as we know it, you can be attacked both physically and virtually. For today’s organisations, which rely so heavily on technology – particularly the Internet – to do business, the latter attack is the far more threatening of the two. The cyber threat landscape is complex and constantly changing. For every vulnerability fixed, another pops up, ripe for exploitation. Worse, when a vulnerability is identified, a tool that can exploit it is often developed and used within hours – faster than the time it normally takes for the vendor to release a patch, and certainly quicker than the time many organisations take to install that patch.

This book has been divided into two parts:

  • Part 1: Security principles.
  • Part 2: Reference controls.

Part 1 is designed to give you a concise but solid grounding in the principles of good security, covering key terms, risk management, different aspects of security, defence in depth, implementation tips, and more. This part is best read from beginning to end.

Part 2 is intended as a useful reference, discussing a wide range of good-practice controls (in alphabetical order) you may want to consider implementing. Each control is discussed at a high level, focusing on the broader principles, concepts and points to consider, rather than specific solutions. Each control has also been written as a stand-alone chapter, so you can just read the controls that interest you, in an order that suits you.

Product Details

ISBN-13: 9781787784406
Publisher: IT Governance Publishing
Publication date: 08/10/2023
Sold by: Barnes & Noble
Format: eBook
Pages: 142
File size: 528 KB

About the Author

Alan Calder is the Group CEO of GRC International Group PLC, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru, and a leading author on information security and IT governance issues. He has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted for clients across the globe and is a regular media commentator and speaker.


Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd.

Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ).

He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.

Table of Contents

Introduction
Part 1: Security principles
Chapter 1: The cyber threat landscape
Chapter 2: Legal and contractual requirements
Chapter 3: Key terms and concepts
Chapter 4: Managing the risks
Chapter 5: Three security pillars
Chapter 6: Layers of defence in depth
Chapter 7: Mapping the layers against the Part 2 reference controls
Chapter 8: Implementation tips
Part 2: Reference controls
Chapter 9: Asset management
Chapter 10: Board-level commitment and involvement
Chapter 11: Business continuity management
Chapter 12: Configuration and patch management
Chapter 13: Continual improvement process
Chapter 14: Encryption
Chapter 15: External certification/validation
Chapter 16: Identity and access control
Chapter 17: Incident response management
Chapter 18: Internal audits
Chapter 19: Malware protection
Chapter 20: Network and communications security
Chapter 21: Physical and environmental security
Chapter 22: Security monitoring
Chapter 23: Security policies
Chapter 24: Staff training and awareness
Chapter 25: Supply chain security
Chapter 26: System security
Chapter 27: Vulnerability scanning and penetration testing

From the B&N Reads Blog
Page 1 of

Customer Reviews