Information Security Handbook: Enhance your proficiency in information security program development
by 作者: Darren Death (Author)
Publisher Finelybook 出版社: Packt Publishing
Publication Date 出版日期: October 31, 2023
Language 语言: English
Print length: 370 pages
ISBN-10 书号: 1837632707
ISBN-13 书号: 9781837632701
Book Description
A practical guide to establishing a risk-based, business-focused information security program to ensure organizational success
Key Features
Focus on business alignment, engagement, and support using risk-based methodologies
Establish organizational communication and collaboration emphasizing a culture of security
Implement information security program, cybersecurity hygiene, and architectural and engineering best practices
Purchase of the print or Kindle book includes a free PDF eBook
Book Description
Information Security Handbook is a practical guide that’ll empower you to take effective actions in securing your organization’s assets. Whether you are an experienced security professional seeking to refine your skills or someone new to the field looking to build a strong foundation, this book is designed to meet you where you are and guide you toward improving your understanding of information security.
Each chapter addresses the key concepts, practical techniques, and best practices to establish a robust and effective information security program. You’ll be offered a holistic perspective on securing information, including risk management, incident response, cloud security, and supply chain considerations. This book has distilled years of experience and expertise of the author, Darren Death, into clear insights that can be applied directly to your organization’s security efforts. Whether you work in a large enterprise, a government agency, or a small business, the principles and strategies presented in this book are adaptable and scalable to suit your specific needs.
By the end of this book, you’ll have all the tools and guidance needed to fortify your organization’s defenses and expand your capabilities as an information security practitioner.
What you will learn
Introduce information security program best practices to your organization
Leverage guidance on compliance with industry standards and regulations
Implement strategies to identify and mitigate potential security threats
Integrate information security architecture and engineering principles across the systems development and engineering life cycle
Understand cloud computing, Zero Trust, and supply chain risk management
Who this book is for
This book is for information security professionals looking to understand critical success factors needed to build a successful, business-aligned information security program. Additionally, this book is well suited for anyone looking to understand key aspects of an information security program and how it should be implemented within an organization. If you’re looking for an end-to-end guide to information security and risk analysis with no prior knowledge of this domain, then this book is for you.
Table of
Contents
1. Information and Data Security Fundamentals
2. Defining the Threat Landscape
3. Laying a Foundation for Information and Data Security
4. Information Security Risk Management
5. Developing Your Information and Data Security Plan
6. Continuous Testing and Monitoring
7. Business Continuity/Disaster Recovery Planning
8. Incident Response Planning
9. Developing a Security Operations Center
10. Developing an Information Security Architecture Program
11. Cloud Security Considerations
12. Zero Trust Architecture in Inforrmation Security
13. Third-Party and Supply Chain Security
Editorial Reviews:
About the Author
Darren Death is ASRC Federal’s Chief Information Security Officer. He is responsible for managing the enterprise cybersecurity program across a 3 billion-dollar portfolio of business sectors, including financial services, government contracting, and construction. A proven technology leader with over 20 years of experience deploying enterprise systems for large private and public organizations, Darren Death has led, designed, and implemented large-scale, organizational-wide enterprise IT systems with far-reaching impact. Before joining ASRC Federal, while at the Department of Justice, he was responsible for creating a nationwide enterprise processing capability across the US Attorney, Marshalls Service, and the Bureau of Alcohol, Tobacco, and Firearms divisions. At the Library of Congress, Darren was responsible for all emerging technologies related to information security.
He holds a doctoral degree in information technology, specializing in information assurance and cybersecurity.
