Security from Zero:Practical Security for Busy People
Release Finelybook 出版日期：2020
Revision 7 – 2020-04-17
Most of the marketing employed by:the security industry tends to rely on a bit of fear-mongering. It’s easy to sell sensationalism — to say that “everything is broken” and cause a sense of alarm and hopelessness.
The goal of this book is not to impart fear,but knowledge. Informed individuals are less likely to panic when scary things happen. They’re more likely to understand what’s going on and how to respond appropriately. They’re more likely to prepare and prevent disasters when they understand the real risks that they might face. The goal of this book is to inspire confidence in the reader and an understanding that,despite the overwhelming perception that everything is broken,the future is not doomed because everything can be fixed.
Your inbox is overflowing,your day is full of meetings,everyone needs something from you,and you’re struggling to stay ahead of it all while trying to grow your company. There’s that nagging feeling that you should probably be doing something with security to defend all of this work that you’ve done,to protect your investment. But,what should you be doing? Where do you even begin?
If this sounds familiar,then this book is for you. I want to share my experience with you so that you’ll know when it’s time to start focusing on security and how to start from scratch. This book explains the practical things you can do today,soon,and later — to improve your security wisely,to maximize the impact,and the metrics you’ll need to make decisions,set goals and track progress.
This book focuses on the high level strategy of successful security programs and avoids deep technical discussions so that you’ll have the right level of insight to make informed decisions and can spend your time on the things that matter most.
Goals of This Book
Kickstarting Your Security Program
The Importance of Security Culture
Your First Security Hire
Prioritizing the Work:Effort vs Impact
Workload Management:Issue Tracking
Your Data-Driven Security Program
Leveraging Security Frameworks & Questionnaires
Regulation and Compliance
Planning Your Security Budget
Responding to Incidents
Threat Modeling Exercises
Effective Bug Bounty Programs
Security Audits & Penetration Tests
Least Privilege & Access Controls
Monitoring & Alerting