Developing Cybersecurity Programs and Policies

Developing Cybersecurity Programs and Policies is a complete guide to establishing a cyber security program and governance in your organization. In this book, you will learn how to create cyber security policies, standards, procedures, guidelines, and plans-and the differences among them. You will also learn how threat actors are launching attacks against their victims-compromising confidentiality, integrity, and availability of systems and networks.

Santos starts by providing an overview of cybersecurity policy and governance, and how to create cybersecurity policies and develop a cybersecurity framework. He then provides details about governance, risk management, asset management, and data loss prevention.   

• Respond to incidents and ensure continuity of operations
• Comply with laws and regulations, including GLBA, HIPAA/HITECH, FISMA, state data security and notification rules, and PCI DSS
• Systematically identify, prioritize, and manage cyber security risks and reduce social engineering (human) risks with role-based Security Education, Awareness, and Training (SETA)
• Incorporate human resources, physical, and environmental security as important elements of your cybersecurity program.
• Implement appropriate security controls in the cloud, often using automation
• Understand Identity and Access Management (IAM)

This book includes:

• Practical, hands-on exercises related to several key topics to defend various cloud workloads operating in the different CSP models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Functions as a Service (FaaS)
• Covers NIST Cyber Security Framework and ISO/IEC 27000-series standards

Chapter 1. Understanding Cyber Security Policy and Governance

Chapter 2. Cyber Security Policy Organization, Format and Styles

Chapter 3. Cyber Security Framework

Chapter 4: Cloud Security

Chapter 5. Governance and Risk Management

Chapter 6. Asset Management and Data Loss Prevention

Chapter 7. Human Resources Security

Chapter 8. Physical and Environmental Security

Chapter 9. Cybersecurity Operations (CyberOps), Incident Response, Digital Forensics, and Threat Hunting

Chapter 10. Access Control Management

Chapter 11. Information Systems Acquisition, Development, and Maintenance

Chapter 12. Business Continuity Management

Chapter 13. Regulatory Compliance for Financial Institutions

Chapter 14. Regulatory Compliance for the Healthcare Sector

Chapter 15. PCI Compliance for Merchants

Chapter 16. Privacy

Appendix A. Information Security Program Resources

Appendix B. Sample Information Security Policy

Appendix C. Information Systems Acceptable Use Agreement and Policy

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.