Develop strategic plans for building cybersecurity programs and prepare your organization for compliance investigations and audits
Key Features
- Understand how to get started in the new role and design a security program with confidence
- Explore the benefits of performing assessments and having a strong risk management framework
- Promoting the importance of security within the organization, starting with awareness and training
Book Description
Ransomware, phishing, and data breaches affect you and your organization. It seems like everyday there is a new cybersecurity threat. It is important to protect the security of your organization and to prepare for cyberattacks that may affect them. This book will help you in developing different strategies for creating a cybersecurity program.
When starting off as the head of cybersecurity it is important to understand what is needed in the initial days on the job. This book explains the importance of executive buy-in, mission, and vision statement to the main pillars of the security program. You will explore the different types of cybersecurity frameworks, how they differ from each other, and how to pick the right framework as its helps to minimize cyber risk. As you advance you will be performing an assessment against the NIST Cybersecurity Framework as it helps to evaluate threats to your organization including both internal and external vulnerabilities. Towards the end, learn the importance of policies and standards, along with concepts of governance, risk, and compliance, and build an effective incident response team.
By the end of this book, you will have gained a complete understanding of how to build your security program from scratch along with the importance of implementing administrative and technical security controls.
What you will learn
- Explore various cybersecurity frameworks such as NIST, ISO, and so on
- Effective implementation of policies, standards, and procedures
- Find out how to hire the talent for building the right cybersecurity team structure
- Get to know the actual difference between security awareness and training
- Understand the zero trust concept and various firewalls to secure your environment
- Harden your operating system and server to enhance the security
- Performing scans to understand vulnerabilities in software
Who This Book Is For
This book is for newly appointed security team managers, directors, or C-suite individuals who are in the transition stage or new to the information security field and willing to empower themselves with the required knowledge. Cybersecurity professionals can use this book to deepen their knowledge and understand their organization's overall security posture. Basic knowledge of information security or governance, risk, and compliance is required.
Table of Contents
- First 90 Days
- Picking the Right Cybersecurity Framework
- Cybersecurity Strategic Planning Through the Assessment Process
- Establishing Governance Through Policy
- The Security Team
- Risk Management
- Incident Response
- Security Awareness and Training
- Network Security
- Server Security
- DevSecOps
- Testing Your Security and Building Metrics
