Recommended Book:Enterprise Cybersecurity

I was positively surprised about this book “Enterprise Cybersecurity“, and I can happily recommend it to anyone working with security management. There are more than one way to do the things, and this book is showing one alternative way on how to connect the dots between different concepts in cybersecurity.

Enterprise cybersecurity

  • Title: Enterprise Cybersecurity
  • Author : Donaldson, S., Siegel, S., Williams, C.K., Aslam, A.
  • Publisher: Apress
  • Date: 2015
  • Number of pages: 490
  • Overview
    • Book is showing a holistic view on the cybersecurity, and is able to do it in a good guiding way.
  • Evaluation
    • I like the presentation thread in the first 4 chapters:
      • New Cybersecurity Mindset Figure 1-8
      • Effective Enterprise Cybersecurity Program Figure 1-9
      • Effective cyberdefense framework Figure 2-1
      • Cybersecurity Process Figure 2-3
      • Risk Management Process Figure 2-4, 2-5
      • Cybersecurity Controls Figure 2-7, 2-8
      • Enterprise Cybersecurity Architecture Figure 2-12
        • 11 functional areas:
        • Systems Administration
        • Network Security
        • Application Security
        • Endpoint, Server, and Device Security
        • Identity, Authentication, and Access Management
        • Data Protection and Cryptography
        • Monitoring, Vulnerability, and Patch Management
        • High Availability, Disaster Recovery, and Physical Protection
        • Incident Response
        • Asset Management and Supply Chain
        • Policy, Audit, E-Discovery, and Training
      • Defining Security Scopes Figure 4-3
      • Eight Types of Security Scopes Figure 4-4
      • Security Scopes for the Typical Enterprise Figure 4-7
      • Selecting Security Controls Figure 4-8
      • Selecting Security Capabilities Figure 4-9
      • Selecting Security Technologies Figure 4-10
      • Considering Security Effectiveness Figure 4-11
    • Even though there are several references to NIST framework, it is still used as part of the bigger program, and would not restrict to use any other framework as a base.

    Contents

    • Part I: The Cybersecurity Challenge
      • Chapter 1: Defining the Cybersecurity Challenge
      • Chapter 2: Meeting the Cybersecurity Challenge
    • Part II: A New Enterprise Cybersecurity Architecture
      • Chapter 3: Enterprise Cybersecurity Architecture
      • Chapter 4: Implementing Enterprise Cybersecurity
      • Chapter 5: Operating Enterprise Cybersecurity
      • Chapter 6: Enterprise Cybersecurity and the Cloud
      • Chapter 7: Enterprise Cybersecurity for Mobile and BYOD
    • Part III: The Art of Cyberdefense
      • Chapter 8: Building an Effective Defense
      • Chapter 9: Responding to Incidents
      • Chapter 10: Managing a Cybersecurity Crisis
    • Part IV: Enterprise Cyberdefense Assessment
      • Chapter 11: Assessing Enterprise Cybersecurity
      • Chapter 12: Measuring a Cybersecurity Program
      • Chapter 13: Mapping Against Cybersecurity Frameworks
    • Part V: Enterprise Cybersecurity Program
      • Chapter 14: Managing an Enterprise Cybersecurity Program
      • Chapter 15: Looking to the Future
    • Part VI: Appendices
      • Appendix A: Common Cyberattacks
      • Appendix B: Cybersecurity Frameworks
      • Appendix C: Enterprise Cybersecurity Capabilities
      • Appendix D: Sample Cybersecurity Policy
      • Appendix E: Cybersecurity Operational Processes
      • Appendix F: Object Measurement
      • Appendix G: Cybersecurity Capability Value Scales
      • Appendix H: Cybersecurity Sample Assessment
      • Appendix I: Network Segmentation
    This entry was posted in Uncategorized. Bookmark the permalink.