{"id":2113,"date":"2017-11-26T22:40:26","date_gmt":"2017-11-26T20:40:26","guid":{"rendered":"http:\/\/saisa.eu\/blogs\/Guidance\/?p=2113"},"modified":"2017-11-26T22:40:26","modified_gmt":"2017-11-26T20:40:26","slug":"recommended-bookenterprise-cybersecurity","status":"publish","type":"post","link":"https:\/\/saisa.eu\/blogs\/Guidance\/?p=2113","title":{"rendered":"Recommended Book:Enterprise Cybersecurity"},"content":{"rendered":"<p>I was positively surprised about this book &#8220;<a href=\"http:\/\/www.apress.com\/gp\/book\/9781430260820\">Enterprise Cybersecurity<\/a>&#8220;, and I can happily recommend it to anyone working with security management. There are more than one way to do the things, and this book is showing one alternative way on how to connect the dots between different concepts in cybersecurity.<\/p>\n<p><img loading=\"lazy\" alt=\"Enterprise cybersecurity\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/11\/enterprisecybersecurity.jpg\" width=\"300\" height=\"431\" \/><\/p>\n<div style=\"MARGIN-LEFT: 2em\">\n<ul>\n<li>Title: Enterprise Cybersecurity<\/li>\n<li>Author : Donaldson, S., Siegel, S., Williams, C.K., Aslam, A.<\/li>\n<li>Publisher: Apress<\/li>\n<li>Date: 2015<\/li>\n<li>Number of pages: 490<\/li>\n<li>Overview<\/li>\n<li style=\"LIST-STYLE-TYPE: none\">\n<ul>\n<li>\n<div>Book is showing a holistic view on the cybersecurity, and is able to do it in a good guiding way.<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<div>Evaluation<\/div>\n<\/li>\n<li style=\"LIST-STYLE-TYPE: none\">\n<ul>\n<li>\n<div>I like the presentation thread in the first 4 chapters:<\/div>\n<\/li>\n<li style=\"LIST-STYLE-TYPE: none\">\n<ul>\n<li>\n<div>New Cybersecurity Mindset <small>Figure 1-8<\/small><\/div>\n<\/li>\n<li>\n<div>Effective Enterprise Cybersecurity Program <small>Figure 1-9<\/small><\/div>\n<\/li>\n<li>\n<div>Effective cyberdefense framework <small>Figure 2-1<\/small><\/div>\n<\/li>\n<li>\n<div>Cybersecurity Process <small>Figure 2-3<\/small><\/div>\n<\/li>\n<li>\n<div>Risk Management Process <small>Figure 2-4, 2-5<\/small><\/div>\n<\/li>\n<li>\n<div>Cybersecurity Controls <small>Figure 2-7, 2-8<\/small><\/div>\n<\/li>\n<li>\n<div>Enterprise Cybersecurity Architecture <small>Figure 2-12<\/small><\/div>\n<\/li>\n<li style=\"LIST-STYLE-TYPE: none\">\n<ul>\n<li>\n<div>11 functional areas:<\/div>\n<\/li>\n<li>\n<div>Systems Administration<\/div>\n<\/li>\n<li>\n<div>Network Security<\/div>\n<\/li>\n<li>\n<div>Application Security<\/div>\n<\/li>\n<li>\n<div>Endpoint, Server, and Device Security<\/div>\n<\/li>\n<li>\n<div>Identity, Authentication, and Access Management<\/div>\n<\/li>\n<li>\n<div>Data Protection and Cryptography<\/div>\n<\/li>\n<li>\n<div>Monitoring, Vulnerability, and Patch Management<\/div>\n<\/li>\n<li>\n<div>High Availability, Disaster Recovery, and Physical Protection<\/div>\n<\/li>\n<li>\n<div>Incident Response<\/div>\n<\/li>\n<li>\n<div>Asset Management and Supply Chain<\/div>\n<\/li>\n<li>\n<div>Policy, Audit, E-Discovery, and Training<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<div>Defining Security Scopes <small>Figure 4-3<\/small><\/div>\n<\/li>\n<li>\n<div>Eight Types of Security Scopes <small>Figure 4-4<\/small><\/div>\n<\/li>\n<li>\n<div>Security Scopes for the Typical Enterprise <small>Figure 4-7<\/small><\/div>\n<\/li>\n<li>\n<div>Selecting Security Controls <small>Figure 4-8<\/small><\/div>\n<\/li>\n<li>\n<div>Selecting Security Capabilities <small>Figure 4-9<\/small><\/div>\n<\/li>\n<li>\n<div>Selecting Security Technologies <small>Figure 4-10<\/small><\/div>\n<\/li>\n<li>\n<div>Considering Security Effectiveness <small>Figure 4-11<\/small><\/div>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<div>Even though there are several references to NIST framework, it is still used as part of the bigger program, and would not restrict to use any other framework as a base.<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul class=\"noindent\"><\/ul>\n<\/div>\n<p><strong>Contents<\/strong><\/p>\n<ul>\n<li>Part I: The Cybersecurity Challenge<\/li>\n<li style=\"LIST-STYLE-TYPE: none\">\n<ul>\n<li>Chapter 1: Defining the Cybersecurity Challenge<\/li>\n<li>Chapter 2: Meeting the Cybersecurity Challenge<\/li>\n<\/ul>\n<\/li>\n<li>Part II: A New Enterprise Cybersecurity Architecture<\/li>\n<li style=\"LIST-STYLE-TYPE: none\">\n<ul>\n<li>Chapter 3: Enterprise Cybersecurity Architecture<\/li>\n<li>Chapter 4: Implementing Enterprise Cybersecurity<\/li>\n<li>Chapter 5: Operating Enterprise Cybersecurity<\/li>\n<li>Chapter 6: Enterprise Cybersecurity and the Cloud<\/li>\n<li>Chapter 7: Enterprise Cybersecurity for Mobile and BYOD<\/li>\n<\/ul>\n<\/li>\n<li>Part III: The Art of Cyberdefense<\/li>\n<li style=\"LIST-STYLE-TYPE: none\">\n<ul>\n<li>Chapter 8: Building an Effective Defense<\/li>\n<li>Chapter 9: Responding to Incidents<\/li>\n<li>Chapter 10: Managing a Cybersecurity Crisis<\/li>\n<\/ul>\n<\/li>\n<li>Part IV: Enterprise Cyberdefense Assessment<\/li>\n<li style=\"LIST-STYLE-TYPE: none\">\n<ul>\n<li>Chapter 11: Assessing Enterprise Cybersecurity<\/li>\n<li>Chapter 12: Measuring a Cybersecurity Program<\/li>\n<li>Chapter 13: Mapping Against Cybersecurity Frameworks<\/li>\n<\/ul>\n<\/li>\n<li>Part V: Enterprise Cybersecurity Program<\/li>\n<li style=\"LIST-STYLE-TYPE: none\">\n<ul>\n<li>Chapter 14: Managing an Enterprise Cybersecurity Program<\/li>\n<li>Chapter 15: Looking to the Future<\/li>\n<\/ul>\n<\/li>\n<li>Part VI: Appendices<\/li>\n<li style=\"LIST-STYLE-TYPE: none\">\n<ul>\n<li>Appendix A: Common Cyberattacks<\/li>\n<li>Appendix B: Cybersecurity Frameworks<\/li>\n<li>Appendix C: Enterprise Cybersecurity Capabilities<\/li>\n<li>Appendix D: Sample Cybersecurity Policy<\/li>\n<li>Appendix E: Cybersecurity Operational Processes<\/li>\n<li>Appendix F: Object Measurement<\/li>\n<li>Appendix G: Cybersecurity Capability Value Scales<\/li>\n<li>Appendix H: Cybersecurity Sample Assessment<\/li>\n<li>Appendix I: Network Segmentation<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>I was positively surprised about this book &#8220;Enterprise Cybersecurity&#8220;, and I can happily recommend it to anyone working with security management. There are more than one way to do the things, and this book is showing one alternative way on &hellip; <a href=\"https:\/\/saisa.eu\/blogs\/Guidance\/?p=2113\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[62,64,69,31,32],"tags":[],"_links":{"self":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/2113"}],"collection":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2113"}],"version-history":[{"count":0,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/2113\/revisions"}],"wp:attachment":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}