Atjaunināt sīkdatņu piekrišanu

How to Build a Cyber-Resilient Organization [Mīkstie vāki]

(Oakland Community College, USA), (Lawrence Technological University, USA), (Univ. of Detroit Mercy, USA)
  • Formāts: Paperback / softback, 296 pages, height x width: 234x156 mm, weight: 589 g
  • Sērija : Security, Audit and Leadership Series
  • Izdošanas datums: 03-Dec-2018
  • Izdevniecība: CRC Press
  • ISBN-10: 1138558192
  • ISBN-13: 9781138558199
Citas grāmatas par šo tēmu:
  • Mīkstie vāki
  • Cena: 97,62 €
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
  • Bibliotēkām
How to Build a Cyber-Resilient OrganizationPalielināt
  • Formāts: Paperback / softback, 296 pages, height x width: 234x156 mm, weight: 589 g
  • Sērija : Security, Audit and Leadership Series
  • Izdošanas datums: 03-Dec-2018
  • Izdevniecība: CRC Press
  • ISBN-10: 1138558192
  • ISBN-13: 9781138558199
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9781138558199.html
Keywords:

This book presents a standard methodology approach to cyber-resilience. Readers will learn how to design a cyber-resilient architecture for a given organization as well as how to maintain a state of cyber-resilience in its day-to-day operation. Readers will know how to establish a state of systematic cyber-resilience within this structure and how to evolve the protection to correctly address the threat environment. This revolves around the steps to perform strategic cyber-resilience planning, implementation and evolution. Readers will know how to perform the necessary activities to identify, prioritize and deploy targeted controls and maintain a persistent and reliable reporting system.

Foreword xi
Preface xiii
Authors xxi
1 It's Time for a New Paradigm 1(42)
Introduction to the Book
1(1)
Why Cyber Resilience Is Critically Important
2(2)
Infrastructure Is the Target
4(1)
A New Paradigm for Ensuring Our Way of Life
4(1)
Operationalizing Cyber Resilience: Saltzer and Schroeder's Principles
5(4)
Tactics One and Two: Economy of Mechanism and Work Factor
7(1)
Tactic Three: Least Common Mechanism
7(1)
Tactic Four: Compromise Recording and Strategic Recovery Planning
8(1)
Cyber Resilience versus Cybersecurity
9(1)
Changing the Culture of Information Protection
10(1)
Ensuring Optimum Use of Resources
11(3)
Designing for Cyber Resilience
14(1)
The Specific Example of SCADA
15(1)
Creating a Cyber-Resilient Architecture
15(3)
Presidential Policy Directive-21: The Government Weighs In
18(2)
The Seven Steps to Cyber Resilience
20(10)
Identification and Classification
20(3)
Threat Identification and Risk Assessment
23(1)
Threat Understanding and Prioritization
24(2)
Design/Deploy
26(2)
Recover
28(2)
Evolve
30(1)
The Important Role of Strategic Planning
30(2)
Creating Practical Cyber-Resilient Controls
32(3)
Chapter Summary
35(4)
Keywords
39(1)
References
40(3)
2 Asset Identification and Classification 43(34)
Laying the Groundwork
43(1)
Putting Asset Management into Cyber Resilience Context
44(2)
Asset Management Planning
46(1)
Obtain Support for Asset Planning
47(1)
Service Identification
48(2)
Service Prioritization
50(1)
Establish a Definition of Assets
51(4)
People
52(1)
Technology
53(1)
Software
53(1)
Facilities
54(1)
Information
54(1)
Identify the Assets
55(1)
Assign Responsibility for Identifying Assets that Support Critical Services
55(2)
Identify People Assets
57(1)
Identify and Classify Information Assets
58(3)
Information Asset Identification
58(2)
Information Asset Classification
60(1)
Identify Technology Assets
61(3)
Identify Software Assets
62(2)
Standardizing Software Asset Management
64(1)
Identify Facility Assets
65(1)
Document the Assets
65(1)
Create an Asset Inventory
66(1)
Document the Relationships between Assets and Critical Services
67(1)
Analyze Dependencies between Assets Supporting Multiple Services
68(1)
Update the Asset Inventory
68(1)
Manage the Assets
69(2)
Identify Change Criteria
71(1)
Establish a Change Schedule
72(1)
Manage Changes to Assets and Inventories
72(1)
Improve the Process
73(1)
Chapter Summary
74(1)
Keywords
75(1)
References
75(2)
3 Establishing the Risk Status of the Corporate Infrastructure 77(40)
Introduction
77(1)
Security Requirements
78(1)
Approaches to Threat Modeling
79(3)
Critical Asset Approach
79(1)
Software Application Approach
80(1)
Attacker Approach
81(1)
Types of Threat Actors
82(1)
Intel Threat Agent Library
83(1)
Diagrams Using the Unified Modeling Language
83(6)
Threat Modeling Methodologies
89(10)
STRIDE
89(2)
DREAD
91(1)
OWASP's Top Ten Project
92(2)
Attack Trees
94(2)
Attack Libraries
96(2)
Components of a Sample Threat Model
98(1)
Section 1: Threat Model Project Information
99(14)
Section 2: External Dependencies
99(1)
Section 3: Entry Points
100(1)
Section 4: Target Assets
101(2)
Section 5: Trust Levels
103(1)
Section 6: Data Flow Diagrams
103(1)
Section 7: Threat Categorization
104(1)
Section 8: Security Controls
104(4)
Section 9: Threat Analysis
108(1)
Section 10: Use/Misuse Cases
109(1)
Section 11: Risk Ranking of Threats Using DREAD
110(1)
Section 12: Countermeasure Currently in Place
111(1)
Section 13: Document Risk Mitigation Strategies
111(2)
Chapter Summary
113(2)
References
115(2)
4 Prioritization of Assets and Establishing a Plan for Resilient Change 117(34)
Setting Prioritization into Context
117(2)
Resilience Requirements Elicitation and Definition
119(4)
Identify Organizational Resilience Requirements
123(3)
Identify Service Resilience Requirements
126(2)
Establish Asset Resilience Requirement Priorities
128(1)
Prioritizing People Assets
128(2)
Prioritizing Information Assets
130(3)
Prioritize Technology and Software Assets
133(2)
Prioritize Facility Assets
135(1)
Analyze and Validate Resilience Requirements
136(1)
Establish Resiliency through Change Management
137(1)
What Is Configuration Sustainment?
138(1)
Who Participates in Configuration Sustainment?
139(1)
What Are the Roles within Configuration Sustainment?
139(1)
Control of Configuration Change
140(1)
Implement Access Restrictions for Change
141(1)
Implement the Configuration Change Control Process
142(2)
Record and Archive
144(1)
Resilience Configuration Management Monitoring
145(1)
Assessment and Reporting
146(3)
Chapter Summary
149(1)
Keywords
150(1)
Reference
150(1)
5 Control Design and Deployment 151(36)
Designing and Deploying an Effective Control Architecture
151(2)
Setting the Protection Boundaries
153(3)
Conceptualizing the Cyber Resilience Control Architecture
156(1)
Setting Up the Architectural Plan
157(1)
Formulating the Protected Item List
158(1)
Creating a Control Architecture from Best Practice Models
159(1)
Making Asset Valuation Real
160(1)
The Cyber Resilience Architectural Design Process
161(1)
Designing Substantive Control Measures
162(5)
The Cyber Resilience Detailed Design Process
167(1)
Designing the Individual Controls
167(1)
Operational Testing
168(1)
Finalization of the Control Architecture
169(1)
A Footnote: Handling Exceptions
170(1)
Communicating Organizational and Technical Direction
171(1)
Implementing and Sustaining the Solution
172(3)
Sustaining the Assurance Infrastructure
175(1)
Operational Sustainment
176(2)
Sustaining the Control Architecture over Time
178(2)
Translating Monitoring Information into Action
180(1)
Chapter Summary
181(4)
Keywords
185(2)
6 Control Assessment and Assurance 187(36)
The Need for Reliable Assurance
187(2)
Evaluating Control Behavior
189(1)
Operational Assurance of the Control Architecture
190(2)
Establishing a Regular Organizational Testing Process
192(2)
The Control Testing Process
194(1)
Control Testing Documentation
194(1)
Test Design
195(1)
Test Execution
196(2)
Test Design
198(1)
Ensuring the Reliability of the Control Architecture
198(1)
Using Fault Trees to Enhance Understandability
199(1)
Reliability Metrics
200(1)
Making Controls Reliable
201(2)
The Control Architectural Review and Audit Processes
203(1)
Management Reviews
204(2)
Technical Reviews
206(2)
Review Types: Inspections
208(1)
Inspection Procedures: When to Conduct an Inspection
209(1)
Inspection Procedures: Follow-Up
210(1)
Walk-Throughs
211(2)
Audits
213(1)
Initiation
214(1)
Chapter Summary
215(6)
Keywords
221(2)
7 Recovering the Non-Priority Assets 223(34)
You Have to Make Choices
223(1)
Planning for Disaster
224(2)
Noncritical Asset Recovery Management
226(1)
The Role of Policy and Best Practice in the Process
227(1)
The Role of Perimeter Control
227(1)
The Role of People in the Process
228(1)
Developing and Implementing a Noncritical Asset Recovery Strategy
229(1)
Developing and Maintaining an Effective Response
230(1)
The Preparedness Plan
231(1)
Risk Assessment and Preparedness Planning
232(1)
Developing an Effective Preparedness Plan
232(1)
Step One: Assumptions
233(1)
Step Two: Priorities and Strategy
233(1)
The Recovery Process
234(1)
Documenting a Recovery Plan
235(1)
Elements of the Asset Recovery Plan
236(1)
Identification and Prioritization of Protected Functions
237(2)
Executing the Asset Recovery Process
239(1)
Two Essential Factors
239(2)
Elements of the Backup/Restoration Solution
241(2)
Making the Noncritical Asset Recovery Process Real
243(1)
Specification of Recovery Actions
243(1)
Identification and Documentation of the Solution
243(1)
Ensuring that Everybody Knows What to Do
244(1)
Operational Considerations: Trading Off the Two Factors
245(1)
Evaluating the Noncritical Asset Recovery Process
246(1)
Factors that Affect the Noncritical Asset Assurance Operation
247(1)
Impact Assessment
247(1)
Risk Evaluation
248(1)
Robustness
248(1)
Ensuring the Continuing Effectiveness of the Response
249(2)
Chapter Summary
251(4)
Keywords
255(2)
8 Ensuring a Continuously Cyber-Resilient Organization 257(32)
It All Starts with Infrastructure
257(1)
Embedding the Cyber Resilience Process in Day-to-Day Business
258(2)
Security Architecture
260(1)
Scope
261(1)
Standard Risk Assessment
261(3)
Building the Practical Infrastructure
264(4)
The Detailed Cyber Resilience Control System
268(1)
Constructing the Process Model for a Particular Application
269(2)
Making Data-Based Decisions about Performance
271(2)
Implementation Planning
273(1)
Control Integration
274(1)
Assigning Investment Priorities
274(2)
Rolling Out the Solution to the Stakeholders
276(2)
Operational Measurement
278(1)
Maintaining the Cyber Resilience Control System over Time
279(3)
Chapter Summary
282(3)
Keywords
285(4)
Index 289
Daniel P Shoemaker, PhD, is principal investigator and senior research scientist at the University of Detroit Mercys Center for Cyber Security and Intelligence Studies. Dan has served 30 years as a professor at UDM with 25 of those years as department chair. He served as a co-chair for both the Workforce Training and Education and the Software and Supply Chain Assurance Initiatives for the Department of Homeland Security, and was a subject matter expert for the NICE Workforce Framework 2.0. Dan has coauthored six books in the field of cybersecurity and has authored over one hundred journal publications. Dan earned his PhD from the University of Michigan.

Anne Kohnke, PhD, is an assistant professor of IT at Lawrence Technological University and teaches courses in both the information technology and organization development/change management disciplines at the bachelor through doctorate levels. Annes research focus is in the areas of cybersecurity, risk management, threat modeling, and IT governance. After a 25-year career in IT, Anne transitioned from a Vice President of IT and Chief Information Security Officer (CISO) position into full-time academia in 2011. She earned her PhD from Benedictine University.

Ken Sigler is a faculty member of the Computer Information Systems (CIS) program at the Auburn Hills campus of Oakland Community College in Michigan. His primary research is in the areas of software management, software assurance, and cloud computing. He developed the colleges CIS program option entitled "Information Technologies for Homeland Security." Until 2007, Ken served as the liaison for the college to the International Cybersecurity Education Coalition (ICSEC), of which he is one of three founding members. Ken is a member of IEEE, the Distributed Management Task Force (DMTF), and the Association for Information Systems (AIS).