You're reading from Resilient Cybersecurity Reconstruct your defense strategy in an evolving cyber world

Product type Paperback

Published in Sep 2024

Publisher Packt

ISBN-13 9781835462515

Length 752 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Mark Dunkerley

View More author details

Table of Contents (19) Chapters

Preface

1. Current State FREE CHAPTER

2. Setting the Foundations

3. Building Your Roadmap

4. Solidifying Your Strategy

5. Cybersecurity Architecture

6. Identity and Access Management

7. Cybersecurity Operations

8. Vulnerability Management

9. User Awareness, Training, and Testing

10. Vendor Risk Management

11. Proactive Services

12. Operational Technology and the Internet of Things

13. Governance Oversight

14. Managing Risk

15. Regulatory and Compliance

16. Some Final Thoughts

17. Other Books You May Enjoy

18. Index

What this book covers

Chapter 1, Current State, begins the book with insights into the current digital world we live in today. It then goes into detail about the current threat landscape, covering different types of attacks, threat actors, and emerging threats. There is also a focus on the use of statistics for your cybersecurity program and the importance of them. Next, we will take a look at some of the skillset challenges we are currently observing within cybersecurity before finishing the chapter with a look into the need to prioritize well-being, a very important topic.

Chapter 2, Setting the Foundations, focuses on the building blocks for your cybersecurity program. As a cybersecurity leader, it will be critical that you understand the business you are working in and are familiar with how to navigate the business. Next, we review finances and where you can expect costs to be incurred within the program. This transitions into the structure overview for the cybersecurity program with an emphasis on the core functions that should be included.

Next, we cover the need to document the cybersecurity organization structure and roles and responsibilities before finishing off the chapter with a review of change management and communication and their importance.

Chapter 3, Building Your Roadmap, provides an in-depth review of the need to build a roadmap for the cybersecurity organization. This includes the need for good program and project management to provide structure around the program. To build efficient roadmaps, you are going to need to better understand the current state of your organization. Once you understand the current state, you can build roadmaps for the immediate short-term (2-4 months), short-term (9-12 months), and long-term (1-3+ years).

Chapter 4, Solidifying Your Strategy, takes us into more details around the importance of a strategy for your cybersecurity program. Within the chapter, a focus on four key strategic areas is covered. The first is around the architecture strategy for your organization, covering multiple different areas, such as modernization, the need to use cloud-based technologies, zero-trust architecture, and more. The next strategy covered the need for a cybersecurity framework and the importance of needing to implement one. We then look at the need to have a strategy around your vendors and product portfolio with an emphasis on reducing this portfolio as much as possible. Finally, we review resource management and the need for a strategy around in-house vs. outsourced resources.

Chapter 5, Cybersecurity Architecture, covers everything architecture for your cybersecurity program. This begins with an overview of the architecture and the importance of embedding the cybersecurity program as part of the broader architecture process. Following this is an in-depth review of the architecture review process and what should be considered within the process from a cybersecurity perspective. Next, we touch upon the foundation of cybersecurity architecture before going into detail on zero-trust architecture, what is involved, and the importance of it. We then finish off the chapter with a detailed review of the technical architecture components, such as network, infrastructure, data, etc.

Chapter 6, Identity and Access Management, focuses on an in-depth review of everything identity and access management. First is an overview of identity and access management with more details about identity, authentication, authorization, and accountability. We then shift our focus to the need to modernize your identity architecture before diving deeper into account and access management, which includes stepping through the identity lifecycle process. We then look at what you need to consider with securing your identities before finishing the chapter with a look into enhanced identity security and protection methods.

Chapter 7, Cybersecurity Operations, takes us through everything involved with cybersecurity operations for your cybersecurity program. To begin the chapter, an overview of cybersecurity operations is provided with the different components involved within this program. Next is a detailed review of the Security Operations Center (SOC) with insight into the different operating models. We then go into detail about threat detection and what needs to be considered for this component before reviewing incident management and response, which is not to be overlooked. We then finish off the chapter with a look into the importance of Business Continuity Planning (BCP), Disaster Recovery Planning (DRP), and the Cybersecurity Incident Response Plan (CIRP).

Chapter 8, Vulnerability Management, provides a lot of important information on what needs to be considered as part of your vulnerability program. First, we look at why there is a need for a dedicated vulnerability program and the building blocks required for this program. In the section that follows, there is an emphasis on vulnerability discovery and alerting and what should be considered for this component. Next focuses on the importance of tracking your vulnerabilities and the need to ensure remediation is taking place on time. This leads to update management and email protection considerations as part of your vulnerability management activities. The chapter finishes off with a look into other vulnerability management considerations such as hardware, virtualization, network, and more.

Chapter 9, User Awareness, Training, and Testing, covers everything related to the human element. We begin the chapter with an overview of why this component is so important for the organization. Next, we go into detail on building the foundations for your user awareness, training, and testing program with an emphasis on security culture and maturity. This transitions into user awareness and everything that should be considered with awareness for your users. We then go into detail on what is involved with both user training and testing to ensure a comprehensive approach with your users. We finish the chapter with a look into some other areas that should be considered for your user awareness, training, and testing program, such as gamification, bringing in external speakers, cybersecurity town halls, and more.

Chapter 10, Vendor Risk Management, focuses on everything you need to consider for managing cybersecurity risk with your vendors. We begin with a review of vendor risk management and the different types of risk involved with your vendors, in addition to looking at the current landscape and some statistics. Next, we focus on building your cybersecurity vendor risk management foundation and what should be considered for your program. We then review the need to ensure cybersecurity vendor risk management is integrated across the broader business before covering contract management in more detail, which is an important part of the cybersecurity leadership role.

We finish the chapter with insight into managing your vendors in addition to ongoing and continuous monitoring of your vendors.

Chapter 11, Proactive Services, provides insights into everything you should be considering from a proactive perspective to help reduce risk as much as possible. We begin the chapter with an overview of why we need to implement a proactive services program and the importance of executing these types of services. Next, we take a deeper look into cybersecurity testing and the different types of services that should be considered for your program. This transitions into incident response planning, something that should be in place for every organization. We then move on to reviewing tabletop exercises by providing a detailed overview of what they are and how to execute them. To finish the chapter, we cover other proactive services that can be executed with your proactive services program.

Chapter 12, Operational Technology (OT) and the Internet of Things (IoT), begins with an insight into what exactly OT and IoT are, including what Industrial Control Systems (ICS) are and how it fits within OT. We then review why securing both OT and IoT has become so important and the criticality of this technology. We then look at the need for building a dedicated program and what is involved in your OT and IoT programs. Next, we take a deeper look into protecting these environments and what you should consider as part of protecting these environments. We finish off the chapter with a focus on responding to OT and IoT incidents as it will differ from your standard incident response plan. This includes the need to execute tabletop exercises with a theme built around OT and IoT technology.

Chapter 13, Governance Oversight, leads us into the concluding section of the book with an emphasis on Governance, Risk, and Compliance (GRC). In this chapter, we look at the importance of governance for the cybersecurity program. This transitions into the program structure for your GRC program including roles and responsibilities for this program. We then shift our focus over to the need for a GRC application for your organization and what should be included with the GRC application. Next, we go into detail with policies, standards, and processes/procedures for your organization as it relates to cybersecurity. This shifts into ensuring the cybersecurity program is made visible to your leadership team through various communication channels with the need for good and clear reporting. We finish off the chapter with a look into other governance considerations for your governance program.

Chapter 14, Managing Risk, focuses on the importance of risk and everything we need to consider with risk within the cybersecurity program. We begin the chapter with an overview of why risk is so important and how everything we manage within cybersecurity translates back to risk.

This transitions into understanding the different risk types by looking into more detail about how to calculate risk and the different mitigation options for risk. We then transition into a review of risk frameworks and the different frameworks for you to consider for risk management. Next, we look at the importance of tracking risk and the need for a risk register. To finish the chapter, we take a deeper look into the insurance landscape and what is involved with managing cybersecurity insurance.

Chapter 15, Regulatory and Compliance, gives us deeper insight into the evolving complex world of regulatory and compliance within cybersecurity. First, we look into the current landscape of regulatory and compliance and how complicated it can be to navigate, especially at a global level. We then cover the importance of building positive relationships with your legal team and the importance of legal expertise within cybersecurity. This transitions into the importance of data protection for your cybersecurity program before going into detail on the need for frameworks and audits for your cybersecurity program. To finish off the chapter, we look into other regulatory and compliance considerations like privacy, data retention, legal hold capabilities, and more.

Chapter 16, Some Final Thoughts, brings us to the concluding chapter of the book where we take a closer look at bringing everything together and how the overall program has come together. This transitions into discussing the importance of managing your cybersecurity program as a journey as there will be no destination with this program, it continues to evolve. Next, we look at the top ten considerations you should consider for your cybersecurity program including what I consider the current three top priorities for a cybersecurity program at this time. This takes us into the final section of the chapter where we review observations of what the future may hold with cybersecurity.