Skip to main content
main-content

Über dieses Buch

Use the methodology in this study guide to design, manage, and operate a balanced enterprise cybersecurity program that is pragmatic and realistic in the face of resource constraints and other real-world limitations. This guide is an instructional companion to the book Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats. The study guide will help you understand the book’s ideas and put them to work. The guide can be used for self-study or in the classroom.

Enterprise cybersecurity is about implementing a cyberdefense program that will succeed in defending against real-world attacks. While we often know what should be done, the resources to do it often are not sufficient. The reality is that the Cybersecurity Conundrum—what the defenders request, what the frameworks specify, and what the budget allows versus what the attackers exploit—gets in the way of what needs to be done. Cyberattacks in the headlines affecting millions of people show that this conundrum fails more often than we would prefer.

Cybersecurity professionals want to implement more than what control frameworks specify, and more than what the budget allows. Ironically, another challenge is that even when defenders get everything that they want, clever attackers are extremely effective at finding and exploiting the gaps in those defenses, regardless of their comprehensiveness. Therefore, the cybersecurity challenge is to spend the available budget on the right protections, so that real-world attacks can be thwarted without breaking the bank.

People involved in or interested in successful enterprise cybersecurity can use this study guide to gain insight into a comprehensive framework for coordinating an entire enterprise cyberdefense program.

What You’ll Learn

Know the methodology of targeted attacks and why they succeed Master the cybersecurity risk management process Understand why cybersecurity capabilities are the foundation of effective cyberdefenses Organize a cybersecurity program's policy, people, budget, technology, and assessment Assess and score a cybersecurity program Report cybersecurity program status against compliance and regulatory frameworks Use the operational processes and supporting information systems of a successful cybersecurity program Create a data-driven and objectively managed cybersecurity program Discover how cybersecurity is evolving and will continue to evolve over the next decade

Who This Book Is For

Those involved in or interested in successful enterprise cybersecurity (e.g., business professionals, IT professionals, cybersecurity professionals, and students). This guide can be used in a self-study mode. The book can be used by students to facilitate note-taking in the classroom and by Instructors to develop classroom presentations based on the contents of the original book, Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats.

Inhaltsverzeichnis

Frontmatter

Part I: The Cybersecurity Challenge

Frontmatter

Chapter 1. Defining the Cybersecurity Challenge

Abstract
The Enterprise Cybersecurity Framework is pragmatic, realistic, and designed for battling today’s cyberthreats as well as tomorrow’s next-generation cyberthreats.
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Chapter 2. Meeting the Cybersecurity Challenge

Abstract
The graphic depicts a combination of factors required to protect an enterprise.
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Part II: A New Enterprise Cybersecurity Architecture

Frontmatter

Chapter 3. Enterprise Cybersecurity Architecture

Abstract
This chapter describes an architecture consisting of enterprise functional areas used to organize and manage enterprise cybersecurity.
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Chapter 4. Implementing Enterprise Cybersecurity

Abstract
The graphic delineates the necessary elements needed for an effective enterprise cybersecurity program.
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Chapter 5. Operating Enterprise Cybersecurity

Abstract
This chapter examines the enterprise cybersecurity operational processes.
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Chapter 6. Enterprise Cybersecurity and the Cloud

Abstract
This chapter examines how the cloud is transforming the way businesses everywhere approach building IT solutions.
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Chapter 7. Enterprise Cybersecurity for Mobile and BYOD

Abstract
The graphic depicts various mobile devices and Bring Your Own Devices (BYODs).
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Part III: The Art of Cyberdefense

Frontmatter

Chapter 8. Building an Effective Defense

Abstract
A good cybersecurity architecture alone is not going to stop cyberattackers who are targeting an enterprise and attempting to defeat its cyberdefenses.
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Chapter 9. Responding to Incidents

Abstract
Some cyberattackers penetrate cyberdefenses no matter how well the defenses are designed, implemented, and maintained.
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Chapter 10. Managing a Cybersecurity Crisis

Abstract
audi Aramco in 2012: Shamoon virus infected ∼ 30,000 of its Windows-based machines.
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Part IV: Enterprise Cyberdefense Assessment

Frontmatter

Chapter 11. Assessing Enterprise Cybersecurity

Abstract
This chapter discusses several things related to auditing and assessing an enterprise’s cybersecurity program.
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Chapter 12. Measuring a Cybersecurity Program

Abstract
People often measure things because somebody—some edict or some policy— stipulates that things should be measured.
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Chapter 13. Mapping Against Cybersecurity Frameworks

Abstract
Enterprises need to report on the status of their cybersecurity programs against external frameworks to satisfy their own auditors or other internal business purposes.
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Part V: Enterprise Cybersecurity Program

Frontmatter

Chapter 14. Managing an Enterprise Cybersecurity Program

Abstract
The cybersecurity program utilizes the following management tools
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Chapter 15. Looking to the Future

Abstract
Functional areas enable easy delegation and reporting of status at an abstraction layer suitable for executive consumption.
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Part VI: Appendices

Frontmatter

Appendix A. Sample Cybersecurity Policy

Abstract
Security policies identify the assets to be protected and the protection afforded those assets.
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Appendix B. Cybersecurity Operational Processes

Abstract
To maintain an effective cybersecurity posture, the Chief Information Security Officer (CISO) should maintain a number of cybersecurity operational processes
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Appendix C. Object Measurement

Abstract
An enterprise wants to protect itself from cybersecurity attacks that are constantly morphing.
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Appendix D. Cybersecurity Sample Assessment

Abstract
The purpose of this appendix is to bring together a previously introduced hierarchy of cybersecurity concepts into three worked-out numerical examples and address the following questions.
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Appendix E. Cybersecurity Capability Value Scales

Abstract
This appendix provides example Object Measurement (OM) observed data value scale definitions.
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam

Backmatter

Weitere Informationen

Premium Partner

    Bildnachweise