Buch, Englisch, 304 Seiten, Format (B × H): 156 mm x 234 mm
Design, Implement and Audit to Protect Your Organization
Buch, Englisch, 304 Seiten, Format (B × H): 156 mm x 234 mm
ISBN: 978-1-3986-2936-3
Verlag: Kogan Page
Build and audit cybersecurity controls to better protect your organization from damaging cyber attacks.
Cybersecurity Controls is a strategic guide for mid-career IT, cybersecurity and audit professionals who must protect critical systems, reduce enterprise risk and deliver resilience in the face of escalating cyber threats. Written by Toby DeRoche, it shows how to establish the rules, procedures and policies that will protect an organizations. It covers both how to build cybersecurity controls, but also how to validate controls.
You'll learn how to:
- Build cybersecurity controls
- Translate risk assessments and business impact analysis into actionable safeguards
- Integrate administrative, physical and technical controls for enterprise-wide protection
- Develop a robust control testing strategy that improves assurance
- Strengthen collaboration between IT, cybersecurity and audit to validate resilience
With guidance on strategy, preparation for audits and emerging industry trends and extensive real-world examples, this book equips leaders to make informed decisions, improve control maturity and deliver durable security outcomes.
Themes include: cybersecurity governance, IT controls, risk assessment, resilience strategy
Autoren/Hrsg.
Fachgebiete
- Mathematik | Informatik EDV | Informatik Computerkommunikation & -vernetzung Netzwerksicherheit
- Wirtschaftswissenschaften Wirtschaftssektoren & Branchen Medien-, Informations und Kommunikationswirtschaft Informationstechnik, IT-Industrie
- Mathematik | Informatik EDV | Informatik Programmierung | Softwareentwicklung Software Engineering Softwaretests & Prüfsoftware
- Interdisziplinäres Wissenschaften Wissenschaften: Forschung und Information Risikobewertung, Risikotheorie
- Wirtschaftswissenschaften Betriebswirtschaft Unternehmensfinanzen Controlling, Wirtschaftsprüfung, Revision
- Wirtschaftswissenschaften Finanzsektor & Finanzdienstleistungen Versicherungswirtschaft
Weitere Infos & Material
Section - ONE: Breaking the compliance myths - cybersecurity controls mean survival, not compliance; Chapter - 01: Understanding controls without drowning in jargon; Chapter - 02: Building an action-oriented cybersecurity strategy; Chapter - 03: Preparing for successful internal and external audits; Section - TWO: Designing cybersecurity risk assessments - understanding principles of risk management; Chapter - 04: Translating business impact analysis into real decisions; Chapter - 05: Conducting risk assessment to prioritize actions plans; Chapter - 06: Managing third-party risk and vulnerabilities; Section - THREE: Strengthening administrative controls - building a cyber aware culture; Chapter - 07: Writing effective policies and procedures to guide the organization; Chapter - 08: Conducting training to raise awareness one lesson at a time; Chapter - 09: Monitoring third-party relationships to protect both sides; Section - FOUR: Locking down physical controls - offices, data centers and beyond; Chapter - 10: Securing spaces for internal vs external facilities; Chapter - 11: Safeguarding and monitoring physical assess; Chapter - 12: Protecting systems from environmental and power threats; Section - FIVE: Powering up your technical controls - guarding the digital world; Chapter - 13: Managing internal vs external network threats; Chapter - 14: Controlling who gets your data with access management; Chapter - 15: Embedding security in change management and software development life cycle; Section - SIX: Proving what works: Testing controls effectiveness; Chapter - 16: Building a smart control testing strategy; Chapter - 17: Partnering effectively with third-party auditors; Chapter - 18: Measuring and managing overall cyber governance; Section - SEVEN: Building the cyber alliance - one team, one mission; Chapter - 19: Aligning business and security objectives; Chapter - 20: Defining internal audit's role in cyber defense; Chapter - 21: Bridging execution and testing with the CISO and CAE; Chapter - 22: Communicating cybersecurity risk to the board; Chapter - 23: Sustaining cybersecurity success for the long term
