- ホーム
- > 洋書
- > 英文書
- > Science / Mathematics
Full Description
Implement effective cybersecurity measures for all organizations
Cybersecurity is one of the central concerns of our digital age. In an increasingly connected world, protecting sensitive data, maintaining system integrity, and ensuring privacy have never been more important. The Cybersecurity Control Playbook offers a step-by-step guide for implementing cybersecurity controls that will protect businesses and prepare them to compete in an overwhelmingly networked landscape. With balanced coverage of both foundational and advanced topics, and concrete examples throughout, this is a must-own resource for professionals looking to keep their businesses safe and secure.
Readers will also find:
Clear, jargon-free language that makes it accessible to a wide range of readers
An introduction to developing, deploying, monitoring, testing, and retiring controls and control frameworks across large, medium, and small enterprises
A system for identifying, prioritizing, and managing cyber risks based on the MITRE ATT&CK framework, with additional coverage of other key cybersecurity frameworks
The Cybersecurity Control Playbook is ideal for cybersecurity practitioners, IT professionals, and security managers who are responsible for implementing and managing cybersecurity strategies in their organizations.
Contents
Preface xxv
Acknowledgments xxvii
1 Understanding Cybersecurity Controls 1
2 The Risk-Based Approach 17
3 Small Business Implementation 35
4 Medium-Sized Enterprises 55
5 Large Enterprises 73
6 Introduction to MITRE ATT&CK & DEFEND 97
7 Mapping Threats to Controls Using MITRE ATT&CK 117
8 Enhancing Defenses with MITRE DEFEND 141
9 Cybersecurity Frameworks Overview 169
10 Nist 800-53 191
11 Center for Internet Security (CIS) 18 Controls 221
12 Agile Implementation of Controls and Control Frameworks 253
13 Adaptive Control Testing & Continuous Improvement 267
14 Testing Controls in Small and Medium Enterprises 297
15 Control Testing in Larger and Complex Enterprises 317
16 Control Failures: Identification, Management, and Reporting 365
17 Control Testing for Regulated Companies 389
18 Emerging Threats and Technologies 409
Appendix A Glossary of Terms 427
Appendix B Creating and Using a Cybersecurity Risk Register 431
Appendix C Creating and Using a Cybersecurity Risk Taxonomy 437
Appendix D SME Security Team Structures 441
Appendix E Developing Process Maps 445
Appendix F Establishing a Regulatory Change Management Program 449
Appendix G Recommended Metrics for MITRE ATT&CK Techniques 453
Answers 467
Index 503
