The Cybersecurity Control Playbook - Jason Edwards

. .

Résumé :

Implement effective cybersecurity measures for all organizations

Cybersecurity is one of the central concerns of our digital age. In an increasingly connected world, protecting sensitive data, maintaining system integrity, and ensuring privacy have never been more important. The Cybersecurity Control Playbook offers a step-by-step guide for implementing cybersecurity controls that will protect businesses and prepare them to compete in an overwhelmingly networked landscape. With balanced coverage of both foundational and advanced topics, and concrete examples throughout, this is a must-own resource for professionals looking to keep their businesses safe and secure.

Readers will also find:

• Clear, jargon-free language that makes it accessible to a wide range of readers
• An introduction to developing, deploying, monitoring, testing, and retiring controls and control frameworks across large, medium, and small enterprises
• A system for identifying, prioritizing, and managing cyber risks based on the MITRE ATT&CK framework, with additional coverage of other key cybersecurity frameworks

The Cybersecurity Control Playbook is ideal for cybersecurity practitioners, IT professionals, and security managers who are responsible for implementing and managing cybersecurity strategies in their organizations....

Biographie:

Jason Edwards, DM, CISSP, is an accomplished cybersecurity leader with extensive experience in the technology, finance, insurance, and energy sectors. Holding a Doctorate in Management, Information Systems, and Technology, Jason specializes in guiding large public and private companies through complex cybersecurity challenges. His career includes leadership roles across the military, insurance, finance, energy, and technology industries. He is a husband, father, former military cyber officer, adjunct professor, avid reader, dog dad, and popular on LinkedIn....

Sommaire:

Preface xxv

Acknowledgments xxvii

1 Understanding Cybersecurity Controls 1

2 The Risk-Based Approach 17

3 Small Business Implementation 35

4 Medium-Sized Enterprises 55

5 Large Enterprises 73

6 Introduction to MITRE ATT&CK & DEFEND 97

7 Mapping Threats to Controls Using MITRE ATT&CK 117

8 Enhancing Defenses with MITRE DEFEND 141

9 Cybersecurity Frameworks Overview 169

10 Nist 800-53 191

11 Center for Internet Security (CIS) 18 Controls 221

12 Agile Implementation of Controls and Control Frameworks 253

13 Adaptive Control Testing & Continuous Improvement 267

14 Testing Controls in Small and Medium Enterprises 297

15 Control Testing in Larger and Complex Enterprises 317

16 Control Failures: Identification, Management, and Reporting 365

17 Control Testing for Regulated Companies 389

18 Emerging Threats and Technologies 409

Appendix A Glossary of Terms 427

Appendix B Creating and Using a Cybersecurity Risk Register 431

Appendix C Creating and Using a Cybersecurity Risk Taxonomy 437

Appendix D SME Security Team Structures 441

Appendix E Developing Process Maps 445

Appendix F Establishing a Regulatory Change Management Program 449

Appendix G Recommended Metrics for MITRE ATT&CK Techniques 453

Answers 467

Index 503