IT Security Controls
A Guide to Corporate Standards and Frameworks
(Sprache: Englisch)
Intermediate-Advanced user level
Voraussichtlich lieferbar in 3 Tag(en)
versandkostenfrei
Buch (Kartoniert)
Fr. 77.00
inkl. MwSt.
- Kreditkarte, Paypal, Rechnungskauf
- 30 Tage Widerrufsrecht
Produktdetails
Produktinformationen zu „IT Security Controls “
Intermediate-Advanced user level
Klappentext zu „IT Security Controls “
Use this reference for IT security practitioners to get an overview of the major standards and frameworks, and a proposed architecture to meet them. The book identifies and describes the necessary controls and processes that must be implemented in order to secure your organization's infrastructure.The book proposes a comprehensive approach to the implementation of IT security controls with an easily understandable graphic implementation proposal to comply with the most relevant market standards (ISO 27001, NIST, PCI-DSS, and COBIT) and a significant number of regulatory frameworks from central banks across the World (European Union, Switzerland, UK, Singapore, Hong Kong, India, Qatar, Kuwait, Saudi Arabia, Oman, etc.).
To connect the book with the real world, a number of well-known case studies are featured to explain what went wrong with the biggest hacks of the decade, and which controls should have been in place to prevent them. The book also describes a set of well-known security tools available to support you.
What You Will Learn
- Understand corporate IT security controls, including governance, policies, procedures, and security awareness
- Know cybersecurity and risk assessment techniques such as penetration testing, red teaming, compliance scans, firewall assurance, and vulnerability scans
- Understand technical IT security controls for unmanaged and managed devices, and perimeter controls
- Implement security testing tools such as steganography, vulnerability scanners, session hijacking, intrusion detection, and more
Who This Book Is ForIT security managers, chief information security officers, information security practitioners, and IT auditors will use the book as a reference and support guide to conduct gap analyses and audits of their organizations' IT security controls implementations.
Inhaltsverzeichnis zu „IT Security Controls “
About the authorsIntroduction
Chapter 1. Standards and frameworks
ISO 27001
ISO 27002
ISO 27018 n17
NIST sp 800-53
NIST sp 800-160
PCI DSS
Cloud standards
ISO 17789
NIST sp 500-292
Cobit for it security
CIS controls
Chapter 2. Corporate security controls
Information security processes and services
Security governanceGovernance of information security (ISO 27014:2013)
Security metrics
Policies and procedures
Cyber security and risk assessmentPenetration testing
Red teaming
Owasp code review
Compliance scans
Vulnerability scans
Firewall assurance
Risk assessments
Security awareness
Security awareness trainingSimulated attacks
Security operations center
Incident response and recovery
Threat hunting
Ediscovery/forensics
Threat intelligence
Cyber crisis management plan
Security engineering
Asset managementConfiguration management and security baselines
Security architecture and design
It security technical controls
Off premises unmanaged devicesSecure connections
Clean pipes
DDOS protection
Ipsec / tls encryption
EMM - enterprise mobility management (mdm, mam, mcm)
NAC - network access control
Multi factor authentication
Managed devices
Active directory integrationSCCM - system center configuration manager
TPM - trusted platform module
VPN client
NAC - network access control (agent)
Data classification
UAM - user activity monitoring
... mehr
Phishing reporting tool
Endpoint protection
Host ips / edr
Desktop firewall
Antivirus
Antispyware
Full disk encryption
App-control / white-listing
Perimeter controls
Firewall
IDS / IPS
Proxy and content filteringDLP - data leakage/loss protection
Honeypot
WAF - web application firewall
Ssl / vpn
Dns
Message security
Adfs
Sandbox
File integrity
Encrypted email
On premises controls
Mandatory requirements
Vlan segmentation
CriticalityNature
Type
Security baselines
Redundancy
Load balancing
Production traffic encryption
Multilayer implementation
Tls decryption
Static routingDisaster recovery
Time synchronization
Redundancy
Physical network segmentation
Distinct heartbeat interfaces
Centralized management
Default gateways
Sinkhole
Public key infrastructureSecurity monitoring and enforcement
Privileged access management
Log concentrator
Identity and access management
Vulnerability management and penetration testing
Security information and event management
Database activity monitoring
Risk register
Single sign-on
Chapter 3. It security technical control matrix
Chapter 4. It security processes maturity level matrix
Chapter 5. More about cloud
ISO 17789 and NIST sp500-292 developedIaaS
SaaS & secaas
Chapter 6. Security testing tools
Web applications attacks
Passive online password hacking
Steganography
Windows log tools
Vulnerability scanner
SQL injectionWireless attacks
Session hijacking
Bluetooth attacks
Arp poisoning
Website mirroring
Intrusion detection
Mobile devices
Social engineering
IoT (internet of things)Cloud security and tools
Chapter 7. Case StudiesChapter 8. Acronyms
Phishing reporting tool
Endpoint protection
Host ips / edr
Desktop firewall
Antivirus
Antispyware
Full disk encryption
App-control / white-listing
Perimeter controls
Firewall
IDS / IPS
Proxy and content filteringDLP - data leakage/loss protection
Honeypot
WAF - web application firewall
Ssl / vpn
Dns
Message security
Adfs
Sandbox
File integrity
Encrypted email
On premises controls
Mandatory requirements
Vlan segmentation
CriticalityNature
Type
Security baselines
Redundancy
Load balancing
Production traffic encryption
Multilayer implementation
Tls decryption
Static routingDisaster recovery
Time synchronization
Redundancy
Physical network segmentation
Distinct heartbeat interfaces
Centralized management
Default gateways
Sinkhole
Public key infrastructureSecurity monitoring and enforcement
Privileged access management
Log concentrator
Identity and access management
Vulnerability management and penetration testing
Security information and event management
Database activity monitoring
Risk register
Single sign-on
Chapter 3. It security technical control matrix
Chapter 4. It security processes maturity level matrix
Chapter 5. More about cloud
ISO 17789 and NIST sp500-292 developedIaaS
SaaS & secaas
Chapter 6. Security testing tools
Web applications attacks
Passive online password hacking
Steganography
Windows log tools
Vulnerability scanner
SQL injectionWireless attacks
Session hijacking
Bluetooth attacks
Arp poisoning
Website mirroring
Intrusion detection
Mobile devices
Social engineering
IoT (internet of things)Cloud security and tools
Chapter 7. Case StudiesChapter 8. Acronyms
... weniger
Autoren-Porträt von Virgilio Viegas, Oben Kuyucu
Virgilio Viegas, CISSP, CCSP, CISM, CISA, CRISC, CEH, has more than 25 years of experience in the banking sector, having worked in Europe, Asia and the Middle East. Currently he is the Group Head of International IT Security in one of the largest financial institutions in the Middle East and Africa with a strong presence across Europe, Africa and Asia.Virgilio previously worked for more than 20 years for a major Portuguese financial institution, where he participated in the design and implementation of a Internet services reference platform and later developed an information security reference architecture.
While working in Asia, Virgilio developed projects related to information security, compliance, and retail such as Internet banking, ATM and POS network implementation, issuing and acquiring international card schemes, anti-money laundering, customer fingerprint authentication, amongst others. He also supported projects with significant impact in the Timor-Leste financial sector such as the definition of the country International Bank Account Number (IBAN) standard, the implementation of the Real Time Gross Settlement System (RTGS), and the national ATM and POS switch.
Bibliographische Angaben
- Autoren: Virgilio Viegas , Oben Kuyucu
- 2022, 1st ed., XXI, 354 Seiten, 3 farbige Abbildungen, Masse: 17,8 x 25,4 cm, Kartoniert (TB), Englisch
- Verlag: Springer, Berlin
- ISBN-10: 1484277988
- ISBN-13: 9781484277980
Sprache:
Englisch
Pressezitat
"The book includes a detailed table of contents and good index, and the chapters conclude with succinct summaries. ... This is an excellent reference for anyone working in the area of ICT security, summarizing the major standards and frameworks in one publication with useful case studies as examples to explain how things can go wrong and what steps can be taken to protect and minimize the impact of attacks." (David B. Henderson, Computing Reviews, November 14, 2022)
Kommentar zu "IT Security Controls"
0 Gebrauchte Artikel zu „IT Security Controls“
Zustand | Preis | Porto | Zahlung | Verkäufer | Rating |
---|
Schreiben Sie einen Kommentar zu "IT Security Controls".
Kommentar verfassen