Building Effective Cybersecurity Programs
Description
You know by now that your company could not survive without the Internet. Not in today's market. You are either part of the digital economy or reliant upon it. With critical information assets at risk, your company requires a state-of-the-art cybersecurity program. But how do you achieve the best possible program? Tari Schreider, in Building Effective Cybersecurity Programs: A Security Manager's Handbook, lays out the step-by-step roadmap to follow as you build or enhance your cybersecurity program.
Over 30+ years, Tari Schreider has designed and implemented cybersecurity programs throughout the world, helping hundreds of companies like yours. Building on that experience, he has created a clear roadmap that will allow the process to go more smoothly for you. Building Effective Cybersecurity Programs: A Security Manager's Handbook is organized around the six main steps on the roadmap that will put your cybersecurity program in place:
- Design a Cybersecurity Program
- Establish a Foundation of Governance
- Build a Threat, Vulnerability Detection, and Intelligence Capability
- Build a Cyber Risk Management Capability
- Implement a Defense-in-Depth Strategy
- Apply Service Management to Cybersecurity Programs
Because Schreider has researched and analyzed over 150 cybersecurity architectures, frameworks, and models, he has saved you hundreds of hours of research. He sets you up for success by talking to you directly as a friend and colleague, using practical examples. His book helps you to:
- Identify the proper cybersecurity program roles and responsibilities.
- Classify assets and identify vulnerabilities.
- Define an effective cybersecurity governance foundation.
- Evaluate the top governance frameworks and models.
- Automate your governance program to make it more effective.
- Integrate security into your application development process.
- Apply defense-in-depth as a multi-dimensional strategy.
- Implement a service management approach to implementing countermeasures.
With this handbook, you can move forward confidently, trusting that Schreider is recommending the best components of a cybersecurity program for you. In addition, the book provides hundreds of citations and references allow you to dig deeper as you explore specific topics relevant to your organization or your studies.
More details
Persons
Tari Schreider, SSCP, CISM, C|CISO, ITIL Foundation, is a distinguished technologist and nationally known expert in the fields of cybersecurity, risk management, and disaster recovery. Co-founder of Prescriptive Risk Solutions, LLC (PRS), he is former Chief Security Architect at Hewlett-Packard Enterprise. PRS designs custom solutions for companies with challenging legal and regulatory compliance issues that need to be solved quickly. PRS maintains one of the world's largest databases of security and disaster recovery incidents with nearly 12,000 incidents covering 10.6 billion compromised records.
Mr. Schreider has designed and implemented complex cybersecurity programs including a red team penetration testing program for one of the largest oil and gas companies in the world, an NERC CIP compliance program for one of Canada's largest electric utility companies, and an integrated security control management program for one of the US' largest 911 systems. He has advised organizations from China to India on how to improve their cybersecurity programs through his Information Security Service Management - Reference Model (ISSM-RM). Schreider implemented a virtual Security Operations Center network with vSOCs located in the US, Brazil, Italy, Japan, Sweden, and the US. He was also responsible for creating the first Information Sharing and Analysis Center in collaboration with the Information Technology Association of America (IT-ISCA). His earliest disaster recovery experiences included assisting companies affected by the 1992 Los Angeles Rodney King Riots, and 1993 World Trade Center bombing. His unique experience came during the 1990 Gulf War, helping a New York financial institution recover after becoming separated from its data center in Kuwait.
Schreider has appeared on ABC News, CNN, CNBC, NPR, and has had numerous articles printed in security and business magazines including Business Week, New York Times, SC Magazine, The Wall Street Journal, and many others.
He studied Criminal Justice at the College of Social & Behavioral Sciences at the University of Phoenix and holds the following certifications in security and disaster recovery:
. American College of Forensic Examiners, CHS-III . Certified CISO (C|CISO) . Certified Information Security Manager (CISM) . ITIL(TM) v3 Foundation Certified . System Security Certified Practitioner (SSCP) . The Business Continuity Institute, MBCI . University of Richmond - Master Certified Recovery Planner (MCRP)Content
- Intro
- Title page
- Copyright
- Dedication
- Acknowledgments
- Preface
- Introduction
- Foreword
- Chapter 1: Designing a Cybersecurity Program
- 1.1 Cybersecurity Program Design Methodology
- 1.1.1 Need for a Design to Attract the Best Personnel
- 1.1.2 A Recommended Design Approach: ADDIOI ModelT
- 1.1.3 The Six Phases of the ADDIOI ModelT
- 1.2 Defining Architectures, Frameworks, and Models
- 1.2.1 Program Design Guide
- 1.3 Design Principles
- 1.4 Good Practice vs. Best Practice
- 1.5 Adjust Your Design Perspective
- 1.6 Architectural Views
- 1.7 Cybersecurity Program Blueprint
- 1.8 Program Structure
- 1.8.1 Office of the CISO
- 1.8.2 Security Engineering
- 1.8.3 Security Operations
- 1.8.4 Cyber Threat Intelligence
- 1.8.5 Cyber Incident Response
- 1.8.6 Physical Security
- 1.8.7 Recovery Operations
- 1.9 Cybersecurity Program Frameworks and Models
- 1.9.1 HITRUST CSF
- 1.9.2 Information Security Forum (ISF) Framework
- 1.9.3 ISO/IEC 27001/27002 Information Security Management (ISMS)
- 1.9.4 NIST Cybersecurity Framework
- 1.10 Maturing Cybersecurity Programs
- 1.11 Cybersecurity Program Design Checklist
- References
- Chapter 2: Establishing a Foundation of Governance
- 2.1 Governance Overview
- 2.2 Cybersecurity Governance Playbook
- 2.3 Selecting a Governance Framework
- 2.3.1 COBIT® 5: Framework for Information Technology Governance and Control
- 2.3.2 COSO 2013 Internal Control - Integrated Framework
- 2.3.3 Information Governance Reference Model (IGRM)
- 2.3.4 Information Coalition - Information Governance Model
- 2.3.5 OCEG GRC Capability ModelT 3.0 (Red Book)
- 2.4 Governance Oversight Board
- 2.5 Cybersecurity Policy Model
- 2.5.1 Cybersecurity Policy Management
- 2.5.2 Cybersecurity Policy Management Software
- 2.6 Governance, Risk, and Compliance (GRC) Software
- 2.7 Key Cybersecurity Program Management Disciplines
- 2.8 Creating a Culture of Cybersecurity
- 2.9 Governance Foundation Checklist
- References
- Chapter 3: Building a Cyber Threat, Vulnerability Detection, and Intelligence Capability
- 3.1 Cyber Threats and Vulnerabilities
- 3.1.1 Threats, Vulnerability, and Intelligence Model
- 3.2 Cyber Threats
- 3.2.1 Lesson from the Honeybees
- 3.2.2 Cyber Threat Categories
- 3.2.3 Threat Taxonomies
- 3.2.3.1 Threat Taxonomy Sources
- 3.2.4 Cyber Threat Actors
- 3.2.5 Cyber Threat-Hunting
- 3.2.5.1 Cyber Threat-Hunting Tools
- 3.2.6 Cyber Threat-Modeling
- 3.2.6.1 Cyber Threat Analysis and Modeling (TAM) Products
- 3.2.7 Cyber Threat Detection Solutions
- 3.2.8 Cyber Threat Metrics
- 3.2.8.1 Example Cyber Threat Metrics
- 3.3 Vulnerability Management
- 3.3.1 Vulnerability Scanning
- 3.3.2 Patch Management
- 3.3.2.1 Virtual Patch Management
- 3.4 Attack Surface
- 3.4.1 Attack Surface Mapping
- 3.4.2 Shadow IT Attack Surface
- 3.4.3 Attack Surface Classification
- 3.5 Cyber Threat Intelligence
- 3.5.1 Cyber Threat Intelligence Services
- 3.5.2 Cyber Threat Intelligence Program Use Cases
- 3.6 Cyber Kill Chain
- 3.7 Cyber Threat, Vulnerability Detection, and Intelligence Checklist
- References
- Chapter 4: Building a Cyber Risk Management Capability
- 4.1 Cyber Risk
- 4.1.1 Cyber Risk Landscape
- 4.1.2 Risk Types
- 4.1.3 Cyber Risk Appetite
- 4.1.3.1 Risk Appetite Statement
- 4.1.4 Risk Tolerance
- 4.1.5 Risk Threshold
- 4.1.6 Risk Acceptance
- 4.1.6.1 Risk Acceptance Statement
- 4.1.7 Inherent Risk
- 4.1.8 Residual Risk
- 4.1.9 Annualized Loss Expectancy (ALE)
- 4.1.10 Return on Investment (ROI)
- 4.2 Cyber Risk Assessments
- 4.2.1 Business Impact Assessment (BIA)
- 4.2.2 Calculating Risk
- 4.2.2.1 Risk Calculation Software
- 4.2.3 Risk Registry
- 4.3 Cyber Risk Standards
- 4.4 Cyber Risk Management Lifecycle
- 4.5 Cyber Risk Treatment
- 4.6 Risk Monitoring
- 4.7 Risk Reporting
- 4.8 Risk Management Frameworks
- 4.9 Risk Maturity Models
- 4.10 Third-Party Risk Management (TPRM)
- 4.10.1 TPRM Program Structure
- 4.10.2 Third-Party Attestation Services
- 4.11 Cyber Black Swans
- 4.12 Cyber Risk Cassandras
- 4.13 Cyber Risk Management Checklist
- References
- Chapter 5: Implementing a Defense-in-Depth Strategy
- 5.1 Defense-in-Depth
- 5.1.1 Industry Perception
- 5.1.2 Defense-in-Depth Models
- 5.1.3 Origin of Contemporary Defense-in-Depth Models
- 5.1.4 Defense-in-Depth Layer Categorization
- 5.1.5 Defense-in-Depth Criticism
- 5.1.6 Defensive Layers
- 5.2 Improving the Effectiveness of Defense-in-Depth
- 5.2.1 Governance, Risk and, Compliance (GRC) Domain
- 5.2.2 Threat and Vulnerability Management (TVM) Domain
- 5.2.3 Application, Database, and Software Protection (ADS) Domain
- 5.2.4 Security Operations (SecOps) Domain
- 5.2.5 Device and Data Protection (DDP) Domain
- 5.2.6 Cloud Service and Infrastructure Protection (CIP) Domain
- 5.3 Defense-in-Depth Model Schema
- 5.4 Open Source Software Protection
- 5.5 Defense-in-Depth Checklist
- References
- Chapter 6: Applying Service Management to Cybersecurity Programs
- 6.1 Information Technology Service Management (ITSM)
- 6.1.1 Brief History of ITSM and ITIL
- 6.2 Cybersecurity Service Management
- 6.2.1 Cybersecurity Service Management Approach
- 6.3 Cybersecurity Program Personnel
- 6.3.1 Applying the RACI-V Model to Cybersecurity Program Staffing
- 6.3.2 Applying the Kanban Method to Cybersecurity Program Staff Workflow
- 6.3.3 Bimodal IT Environments
- 6.4 Cybersecurity Operations Center (C-SOC)
- 6.5 Incident Management
- 6.5.1 Incident Response Management Products
- 6.6 Security Automation and Orchestration (SAO)
- 6.7 DevSecOps
- 6.7.1 Rugged DevOps
- 6.7.2 DevSecOps Factory ModelT
- 6.8 Software-Defined Security (SDSec)
- 6.9 Artificial Intelligence
- 6.10 Cybersecurity Program Operationalization Checklist
- References
- Appendix A: Useful Checklists and Information
- Table A-1. Sample Cybersecurity Program Key Performance Measures (KPM)
- Table A-2. Threat Fusion Platforms
- Table A-3. Cybersecurity Maturity Models
- Table A-4. Policy Management Software
- Table A-5. Governance, Risk, and Compliance (GRC) Program Software Products
- Table A-6. Vulnerability Scanning Solutions
- Table A-7. Security Patch Management Solutions
- Table A-8. Virtual Patching Solutions
- Table A-9. IT Asset Management Products
- Table A-10. Cloud Access Security Broker (CASB) Solutions
- Table A-11. Threat Intelligence Services
- Table A-12. Data Breach and Threats Reports
- Table A-13. Managed Security Service Providers (MSSP)
- Table A-14. Cybersecurity Automation and Orchestration Solutions
- Credits
- About the Author
- More From Rothstein Publishing
