Developing Cybersecurity Programs and Policies in an AI-Driven World (4 ed)

By (author) Omar Santos

ISBN13: 9780138074104

Imprint: Pearson IT Certification

Publisher: Pearson Education (US)

Format: Paperback / softback

Published: 08/01/2025

Availability: Not yet available

Description
ALL THE KNOWLEDGE YOU NEED TO BUILD CYBERSECURITY PROGRAMS AND POLICIES THAT WORK   Clearly presents best practices, governance frameworks, and key standards Includes focused coverage of healthcare, finance, and PCI DSS compliance An essential and invaluable guide for leaders, managers, and technical professionals   Today, cyberattacks can place entire organizations at risk. Cybersecurity can no longer be delegated to specialists: Success requires everyone to work together, from leaders on down. Developing Cybersecurity Programs and Policies in an AI-Driven World offers start-to-finish guidance for establishing effective cybersecurity in any organization. Drawing on more than two decades of real-world experience, Omar Santos presents realistic best practices for defining policy and governance, ensuring compliance, and collaborating to harden the entire organization.   Santos begins by outlining the process of formulating actionable cybersecurity policies and creating a governance framework to support these policies. He then delves into various aspects of risk management, including strategies for asset management and data loss prevention, illustrating how to integrate various organizational functions—from HR to physical security—to enhance overall protection. This book covers many case studies and best practices for safeguarding communications, operations, and access; alongside strategies for the responsible acquisition, development, and maintenance of technology. It also discusses effective responses to security incidents. Santos provides a detailed examination of compliance requirements in different sectors and the NIST Cybersecurity Framework.   LEARN HOW TO   Establish cybersecurity policies and governance that serve your organization’s needs Integrate cybersecurity program components into a coherent framework for action Assess, prioritize, and manage security risk throughout the organization Manage assets and prevent data loss Work with HR to address human factors in cybersecurity Harden your facilities and physical environment Design effective policies for securing communications, operations, and access Strengthen security throughout AI-driven deployments Plan for quick, effective incident response and ensure business continuity Comply with rigorous regulations in finance and healthcare Learn about the NIST AI Risk Framework and how to protect AI implementations Explore and apply the guidance provided by the NIST Cybersecurity Framework
Introduction xviii Chapter 1: Understanding Cybersecurity Policy and Governance 2     Information Security vs. Cybersecurity Policies.. . . . . . . . . . . . . . . . 6     Looking at Policy Through the Ages.. . . . . . . . . . . . . . . . . . . . 6     Cybersecurity Policy.. . . . . . . . . . . . . . . . . . . . . . . . . . 10     Cybersecurity Policy Life Cycle.. . . . . . . . . . . . . . . . . . . . . . 28     Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Chapter 2: Cybersecurity Policy Organization, Format, and Styles 46     Policy Hierarchy.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 47     Writing Style and Technique.. . . . . . . . . . . . . . . . . . . . . . . 51     Plain Language Techniques for Policy Writing.. . . . . . . . . . 53     Policy Format.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56     Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Chapter 3: Cybersecurity Frameworks 80     Confidentiality, Integrity, and Availability (CIA). . . . . . . . . . . . . . . . 81     What Is a Cybersecurity Framework?.. . . . . . . . . . . . . . . . . . . 94     NIST Cybersecurity Framework.. . . . . . . . . . . . . . . . . . . . . 110     Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Chapter 4: Cloud Security 132     Why Cloud Computing?.. . . . . . . . . . . . . . . . . . . . . . . . 133     Cloud Computing Models.. . . . . . . . . . . . . . . . . . . . . . . . 139     Cloud Governance. . . . . . . . . . . . . . . . . . . . . . . . . . . 141     Multitenancy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150     Core Components of the Cloud Computing Reference Architecture.. . . . . . 151     Key Concepts and Functional Layers of Cloud Computing. . . . . . . . . . 152     Understanding Top Cybersecurity Risks in Cloud Computing. . . . . . . . . 153     AI and the Cloud: Revolutionizing the Future of Computing.. . . . . . . . . . 166     Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Chapter 5: Governance and Risk Management 176     Understanding Cybersecurity Policies. . . . . . . . . . . . . . . . . . . 177     Cybersecurity Risk. . . . . . . . . . . . . . . . . . . . . . . . . . . 197     Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 Chapter 6: Asset Management and Data Loss Prevention 220     Information Assets and Systems.. . . . . . . . . . . . . . . . . . . . . 221     Information Classification.. . . . . . . . . . . . . . . . . . . . . . . . 224     Labeling and Handling Standards.. . . . . . . . . . . . . . . . . . . . 233     Information Systems Inventory.. . . . . . . . . . . . . . . . . . . . . . 236     Understanding Data Loss Prevention Technologies.. . . . . . . . . . . . . 242     Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Chapter 7: Human Resources Security and Education 256     The Employee Life Cycle. . . . . . . . . . . . . . . . . . . . . . . . 257     The Importance of Employee Agreements.. . . . . . . . . . . . . . . . . 269     The Importance of Security Education and Training. . . . . . . . . . . . . 272     Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 Chapter 8: Physical and Environmental Security 290     Understanding the Secure Facility Layered Defense Model.. . . . . . . . . . 292     Protecting Equipment.. . . . . . . . . . . . . . . . . . . . . . . . . 299     Environmental Sustainability. . . . . . . . . . . . . . . . . . . . . . . 308     Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310 Chapter 9: Cybersecurity Operations (CyberOps), Incident Response, Digital Forensics, and Threat Hunting 320     Incident Response.. . . . . . . . . . . . . . . . . . . . . . . . . . . 321     What Happened? Investigation and Evidence Handling.. . . . . . . . . . . 349     Understanding Threat Hunting.. . . . . . . . . . . . . . . . . . . . . . 351     Understanding Digital Forensic Analysis.. . . . . . . . . . . . . . . . . . 357     Data Breach Notification Requirements. . . . . . . . . . . . . . . . . . 360     Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Chapter 10: Access Control Management 384     Access Control Fundamentals.. . . . . . . . . . . . . . . . . . . . . . 385     Infrastructure Access Controls.. . . . . . . . . . . . . . . . . . . . . . 399     User Access Controls.. . . . . . . . . . . . . . . . . . . . . . . . . 416     Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422 Chapter 11: Supply Chain Security, Information Systems Acquisition, Development, and Maintenance 434     Strengthening the Links: A Deep Dive into Supply Chain Security.. . . . . . . 435     System Security Requirements.. . . . . . . . . . . . . . . . . . . . . 441     Secure Code.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448     Cryptography.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453     Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462 Chapter 12: Business Continuity Management 474     Emergency Preparedness.. . . . . . . . . . . . . . . . . . . . . . . . 475     Business Continuity Risk Management.. . . . . . . . . . . . . . . . . . 479     The Business Continuity Plan.. . . . . . . . . . . . . . . . . . . . . . 485     Business Continuity and Disaster Recovery in Cloud Services.. . . . . . . . . 493     Plan Testing and Maintenance.. . . . . . . . . . . . . . . . . . . . . . 500     Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504 Chapter 13: Regulatory Compliance for Financial Institutions 514     The Gramm-Leach-Bliley Act.. . . . . . . . . . . . . . . . . . . . . . 515     New York’s Department of Financial Services Cybersecurity Regulation.. . . . . 533     What Is a Regulatory Examination?.. . . . . . . . . . . . . . . . . . . . 535     Personal and Corporate Identity Theft. . . . . . . . . . . . . . . . . . . 537     Regulation of Fintech, Digital Assets, and Cryptocurrencies. . . . . . . . . . 540     Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542 Chapter 14: Regulatory Compliance for the Health-care Sector 556     The HIPAA Security Rule. . . . . . . . . . . . . . . . . . . . . . . . 558     The HITECH Act and the Omnibus Rule.. . . . . . . . . . . . . . . . . . 581     Understanding the HIPAA Compliance Enforcement Process. . . . . . . . . 586     Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 588 Chapter 15: PCI Compliance for Merchants 600     Protecting Cardholder Data.. . . . . . . . . . . . . . . . . . . . . . . 601     PCI Compliance.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 616     Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623 Chapter 16: Privacy in an AI-Driven Landscape 634     Defining Privacy in the Digital Context. . . . . . . . . . . . . . . . . . . 635     The Interplay Between AI and Privacy.. . . . . . . . . . . . . . . . . . . 636     General Data Protection Regulation (GDPR).. . . . . . . . . . . . . . . . 637     California Consumer Privacy Act (CCPA). . . . . . . . . . . . . . . . . . 640     Personal Information Protection and Electronic Documents Act (PIPEDA).. . . . 641     Data Protection Act 2018 in the United Kingdom.. . . . . . . . . . . . . . 643     Leveraging AI to Enhance Privacy Protections.. . . . . . . . . . . . . . . 645     Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647 Chapter 17: Artificial Intelligence Governance and Regulations 652     The AI Double-Edged Sword.. . . . . . . . . . . . . . . . . . . . . . 653     Generative AI, LLMs, and Traditional Machine Learning Implementations. . . . 653     Introduction to AI Governance.. . . . . . . . . . . . . . . . . . . . . . 654     The U.S. Executive Order on the Safe, Secure, and Trustworthy     Development and Use of Artificial Intelligence.. . . . . . . . . . . . . . . 655     The Importance of High Accuracy and Precision in AI Systems.. . . . . . . . 661     Explainable AI (XAI): Building Trust and Understanding.. . . . . . . . . . . . 663     Government and Society-wide Approaches to AI Governance.. . . . . . . . . 665     The EU AI Act. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667     Guidelines for Secure AI System Development.. . . . . . . . . . . . . . . 670     OWASP Top 10 Risks for LLM.. . . . . . . . . . . . . . . . . . . . . . 674     MITRE ATLAS Framework. . . . . . . . . . . . . . . . . . . . . . . . 683     Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 684 Appendix A: Answers to the Multiple Choice Questions 696   978138074104, TOC, 6/18/2024
  • Network security
  • Networking packages
  • Professional & Vocational
Height:
Width:
Spine:
Weight:0.00
List Price: £66.99