This book demonstrates how information security requires a deep understanding of an organization's assets, threats, and processes, combined with security measures that can best protect organizational security. It provides step-by-step guidance on how to analyze business processes from a security perspective, while also introducing international accepted security concepts and techniques with their requirements designing security technologies and strategies. Hence, this interdisciplinary book is intended for business and technology audiences as a professional book.
Organizations must first understand the threats that an organization may be prone to, including different types of security attacks, social engineering, and fraud incidents, as well as addressing applicable regulation standards. This international edition covers International Data Security Standards, American security regulation, and European General Data Protection Regulation (GDPR). Developing a security risk profile helps to estimate the potential costs that an organization may be prone to, including how much should be spent on security controls. Security planning must include designing information security, as well as network and physical security, incident response and metrics. Business continuity considers how a business responds to the loss of IT service. Optional areas that may be applicable include data privacy, cloud security, zero trust, secure software requirements and lifecycle, security by design and default, and artificial intelligence in security.
This professional book targets practitioners in business, IT, security, software development or security risk as well as advanced-level computer science students. This book enables computer science, information technology, or business students to implement a case study or a best practice example for an application domain of their choosing.
Introduction.- Chapter 1 Digitalization and Cybersecurity.- 1.1 Digitalization in Digital Transformation.- 1.2 Challenges in Digital Transformation.- 1.3 Cybersecurity.- 1.3.1 Cybersecurity Situational Awareness.- 1.3.2 Cybersecurity Risk Assessment.- 1.3.3 Cybersecurity Risk-Management.- 1.3.3.1 Cybersecurity Maturity Level Model.- 1.4 OT Security.- 1.5 CIA Triad.- 1.5.1 Linking CIA Triad Principles to NIST Incident Response Lifecycle.- 1.6 Cybersecurity is still Paramount.- 1.7 Exercises.- 1.8 References.- Chapter 2 Network and Information Security – NIS2.- 2.1 Network and Information Security (NIS2).- 2.2 Chapter I General Provisions (Articles 1-6).- 2.3 Chapter II Coordinated Cybersecurity Frameworks (Articles 7-13).- 2.4 Chapter III Cooperation at EU and International Level (Articles 14-19).- 2.5 Chapter IV Cybersecurity Risk-Management Measures and Reporting Obligations (Articles 20-25).- 2.6 Chapter VI Jurisdiction and Registration (Articles 26-28).- 2.7 Chapter VI Information Sharing (Articles 29-30).- 2.8 Chapter VII Supervision and Enforcement (Articles 31-37).- 2.9 Chapter VIII Delegated and Implementation Acts (Articles 38-39).- 2.10 Chapter IX Final Provisions (Articles 40-42).- 2.11 Annexes.- 2.12 Exercises.- 2.13 References.- Chapter 3 Application Domain Cybersecurity Activities.- 3.1 Risk-Management and Effectiveness Assessment of Risk-Management Measures.- 3.1.1 Risk Identification and Documentation.- 3.1.2 Risk Quantification and Documentation.- 3.1.3 Risk Assessment and Documentation.- 3.1.4 Cybersecurity and Data Risk-Management Approach.- 3.1.5 Contingency Planning as part of Risk-Governance.- 3.2 Cybersecurity Frameworks and Criteria.- 3.2.1 NIST Cybersecurity Framework (NIST CSF).- 3.2.1.1 NIST CSF Core Functions.- 3.2.1.2 NIST CSF Profiles.- 3.2.1.3 NIST CSF Tiers.- 3.2.3 MITRE ATT & CK.- 3.2.3.1 MITRE ATT & CK Model.- 3.2.4 CIS Critical Security Controls.- 3.2.5 ISO/IEC 27 K.- 3.2.6 Difference between NIS CSF and ISO/IEC 27K.- 3.2.7 Maturity Models after ISO 9004:2008/2015.- 3.3 Cybersecurity Maturity Model (CMM, CMMI): A Behavior and Process Model.- 3.3.1 Classification of Capability- and Maturity Models.- 3.4 Exercises.- 3.5 References.- Chapter 4 Application Domain Network and Information Security.- 4.1 Network and Information Security (NIS2).- 4.2 Compliance and Regulatory Pressure.- 4.3 Liability.- 4.4 NIS2 Article 21.2.- 4.4.1 Mandatory Cybersecurity Measures.- 4.4.2 Standards in Cybersecurity Risk-Management.- 4.5 Preparing for NIS2.- 4.6 Business Continuity Plan (BCP).- 4.6.1 BCP Component Risk and Impact Analysis.- 4.6.2 BCP Component Recovery Schedule.- 4.6.2.1 Recovery Point Objective (RPO).- 4.6.2.2 Recovery Time Objective (RTO).- 4.6.2.3 Maximum Tolerable Downtime (MtD).- 4.7 Emergency Communication Plan (ECOP).- 4.7.1 Important to do´s for ECOP – A Cookbook.- 4.7.2 ECOP Topics BCM, RPO, RTO, MtD.- 4.7.3 Summarizing ECOP Action Needs.- 4.8 Exercises.- 4.9 References.- Chapter 5 EU Network and Information Security Directive (NIS2).- Conclustions.
Height:
Width:
Spine:
Weight:0.00