Lee Brotherston - Defensive Security Handbook, 2nd Edition
Here you can read online Lee Brotherston - Defensive Security Handbook, 2nd Edition full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2023, publisher: OReilly Media, Inc., genre: Romance novel. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:Defensive Security Handbook, 2nd Edition
- Author:
- Publisher:OReilly Media, Inc.
- Genre:
- Year:2023
- Rating:5 / 5
- Favourites:Add to favourites
- Your mark:
- 100
- 1
- 2
- 3
- 4
- 5
Defensive Security Handbook, 2nd Edition: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Defensive Security Handbook, 2nd Edition" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
Defensive Security Handbook, 2nd Edition — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Defensive Security Handbook, 2nd Edition" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
by Lee Brotherston and Amanda Berlin
Copyright 2023 Amanda Berlin and Lee Brotherston. All rights reserved.
Printed in the United States of America.
Published by OReilly Media, Inc. , 1005 Gravenstein Highway North, Sebastopol, CA 95472.
OReilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com/safari). For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com .
- Acquisitions Editor: Jennifer Pollock
- Development Editor: Shira Evans
- Production Editor: Clare Laylock
- Interior Designer: David Futato
- Cover Designer: Karen Montgomery
- Illustrator: Kate Dullea
- November 2023: Second Edition
- 2022-04-21: First Release
- 2022-07-05: Second Release
- 2022-10-14: Third Release
See http://oreilly.com/catalog/errata.csp?isbn=9781098127183 for release details.
The OReilly logo is a registered trademark of OReilly Media, Inc. Defensive Security Handbook, the cover image, and related trade dress are trademarks of OReilly Media, Inc.
While the publisher and the authors have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the authors disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.
978-1-098-12718-3
[To Come]
With Early Release ebooks, you get books in their earliest formthe authors raw and unedited content as they writeso you can take advantage of these technologies long before the official release of these titles.
This will be the 1st chapter of the final book. Please note that the GitHub repo will be made active later on.
If you have comments about how we might improve the content and/or examples in this book, or if you notice missing material within this chapter, please reach out to the editor at sevans@oreilly.com.
Creating or improving upon a security program can be a daunting task. With so many facets to consider, the more initial thought and planning that is put into the creation of this program, the easier it will be to manage in the long run. In this chapter, we will cover the skeleton of a security program and initial administrative steps.
Do not fall into the habit of performing tasks, going through routines, or completing configuration with the mindset of, This is how weve always done it. That type of thinking will only hinder progress and decrease security posture as time goes on.
Humans are allergic to change. They love to say, Weve always done it this way. I try to fight that. Thats why I have a clock on my wall that runs counter-clockwise.
Grace Hopper, The Wit and Wisdom of Grace Hopper (1987)
We recommend that when creating the program, you follow this chapter in order. While we attempted to group the remaining chapters accordingly, they can be followed as best fits a company.
It is not necessary to reinvent the wheel in order to lay out the initial groundwork for an information security program. There are a few standards that can be of great use that we will cover in [Link to Come]. The National Institute of Standards & Technology (NIST) has a risk-based cybersecurity framework that covers many aspects of a program. The NIST Framework Core consists of five concurrent and continuous functionsIdentify, Protect, Detect, Respond, and Recover. When considered together, these functions provide a high-level, strategic view of the lifecycle of an organizations management of cybersecurity risk. Not only will a framework be a possible asset, so will compliance standards. Although poorly implemented compliance standards can hinder the overall security of an organization, they can also prove to be a great starting point for a new program. We will cover compliance standards in more depth in [Link to Come]. While resources like these can be a phenomenal value add, you must always keep in mind that every organization is different, and some aspects covered may not be relevant (there are continuous recurring reminders of this throughout the book).
As with many other departments, there are virtues in having the correct staff on the correct teams in regards to security. Open cross-team communication should be a primary goal, as without it the security posture is severely weakened. While smaller organizations may combine several of the following teams, or have a lack of them all together, this remains a good goal to populate a security department.
Executive teamA chief information officer (CIO) or chief information security officer (CISO) will provide the leverage and authority needed for businesswide decisions and changes. An executive team will also be able to provide a long-term vision, communicate corporate risks, establish objectives, provide funding, and suggest milestones.
Risk teamMany organizations already have a risk assessment team, and this may be a subset of that team. In the majority of organizations, security is not going to be the number-one priority. This team will calculate risks surrounding many other areas of the business, from sales to marketing and financials. Security may not be something they are extremely familiar with. In this case they can either be taught security basics case by case, or a security risk analyst could be added to the team. A risk framework such as NISTs Risk Management Framework (RMF) or the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework can assist with this.
Security teamThe security team will perform tasks to assess and strengthen the environment. The majority of this book is focused toward this and the executive team. They are responsible for daily security operations, including managing assets, assessing threats and vulnerabilities, monitoring the environment for attacks and threats, managing risks, and providing training. In a large enough environment, this team can be broken up into a variety of subteams such as network security, security operations, security engineering, application security, and offensive security.
Auditing teamIt is always a good idea to have a system of checks and balances. This is not only to look for gaps in the security processes and controls, but also to ensure the correct tasks and milestones are being covered. As with the Risk Team, this may be a subset of a larger group.
However it is entirely possible that a Small to Medium Business (SMB) may combine one or (unfortunately due to things like budget constraints/etc) all of these roles into one. In those cases we definitely comisserate with you, as it happens all to often. As the company grows, and hopefully the security program also grows, these separate roles can then be planed and adequately filled.Font size:
Interval:
Bookmark:
Similar books «Defensive Security Handbook, 2nd Edition»
Look at similar books to Defensive Security Handbook, 2nd Edition. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book Defensive Security Handbook, 2nd Edition and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.