Developing Cybersecurity Programs and Policies is a complete guide to establishing a cyber security program and governance in your organization. In this book, you will learn how to create cyber security policies, standards, procedures, guidelines, and plans-and the differences among them. You will also learn how threat actors are launching attacks against their victims-compromising confidentiality, integrity, and availability of systems and networks.
Santos starts by providing an overview of cybersecurity policy and governance, and how to create cybersecurity policies and develop a cybersecurity framework. He then provides details about governance, risk management, asset management, and data loss prevention.
Learn how to:
- Respond to incidents and ensure continuity of operations
- Comply with laws and regulations, including GLBA, HIPAA/HITECH, FISMA, state data security and notification rules, and PCI DSS
- Systematically identify, prioritize, and manage cyber security risks and reduce social engineering (human) risks with role-based Security Education, Awareness, and Training (SETA)
- Incorporate human resources, physical, and environmental security as important elements of your cybersecurity program.
- Implement appropriate security controls in the cloud, often using automation
- Understand Identity and Access Management (IAM)
This book includes:
- Practical, hands-on exercises related to several key topics to defend various cloud workloads operating in the different CSP models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Functions as a Service (FaaS)
- Covers NIST Cyber Security Framework and ISO/IEC 27000-series standards