Go to main content

IT security controls : a guide to corporate standards and frameworks / Virgilio Viegas, Oben Kuyucu.

Viegas, Virgilio, author.; Kuyucu, Oben, author.
2022
QA76.9.A25 V54 2022
Available Online
Formats
Format
BibTeX
MARCXML
TextMARC
MARC
DublinCore
EndNote
NLM
RefWorks
RIS
Add to Basket
Cite
Citation

Linked e-resources

Linked Resource
Online Access
Concurrent users
Unlimited
Authorized users
Authorized users
Document Delivery Supplied
Can lend chapters, not whole ebooks

Details

Title
IT security controls : a guide to corporate standards and frameworks / Virgilio Viegas, Oben Kuyucu.
Author
Viegas, Virgilio, author.
ISBN
9781484277997 (electronic bk.)
1484277996 (electronic bk.)
9781484277980
1484277988
DOI
https://doi.org/10.1007/978-1-4842-7799-7
Published
Berkeley, CA : Apress L. P., [2022]
Copyright
©2022
Language
English
Description
1 online resource (369 pages) : illustrations (some color)
Item Number
10.1007/978-1-4842-7799-7 doi
Call Number
QA76.9.A25 V54 2022
Dewey Decimal Classification
005.8
Summary
Use this reference for IT security practitioners to get an overview of the major standards and frameworks, and a proposed architecture to meet them. The book identifies and describes the necessary controls and processes that must be implemented in order to secure your organization's infrastructure. The book proposes a comprehensive approach to the implementation of IT security controls with an easily understandable graphic implementation proposal to comply with the most relevant market standards (ISO 27001, NIST, PCI-DSS, and COBIT) and a significant number of regulatory frameworks from central banks across the World (European Union, Switzerland, UK, Singapore, Hong Kong, India, Qatar, Kuwait, Saudi Arabia, Oman, etc.). To connect the book with the real world, a number of well-known case studies are featured to explain what went wrong with the biggest hacks of the decade, and which controls should have been in place to prevent them. The book also describes a set of well-known security tools available to support you. What You Will Learn Understand corporate IT security controls, including governance, policies, procedures, and security awareness Know cybersecurity and risk assessment techniques such as penetration testing, red teaming, compliance scans, firewall assurance, and vulnerability scans Understand technical IT security controls for unmanaged and managed devices, and perimeter controls Implement security testing tools such as steganography, vulnerability scanners, session hijacking, intrusion detection, and more Who This Book Is For IT security managers, chief information security officers, information security practitioners, and IT auditors will use the book as a reference and support guide to conduct gap analyses and audits of their organizations' IT security controls implementations.
Note
Includes index.
Access Note
Access limited to authorized users.
Source of Description
Description based upon print version of record.
Added Author
Kuyucu, Oben, author.
Available in Other Form
IT Security Controls
Linked Resources
Online Access
Record Appears in
Online Resources > Ebooks
All Resources
Intro
Table of Contents
About the Authors
About the Technical Reviewers
Acknowledgments
Introduction
Please check our GitHub page
Chapter 1: The Cybersecurity Challenge
Types of Threats
Who Are These People?
How Do Cyberattacks Happen?
What Can We Do?
Summary
Chapter 2: International Security Standards
ISO 27001 and ISO 27002
Information Security Policies (Clause A.5)
Organization of Information Security (Clause A.6)
Human Resource Security (Clause A.7)
Before Hiring
Employees
Termination and reassignment

Asset Management (Clause A.8)
Access Control (Clause A.9)
Cryptography (Clause A.10)
Physical and Environmental Security (Clause A.11)
Operations Security (Clause A.12)
Communications Security (Clause A.13)
System Acquisition, Development, and Maintenance (Clause A.14)
Supplier Relationships (Clause A.15)
Incident Management (Clause A.16)
Business Continuity Management (Clause A.17)
Compliance (Clause A.18)
ISO 27002
PCI DSS
Goal 1: Build and Maintain a Secure Network
Goal 2: Protect Cardholder Data
Goal 3: Maintain a Vulnerability Management Program

Goal 4: Implement Strong Access Control Measures
Goal 5: Regularly Monitor and Test Networks
Goal 6: Maintain a Policy That Addresses Information Security
Prioritization
SWIFT: Customer Security Controls Framework
Summary
Chapter 3: Information Security Frameworks
NIST Frameworks
NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations
NIST SP 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems
NIST Cybersecurity Framework
COBIT 5 for Information Security

COBIT 5 Process Goals Applied to Information Security
Other Regulatory Frameworks
CIS Controls
Saudi Arabia Monetary Authority (SAMA) Cybersecurity Framework
Reserve Bank of India
FIFA World Cup Qatar 2022
Monetary Authority of Singapore
BDDK
Others
Summary
Chapter 4: IT Security Technical Controls
Off-Premises Unmanaged Devices
MDM: Mobile Device Management
MAM: Mobile Application Management
NAC: Network Access Control
Multi-Factor Authentication
RASP for Mobile Applications
Secure Connections
OSI Model
TCP/IP Model
IPsec, SSH, and TLS

IPsec
SSH
TLS
Clean Pipes
DDoS Mitigation
Managed Devices
Directory Service Integration
Centralized Endpoint Management
TPM: Trusted Platform Module
VPN Client
NAC: Network Access Control
Data Classification
UAM: User Activity Monitoring
Endpoint Protection
Phishing Reporting Tool
Host IPS or EDR
Desktop Firewall
Antivirus
Antispyware
Full-Disk Encryption
Application Control and Application Whitelisting
Perimeter Security
Firewalls
Intrusion Detection and Intrusion Protection Systems
Proxy and Content (URL) Filtering

Browse Subjects

Show more subjects...

Statistics

from
to
Export