Developing Cybersecurity Programs and Policies is a complete guide
to establishing a cyber security program and governance in your
organization. In this book, you will learn how to create cyber security
policies, standards, procedures, guidelines, and plans-and the
differences among them. You will also learn how threat actors are
launching attacks against their victims-compromising confidentiality,
integrity, and availability of systems and networks.
Santos starts by providing an overview of cybersecurity policy and
governance, and how to create cybersecurity policies and develop a
cybersecurity framework. He then provides details about governance, risk
management, asset management, and data loss prevention.
Learn how to:
- Respond to incidents and ensure continuity of operations
- Comply with laws and regulations, including GLBA, HIPAA/HITECH, FISMA,
state data security and notification rules, and PCI DSS
- Systematically identify, prioritize, and manage cyber security risks
and reduce social engineering (human) risks with role-based Security
Education, Awareness, and Training (SETA)
- Incorporate human resources, physical, and environmental security as
important elements of your cybersecurity program.
- Implement appropriate security controls in the cloud, often using
automation
- Understand Identity and Access Management (IAM)
This book includes:
- Practical, hands-on exercises related to several key topics to defend
various cloud workloads operating in the different CSP models:
Infrastructure as a Service (IaaS), Platform as a Service (PaaS),
Software as a Service (SaaS), and Functions as a Service (FaaS)
- Covers NIST Cyber Security Framework and ISO/IEC 27000-series
standards
