Enterprise Cybersecurity
How to Build a Successful Cyberdefense Program Against Advanced Threats
(Sprache: Englisch)
Enterprise Cybersecurity empowers organizations of all sizes to defend themselves with next-generation cybersecurity programs against the escalating threat of modern targeted cyberattacks. This book presents a comprehensive framework for managing all...
Voraussichtlich lieferbar in 3 Tag(en)
versandkostenfrei
Buch (Kartoniert)
109.99 €
- Lastschrift, Kreditkarte, Paypal, Rechnung
- Kostenlose Rücksendung
- Ratenzahlung möglich
Produktdetails
Produktinformationen zu „Enterprise Cybersecurity “
Klappentext zu „Enterprise Cybersecurity “
Enterprise Cybersecurity empowers organizations of all sizes to defend themselves with next-generation cybersecurity programs against the escalating threat of modern targeted cyberattacks. This book presents a comprehensive framework for managing all aspects of an enterprise cybersecurity program. It enables an enterprise to architect, design, implement, and operate a coherent cybersecurity program that is seamlessly coordinated with policy, programmatics, IT life cycle, and assessment.Fail-safe cyberdefense is a pipe dream. Given sufficient time, an intelligent attacker can eventually defeat defensive measures protecting an enterprise s computer systems and IT networks.
To prevail, an enterprise cybersecurity program must manage risk by detecting attacks early enough and delaying them long enough that the defenders have time to respond effectively. Enterprise Cybersecurity shows players at all levels of responsibility how to unify their organization s people, budgets, technologies, and processes into a cost-efficient cybersecurity program capable of countering advanced cyberattacks and containing damage in the event of a breach.
The authors of Enterprise Cybersecurity explain at both strategic and tactical levels how to accomplish the mission of leading, designing, deploying, operating, managing, and supporting cybersecurity capabilities in an enterprise environment. The authors are recognized experts and thought leaders in this rapidly evolving field, drawing on decades of collective experience in cybersecurity and IT. In capacities ranging from executive strategist to systems architect to cybercombatant, Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, and Abdul Aslam have fought on the front lines of cybersecurity against advanced persistent threats to government, military, and business entities.
Enterprise Cybersecurity lays out the design, implementation,and management of comprehensive cybersecurity programs that enable enterprises of all sizes and sectors to protect themselves preemptively and actively against the escalating threat of modern, targeted cyberattacks.
To frame their exposition of the components of effective cybersecurity programs, the authors develop two actionable concepts central to their systems engineering approach. First, the 'kill chain' of a cyber-intrusion comprises the intrusive phases of adversarial reconnaissance, weaponization, delivery, and exploitation, to each of which the authors map defensive courses of action for detection, mitigation, and response. Second, the 'trust stack' concept articulates the structure of defensive response in terms of two subsidiary stacks whose elements are sequentially arranged in increasing difficulty for an attacker to breach and compromise. One subsidiary stack is the 'application stack' comprised of ten elements such as end user, application software, and database. The other is the 'administration stack' comprised of nine elements such as user credentials, application administration, and database administration.
Within the conceptual framework of the kill chain and trust stack, Enterprise Cybersecurity describes the aims, strategies, tactics, and taxonomy of security threats and the panoply of corresponding cyberdefensive measures.These countermeasures include hardening of enterprise defenses, immediate detection of intrusions, containment of attacks, and repulse to prevent exploitation of breaches. End-to-end cyberdefense systems integrate preventive,detective, monitoring, and forensics controls.
Toward this integrative end, the team of authors-respected experts and thought leaders in the rapidly evolving field of enterprise cybersecurity-introduce a new synthetic paradigm called Cybersecurity Capability Architecture, which they have collectively refined and separately put into practice.
Readers of this book will learn to design and implement the ten functional areas of Cybersecurity Capability Architecture:
- systems administration
- network security
- application security
- endpoint, server, and device security
- asset management
- authentication and identity management
- cryptography and data protection
- monitoring, vulnerability, and patch management
- incident response
- policy, audit, e-discovery, and training
To frame their exposition of the components of effective cybersecurity programs, the authors develop two actionable concepts central to their systems engineering approach. First, the 'kill chain' of a cyber-intrusion comprises the intrusive phases of adversarial reconnaissance, weaponization, delivery, and exploitation, to each of which the authors map defensive courses of action for detection, mitigation, and response. Second, the 'trust stack' concept articulates the structure of defensive response in terms of two subsidiary stacks whose elements are sequentially arranged in increasing difficulty for an attacker to breach and compromise. One subsidiary stack is the 'application stack' comprised of ten elements such as end user, application software, and database. The other is the 'administration stack' comprised of nine elements such as user credentials, application administration, and database administration.
Within the conceptual framework of the kill chain and trust stack, Enterprise Cybersecurity describes the aims, strategies, tactics, and taxonomy of security threats and the panoply of corresponding cyberdefensive measures.These countermeasures include hardening of enterprise defenses, immediate detection of intrusions, containment of attacks, and repulse to prevent exploitation of breaches. End-to-end cyberdefense systems integrate preventive,detective, monitoring, and forensics controls.
Toward this integrative end, the team of authors-respected experts and thought leaders in the rapidly evolving field of enterprise cybersecurity-introduce a new synthetic paradigm called Cybersecurity Capability Architecture, which they have collectively refined and separately put into practice.
Readers of this book will learn to design and implement the ten functional areas of Cybersecurity Capability Architecture:
- systems administration
- network security
- application security
- endpoint, server, and device security
- asset management
- authentication and identity management
- cryptography and data protection
- monitoring, vulnerability, and patch management
- incident response
- policy, audit, e-discovery, and training
Autoren-Porträt von Scott Donaldson, Stanley Siegel, Chris K. Williams, Abdul Aslam
Scott E. Donaldson is a Senior Vice President for Leidos, Inc., a Fortune 500 company that provides scientific, engineering, systems integration, and technical services. He is the Chief Technology Officer (CTO) and IT Director for its Heath and Engineering Sector.
Bibliographische Angaben
- Autoren: Scott Donaldson , Stanley Siegel , Chris K. Williams , Abdul Aslam
- 2015, 1st ed., XLII, 536 Seiten, Maße: 17,8 x 25,4 cm, Kartoniert (TB), Englisch
- Verlag: Springer, Berlin
- ISBN-10: 1430260823
- ISBN-13: 9781430260820
- Erscheinungsdatum: 20.05.2015
Sprache:
Englisch
Kommentar zu "Enterprise Cybersecurity"
Schreiben Sie einen Kommentar zu "Enterprise Cybersecurity".
Kommentar verfassen