We Need To Talk: 52 Weeks To Better Cyber-Security
()
About this ebook
The book provides a comprehensive approach to discussing cyber-security, addressing topics such as risk management, configuration management, vulnerability management, policy, threat intelligence, and incident response. The discussions that are sparked will lead to helping your team strengthen and mature your organization's security posture.
The book is designed for information security professionals and their teams looking for a structured way to improve their organization’s cyber-security posture over one year. It is an ideal resource for those teams who wish to develop a well-rounded understanding of cyber-security and gain insight into the various elements that are needed for a successful program.
*This book was written programmatically with the help of AI tools and edited using Grammarly.
Related to We Need To Talk
Related ebooks
Cybersecurity ISMS Policies And Procedures A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsInformation Protection Playbook Rating: 0 out of 5 stars0 ratingsSecure Your Business: Insights to Governance, Risk, Compliance & Information Security Rating: 0 out of 5 stars0 ratingsCyber Security Breach A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsInfosec Management Fundamentals Rating: 5 out of 5 stars5/5Cyber Security Awareness A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsIS Auditor - Process of Auditing: Information Systems Auditor, #1 Rating: 0 out of 5 stars0 ratingsSecurity Operations Center - SIEM Use Cases and Cyber Threat Intelligence Rating: 0 out of 5 stars0 ratingsSecurity Operations: CISSP, #7 Rating: 0 out of 5 stars0 ratingsIT Security Audit A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsIT Induction and Information Security Awareness: A Pocket Guide Rating: 0 out of 5 stars0 ratingsCCISO A Complete Guide - 2020 Edition Rating: 1 out of 5 stars1/5IT GRC A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsISO27001 in a Windows Environment: The best practice implementation handbook for a Microsoft Windows environment Rating: 0 out of 5 stars0 ratingsISO IEC 27001 Lead Implementer A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsQualified Security Assessor Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsThe Insider Threat: Combatting the Enemy Within Rating: 0 out of 5 stars0 ratingsTotal Information Risk Management: Maximizing the Value of Data and Information Assets Rating: 0 out of 5 stars0 ratingsISO 22301 A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsManaging Information Security Breaches: Studies from real life Rating: 0 out of 5 stars0 ratingsNine Steps to Success: An ISO27001:2013 Implementation Overview Rating: 3 out of 5 stars3/5Information Security Breaches: Avoidance and Treatment based on ISO27001 Rating: 0 out of 5 stars0 ratingsIT Governance A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsIT Asset Management Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsInformation Security A Practical Guide: Bridging the gap between IT and management Rating: 5 out of 5 stars5/5Nine Steps to Success: North American edition: An ISO 27001 Implementation Overview Rating: 0 out of 5 stars0 ratingsCybersecurity Risk Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsInformation Security Auditor: Careers in information security Rating: 0 out of 5 stars0 ratings
Security For You
How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsSocial Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHacking For Dummies Rating: 4 out of 5 stars4/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5CISSP Study Guide Rating: 4 out of 5 stars4/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsGame Console Hacking: Xbox, PlayStation, Nintendo, Game Boy, Atari and Sega Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratings
Reviews for We Need To Talk
0 ratings0 reviews
Book preview
We Need To Talk - L. Brent Huston
WEEK TWO
Best Practices Frameworks
QUESTIONS:
How are we doing with respect to best practices? Are there any areas where we need to focus more attention? Are there any areas that we should avoid? What best practice frameworks are we using across information security? How do we keep up with updates and changes? What kind of cross-training are we doing on frameworks?
Support Materials:
Information Security professionals often use best practice frameworks to help them understand how to implement various technologies and processes that will improve the overall effectiveness of their information security program. These frameworks provide a common language for discussing topics such as threat modeling, vulnerability management, access control, identity management, encryption, etc. They are also very effective at helping people who may need formal training in these areas to learn about them.
WEEK THREE
Security Policy
QUESTIONS:
Is there an official security policy document defining the organization's information security approach? Are those policies reviewed regularly? Has the organization ever been audited by a third party? If so, who did the audit, and what were their findings? Was anything changed as a result of the audit? Who on the team is responsible for writing and/or revising the policy documents? How are feedback and lessons learned throughout the enterprise woven into those updates? How are changes to our policies socialized across the company?
Support Materials:
Establishing, socializing, and keeping policies up to date are critical information security functions. Security policy documentation is crucial for many reasons. First, it provides a record of how you want your organization's information technology (IT) infrastructure to operate. Second, it helps IT staff understand the requirements that the various components of the IT infrastructure must meet. Third, it serves as a reminder of the security standards that must be followed at all times. Finally, it ensures that everyone understands the rules and regulations governing the use of the IT infrastructure.
WEEK FOUR
Relationships With Other Groups
QUESTIONS:
How are we working with other groups within the organization? Are there any areas where we need to collaborate more closely? Are there any areas that we should avoid collaborating with? Why? Are there any relationships that need to be clearly defined? Could those be clarified? Are there any areas where we need to clarify who owns what responsibilities?
Support Materials:
Relationships between different groups within an organization are critical to the success of information security programs. These relationships exist between IT and Security, Operations and Information Security, and even between the various departments within an organization. To effectively manage risks, it is necessary to understand how these relationships work together. For example, who will respond first if a server has a problem? Who has the authority to make decisions about the response? How does this impact the relationship between the two groups? Understanding these issues helps you build better relationships with your peers. Better relationships mean a more effective information security