The complete guide to cybersecurity risks and controls / Anne Kohnke, Dan Shoemaker, Ken Sigler.

"An Auerbach book."

Incluye bibliografía

Why cybersecurity management is important - Computing and culture shock - Control-based information governance, what it is and how it works - The value of formal control -
A survey of control frameworks, general structure, and application - What is information security governance? - IT governance frameworks-an overview - IT security controls - What are controls and why are they important? - Picking up where chapter 1 left off - Goal-based security controls - Implementation-based security controls - the security control formulation and development process - Setting the stage for control implementation through security architecture design - Implementing a multitiered governance and control framework in a business - Constructing practical systems of controls - Practical implementation: how to establish a real, working control framework - Ensuring long-term control capability -
Risk management and prioritization using a control perspective - Ensuring that risk management process supports the organization - the five elements of the risk management process - Control formulation and implementation process - The control formulation process - Creating and documenting control objectives - Creating a management-level control process - Assessing control performance - Measurement-based assurance of controls - Assessing and remediating the control environment - Developing a comprehensive ICT control program - Security control validation and verification - Security control assessment fundamentals - NIST security control assessment process - Control testing and examination application - Control framework sustainment and security of operations - Operational control assurance: aligning purpose with practice - Operational assurance (sensing) – Analysis - Response Management (Responding) - Operational oversight and infrastructure assurance of control set integrity.

M. de ciberseguridad