Foreword xi Introduction xiii Chapter 1: Step 1: Foster a Strong Security Culture 1 Kevin Mitnick, Human Hacker Extraordinaire 3 The Importance of a Strong Security Culture 5 Hackers Are the Bad Guys, Right? 6 What is Security Culture? 7 How to Foster a Strong Security Culture 9 Security Leaders on Security Culture 12 What Makes a Good CISO? 13 The Biggest Mistakes Businesses Make When It Comes to Cybersecurity 14 The Psychological Phases of a Cybersecurity Professional 15 Chapter 2: Step 2: Build a Security Team 19 Why Step 2 is Controversial 20 How to Hire the Right Security Team.the Right Way 28 Security Team Tips from Security Leaders 29 The "Culture Fit"--Yuck! 30 Cybersecurity Budgets 34 Design Your Perfect Security Team 35 Chapter 3: Step 3: Regulatory Compliance 39 What Are Data Breaches, and Why Are They Bad? 40 The Scary Truth Found in Data Breach Research 45 An Introduction to Common Data Privacy Regulations 49 The General Data Protection Regulation 49 The California Consumer Privacy Act 50 The Health Insurance Portability and Accountability Act 52 The Gramm-Leach-Bliley Act 52 Payment Card Industry Data Security Standard 53 Governance, Risk Management, and Compliance 53 More About Risk Management 54 Threat Modeling 55 Chapter 4: Step 4: Frequent Security Testing 57 What is Security Testing? 58 Security Testing Types 58 Security Audits 58 Vulnerability Assessments Versus Penetration Testing 59 Red Team Testing 61 Bug Bounty Programs 61 What''s Security Maturity? 63 The Basics of Security Audits and Vulnerability Assessments 64 Log Early, Log Often 66 Prepare for Vulnerability Assessments and Security Audits 67 A Concise Guide to Penetration Testing 69 Penetration Testing Based on Network Knowledge 70 Penetration Testing Based on Network Aspects 73 Security Leaders on Security Maturity 76 Security Testing is Crucial 78 Chapter 5: Step 5: Security Framework Application 79 What is Incident Response? 80 Preparation 80 Identification or Analysis 82 Containment, Mitigation, or Eradication 83 Recovery 84 Post-incident 86 Your Computer Security Incident Response Team 86 Cybersecurity Frameworks 89 NIST Cybersecurity Framework 89 Identify 90 Protect 92 Detect 95 Respond 97 Recover 99 ISO 27000 Cybersecurity Frameworks 101 CIS Controls 102 COBIT Cybersecurity Framework 105 Security Frameworks and Cloud Security 106 Chapter 6: Step 6: Control Your Data Assets 109 The CIA Triad 110 Access Control 112 Patch Management 113 Physical Security and Your Data 115 Malware 116 Cryptography Basics 119 Bring Your Own Device and Working from Home 123 Data Loss Prevention 124 Managed Service Providers 126 The Dark Web and Your Data 128 Security Leaders on Cyber Defense 130 Control Your Data 132 Chapter 7: Step 7: Understand the Human Factor 133 Social Engineering 134 Phishing 139 What Can NFTs and ABA Teach Us About Social Engineering? 141 How to Prevent Social Engineering Attacks on Your Business 146 UI and UX Design 147 Internal Threats 148 Hacktivism 152 Chapter 8: Step 8: Build Redundancy and Resilience 155 Understanding Data and Networks 156 Building Capacity and Scalability with the Power of the Cloud 158 Back It Up, Back It Up, Back It Up 161 RAID 162 What Ransomware Taught Business About Backups 164 Business Continuity 167 Disaster Recovery 168 Chapter 9: Afterword 173 Step 1 173 The Most Notorious Cyberattacker Was Actually a Con Man 174 A Strong Security Culture Requires All Hands on Deck 174 Hackers Are the Good Guys, Actually 174 What Is Security Culture? 175 What Makes a Good CISO? 175 The Psychological Phases of a Cybersecurity Professional 176 Recommended Readings 177 Step 2 178 Tackling the Cybersecurity Skills Gap Myth 178 Take "Culture Fit" Out of Your Vocabulary 179 Your Cybersecurity Budget 180 Recommended Readings 180 Step 3 181 Data Breaches 181 Data Privacy Regulations 182 Risk Management 183 Recommended Readings 183 Step 4 184 Security Audits 184 Vulnerability Assessments 185 Penetration Testing 185 Bug Bounty Programs 185 Recommended Reading 186 Step 5 187 Incident Response 187 Cybersecurity Frameworks 187 Recommended Reading 188 Step 6 188 The CIA Triad 188 Access Control 189 Patch Management 189 Physical Security 189 Malware 189 Cryptography 190 BYOD and Working from Home 190 Data Loss Prevention 191 Managed Service Providers 191 Recommended Reading 191 Step 7 192 Social Engineering 192 UI and UX Design 193 Internal Threats 193 Recommended Readings 194 Step 8 194 Cloud Networks 195 Data Backups 195 Business Continuity and Disaster Recovery 196 Recommended Readings 196 Keeping Your Business Cyber Secure 197 Index 199.
8 Steps to Better Security : A Simple Cyber Resilience Guide for Business