SØG - mellem flere end 8 millioner bøger:

Søg på: Titel, forfatter, forlag - gerne i kombination.
Eller blot på isbn, hvis du kender dette.
Hjælp

Viser: Developing Cybersecurity Programs and Policies in an AI-Driven World

Developing Cybersecurity Programs and Policies in an AI-Driven World, 4. udgave

Developing Cybersecurity Programs and Policies in an AI-Driven World

Omar Santos
(2024)
Sprog: Engelsk
Pearson Education, Limited
616,00 kr.
Denne bog er endnu ikke udgivet. Den forventes Oct 2024.
Porto kan blive tilføjet, se takster her
Denne bog erstatter Developing Cybersecurity Programs and Policies, 3. udgave

Detaljer om varen

  • 4. Udgave
  • Paperback: 768 sider
  • Udgiver: Pearson Education, Limited (Oktober 2024)
  • ISBN: 9780138074104

Developing Cybersecurity Programs and Policies is a complete guide to establishing a cyber security program and governance in your organization. In this book, you will learn how to create cyber security policies, standards, procedures, guidelines, and plans-and the differences among them. You will also learn how threat actors are launching attacks against their victims-compromising confidentiality, integrity, and availability of systems and networks.

Santos starts by providing an overview of cybersecurity policy and governance, and how to create cybersecurity policies and develop a cybersecurity framework. He then provides details about governance, risk management, asset management, and data loss prevention.   

Learn how to:
  • Respond to incidents and ensure continuity of operations
  • Comply with laws and regulations, including GLBA, HIPAA/HITECH, FISMA, state data security and notification rules, and PCI DSS
  • Systematically identify, prioritize, and manage cyber security risks and reduce social engineering (human) risks with role-based Security Education, Awareness, and Training (SETA)
  • Incorporate human resources, physical, and environmental security as important elements of your cybersecurity program.
  • Implement appropriate security controls in the cloud, often using automation
  • Understand Identity and Access Management (IAM)

This book includes:

  • Practical, hands-on exercises related to several key topics to defend various cloud workloads operating in the different CSP models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Functions as a Service (FaaS)
  • Covers NIST Cyber Security Framework and ISO/IEC 27000-series standards
Introduction xviii
Chapter 1: Understanding Cybersecurity Policy and Governance 2 Information Security vs. Cybersecurity Policies..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 6 Looking at Policy Through the Ages..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 6 Cybersecurity Policy..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 10 Cybersecurity Policy Life Cycle..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 28 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 34
Chapter 2: Cybersecurity Policy Organization, Format, and Styles 46 Policy Hierarchy..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 47 Writing Style and Technique..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 51 Plain Language Techniques for Policy Writing..
.
.
.
.
.
.
.
.
. 53 Policy Format..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 56 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 69
Chapter 3: Cybersecurity Frameworks 80 Confidentiality, Integrity, and Availability (CIA).
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 81 What Is a Cybersecurity Framework?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 94 NIST Cybersecurity Framework..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 110 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 118
Chapter 4: Cloud Security 132 Why Cloud Computing?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 133 Cloud Computing Models..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 139 Cloud Governance.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 141 Multitenancy.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 150 Core Components of the Cloud Computing Reference Architecture..
.
.
.
.
. 151 Key Concepts and Functional Layers of Cloud Computing.
.
.
.
.
.
.
.
.
. 152 Understanding Top Cybersecurity Risks in Cloud Computing.
.
.
.
.
.
.
.
. 153 AI and the Cloud: Revolutionizing the Future of Computing..
.
.
.
.
.
.
.
.
. 166 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 168
Chapter 5: Governance and Risk Management 176 Understanding Cybersecurity Policies.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 177 Cybersecurity Risk.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 197 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 207
Chapter 6: Asset Management and Data Loss Prevention 220 Information Assets and Systems..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 221 Information Classification..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 224 Labeling and Handling Standards..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 233 Information Systems Inventory..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 236 Understanding Data Loss Prevention Technologies..
.
.
.
.
.
.
.
.
.
.
.
. 242 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 245
Chapter 7: Human Resources Security and Education 256 The Employee Life Cycle.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 257 The Importance of Employee Agreements..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 269 The Importance of Security Education and Training.
.
.
.
.
.
.
.
.
.
.
.
. 272 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 278
Chapter 8: Physical and Environmental Security 290 Understanding the Secure Facility Layered Defense Model..
.
.
.
.
.
.
.
.
. 292 Protecting Equipment..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 299 Environmental Sustainability.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 308 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 310
Chapter 9: Cybersecurity Operations (CyberOps), Incident Response, Digital Forensics, and Threat Hunting 320 Incident Response..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 321 What Happened? Investigation and Evidence Handling..
.
.
.
.
.
.
.
.
.
. 349 Understanding Threat Hunting..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 351 Understanding Digital Forensic Analysis..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 357 Data Breach Notification Requirements.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 360 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 368
Chapter 10: Access Control Management 384 Access Control Fundamentals..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 385 Infrastructure Access Controls..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 399 User Access Controls..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 416 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 422
Chapter 11: Supply Chain Security, Information Systems Acquisition, Development, and Maintenance 434 Strengthening the Links: A Deep Dive into Supply Chain Security..
.
.
.
.
.
. 435 System Security Requirements..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 441 Secure Code..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 448 Cryptography..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 453 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 462
Chapter 12: Business Continuity Management 474 Emergency Preparedness..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 475 Business Continuity Risk Management..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 479 The Business Continuity Plan..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 485 Business Continuity and Disaster Recovery in Cloud Services..
.
.
.
.
.
.
.
. 493 Plan Testing and Maintenance..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 500 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 504
Chapter 13: Regulatory Compliance for Financial Institutions 514 The Gramm-Leach-Bliley Act..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 515 New York''s Department of Financial Services Cybersecurity Regulation..
.
.
.
. 533 What Is a Regulatory Examination?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 535 Personal and Corporate Identity Theft.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 537 Regulation of Fintech, Digital Assets, and Cryptocurrencies.
.
.
.
.
.
.
.
.
. 540 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 542
Chapter 14: Regulatory Compliance for the Health-care Sector 556 The HIPAA Security Rule.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 558 The HITECH Act and the Omnibus Rule..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 581 Understanding the HIPAA Compliance Enforcement Process.
.
.
.
.
.
.
.
. 586 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 588
Chapter 15: PCI Compliance for Merchants 600 Protecting Cardholder Data..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 601 PCI Compliance..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 616 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 623
Chapter 16: Privacy in an AI-Driven Landscape 634 Defining Privacy in the Digital Context.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 635 The Interplay Between AI and Privacy..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 636 General Data Protection Regulation (GDPR)..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 637 California Consumer Privacy Act (CCPA).
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 640 Personal Information Protection and Electronic Documents Act (PIPEDA)..
.
.
. 641 Data Protection Act 2018 in the United Kingdom..
.
.
.
.
.
.
.
.
.
.
.
.
. 643 Leveraging AI to Enhance Privacy Protections..
.
.
.
.
.
.
.
.
.
.
.
.
.
. 645 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 647
Chapter 17: Artificial Intelligence Governance and Regulations 652 The AI Double-Edged Sword..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 653 Generative AI, LLMs, and Traditional Machine Learning Implementations.
.
.
. 653 Introduction to AI Governance..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 654 The U.S. Executive Order on the Safe, Secure, and Trustworthy Development and Use of
De oplyste priser er inkl. moms
Om Polyteknisk Boghandel
Vore forlag
Kontakt
Medarbejdere 
Om returret
Butikker og åbningstid
Handler du som firma
Forretningsbetingelser
Porto og forsendelse
Data & cookiepolitik 
Find pensumliste
FAQ for studerende
Pensumlistegaranti 
Sortiment og levering
Kompendier(for undervisere)
E-mærke certificeret
Trustpilot = Fremragende
Polyteknisk Boghandel og Forlag A/S - Anker Engelundsvej 1 - 2800 Lyngby
Tlf 77 42 43 44 - email poly@polyteknisk.dk - CVR 34072655 - Sydbank Reg: 6748 Konto 0001107927

Polyteknisk Boghandel

har gennem mere end 50 år været studieboghandlen på DTU og en af Danmarks førende specialister i faglitteratur.

 

Vi lagerfører et bredt udvalg af bøger, ikke bare inden for videnskab og teknik, men også f.eks. ledelse, IT og meget andet.

Læs mere her


Fysisk eller digital bog?

Ud over trykte bøger tilbyder vi tre forskellige typer af digitale bøger:

 

Vital Source Bookshelf: En velfungerende ebogsplatform, hvor bogen downloades til din computer og/eller mobile enhed.

 

Du skal bruge den gratis Bookshelf software til at læse læse bøgerne - der er indbygget gode værktøjer til f.eks. søgning, overstregning, notetagning mv. I langt de fleste tilfælde vil du samtidig have en sideløbende 1825 dages online adgang. Læs mere om Vital Source bøger

 

Levering: I forbindelse med købet opretter du et login. Når du har installeret Bookshelf softwaren, logger du blot ind og din bog downloades automatisk.

 

 

Adobe ebog: Dette er Adobe DRM ebøger som downloades til din lokale computer eller mobil enhed.

 

For at læse bøgerne kræves særlig software, som understøtter denne type. Softwaren er gratis, men du bør sikre at du har rettigheder til installere software på den maskine du påtænker at anvende den på. Læs mere om Adobe DRM bøger

 

Levering: Et download link sendes pr email umiddelbart efter købet.

 


Ibog: Dette er en online bog som kan læses på udgiverens website. 

Der kræves ikke særlig software, bogen læses i en almindelig browser.

 

Levering: Vores medarbejder sender dig en adgangsnøgle pr email.

 

Vi gør opmærksom på at der ikke er retur/fortrydelsesret på digitale varer.