Developing Cybersecurity Programs and Policies

This book is a complete guide to establishing a cybersecurity program and governance in your organisation. In this book you will learn how to create cybersecurity policies standards procedures guidelines and plans —and the differences among them. This book covers the Confidentiality Integrity & Availability (CIA) security model. You will also learn how threat actors are launching attacks against their victims compromising confidentiality integrity and availability of systems and networks. This book covers the NIST Cybersecurity Framework and ISO/IEC 27000-series standards. You will learn how to align security with business strategy as well as define inventory and classify your information and systems.This book teaches you how to systematically identify prioritise and manage cybersecurity risks and reduce social engineering (human) risks with role-based Security Education Awareness and Training (SETA). You will also learn how to implement effective physical environmental communications and operational security; and effectively manage access control. In this book you will learn how to respond to incidents and ensure continuity of operations and how to comply with laws and regulations including GLBA HIPAA/HITECH FISMA state data security and notification rules and PCI DSS.